Analysis Overview
Threat Level: Likely malicious
The file https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html was found to be: Likely malicious.
Malicious Activity Summary
Credentials from Password Stores: Credentials from Web Browsers
Possible privilege escalation attempt
Boot or Logon Autostart Execution: Active Setup
Executes dropped EXE
Credentials from Password Stores: Windows Credential Manager
Modifies file permissions
UPX packed file
Checks computer location settings
Loads dropped DLL
Enumerates connected drives
Checks for any installed AV software in registry
Checks installed software on the system
Drops file in System32 directory
Program crash
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Detects Pyinstaller
Browser Information Discovery
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Checks SCSI registry key(s)
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-11 20:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-11 20:26
Reported
2024-08-11 20:36
Platform
win10v2004-20240802-en
Max time kernel
296s
Max time network
555s
Command Line
Signatures
Credentials from Password Stores: Credentials from Web Browsers
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe | N/A |
Credentials from Password Stores: Windows Credential Manager
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "964836519" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30fad7392decda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{64C969BB-5820-11EF-8D5B-DEB7298358C0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31124525" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2097e1392decda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "964836519" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000262c84e5c2a8b24db398d3ff1cc73570000000000200000000001066000000010000200000000e05a80bab2ebcd5c770da324fd74887a3ff7f44ab25600612d990d9f5189975000000000e800000000200002000000054044e0c74fee021045fe56abb3652b94ecfed43495899e3df05ecef194c4c1b20000000a7eac3802eb773e5d1c7f6f71cd377fdeb6836e56d11589e53ca6e09e6a0b22540000000c46260a2b45cf9ee60bef75c1176f6a5da4ed1052d07bda0c09fe2868d353b8b9029804abe0f27bc6976a48d64c61c3b6d16d66f83b559db778c91b1a0046746 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000262c84e5c2a8b24db398d3ff1cc735700000000002000000000010660000000100002000000026c1193080ed7ab3799ea11a422ae87a0f308a7c009f325a172edb3977874f11000000000e800000000200002000000003cb0ea15a63daff9f150460c39508b940d8dcf945fccaf196166965c66e344420000000a49a24b01ef1a63caab7b7bcb3098a1791f022478a4abfe4a8983e81733f9f0740000000f825a515ea83bbb09ae2e6b63127b9126817871c05a7f19629587f6e2de78e1836357cfa80355f18aee0912aa42012f92e8b7fe2d1089c04ed20fd528f3663ac | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31124525" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.f4a\ = "FlashPlayer.AudioForFlashPlayer" | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.jpg | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings | C:\Windows\system32\mspaint.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\ = "Executable File" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.jpeg | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.mp4 | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.wmv | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{F8B941BC-CAFA-4D7F-918E-5D405C4CEA31} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI14642\\flashplayer.exe\" %1" | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.dll | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.f4a | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.bmp | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.ps1 | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000020000000300000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.png\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI14642\\flashplayer.exe,-608" | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.doc\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ps1\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.log\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xml\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.avi\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI14642\\flashplayer.exe,-204" | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell\open\command | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.log | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell\open | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xls\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.wav\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.csv\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.json\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.jpg\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.gif | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.gif\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xlsx\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.bat | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI14642\\flashplayer.exe,-202" | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.ppt | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.zip | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.mp3 | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\.wmv\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.f4p | C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.tar\ = "exe_override" | C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe5ba46f8,0x7ffbe5ba4708,0x7ffbe5ba4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x2c8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\InitializeEnter.jpeg" /ForceBootstrapPaint3D
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\InitializeEnter.jpeg" /ForceBootstrapPaint3D
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\InitializeEnter.jpeg" /ForceBootstrapPaint3D
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7788 /prefetch:2
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\InitializeEnter.jpeg" /ForceBootstrapPaint3D
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\StepBlock.js"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\EnableDisable.gif
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5924 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,12444583805511694879,12950882011783842380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:8
C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe
"C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe"
C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe
"C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-656926755-4116854191-210765258-1000"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0x11c,0x120,0xa0,0x124,0x7ffbd764cc40,0x7ffbd764cc4c,0x7ffbd764cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2260 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,9188738657302409422,18392925529311626643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4572 /prefetch:1
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\887a042d983e4cbfbd0b1f487bf0df58 /t 2480 /p 5524
C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe
"C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe"
C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe
"C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI31122\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-656926755-4116854191-210765258-1000"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI14642\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-656926755-4116854191-210765258-1000"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\f6f24dc33e1e4fb2b76cfcf23f8908cc /t 2980 /p 5292
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\667b46fbc60746bd84c168d0e7cd87a8 /t 5316 /p 5012
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\TTddyjYi.mp3"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.gamespot.com
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.gamespot.com
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.aljazeera.com
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.aljazeera.com
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\NLnOqOjG.docx"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\Desktop\NLnOqOjG.docx"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.businessinsider.com
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.businessinsider.com
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.ign.com
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.ign.com
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.independent.co.uk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.behance.net
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe
C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf""
C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe
C:\Users\Admin\Desktop\Tlauncher\Tlauncher.exe
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.theintercept.com
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI38082\tlauncher.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI38082\tlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI38082\tlauncher.exe"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.codecademy.com
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\f6ea47e8eaaf42dfb24c8def2dbf0504 /t 9172 /p 9168
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.futurelearn.com
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\225f2bebbcb14304b9f822f81171cd85 /t 1644 /p 5828
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf""
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\59ab9d6992c14a5db3ee398686c8e96b /t 7068 /p 7064
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\4bd474e4f6324e3a91ca3eaff4cd2203 /t 7164 /p 7160
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\desktopgoose\goose.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf""
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2492
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI14642\error.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\382bfd8470494cce9e2e14b9ad6d37ba /t 7584 /p 7628
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dosya.co | udp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.111.201.195.in-addr.arpa | udp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| IT | 157.240.203.2:443 | connect.facebook.net | tcp |
| NL | 142.251.36.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | qjmlmaffrqj.com | udp |
| US | 8.8.8.8:53 | qvjqbtbt.com | udp |
| US | 8.8.8.8:53 | youradexchange.com | udp |
| US | 104.21.9.135:443 | qjmlmaffrqj.com | tcp |
| US | 104.21.91.188:443 | youradexchange.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | pubtrky.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| US | 104.21.8.108:443 | pubtrky.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.203.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.9.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.91.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.8.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.pretrackings.com | udp |
| NL | 34.90.81.51:443 | tracking.pretrackings.com | tcp |
| NL | 34.90.81.51:443 | tracking.pretrackings.com | tcp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 8.8.8.8:53 | 51.81.90.34.in-addr.arpa | udp |
| US | 172.64.149.23:80 | crt.sectigo.com | tcp |
| US | 8.8.8.8:53 | ver.tubroaffs.net | udp |
| US | 104.21.62.26:443 | ver.tubroaffs.net | tcp |
| US | 8.8.8.8:53 | host-relendbrowseprelend.info | udp |
| US | 104.21.67.136:443 | host-relendbrowseprelend.info | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.62.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 136.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | server1.dosya.co | udp |
| DE | 195.201.85.233:443 | server1.dosya.co | tcp |
| US | 8.8.8.8:53 | 233.85.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| GB | 95.101.129.194:443 | www.bing.com | tcp |
| GB | 95.101.129.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yotube.com | udp |
| LT | 93.115.28.104:80 | yotube.com | tcp |
| LT | 93.115.28.104:80 | yotube.com | tcp |
| LT | 93.115.28.104:80 | yotube.com | tcp |
| US | 8.8.8.8:53 | ww1.yotube.com | udp |
| US | 208.91.196.145:80 | ww1.yotube.com | tcp |
| US | 208.91.196.145:80 | ww1.yotube.com | tcp |
| US | 8.8.8.8:53 | 104.28.115.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.196.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.129.194:443 | r.bing.com | tcp |
| GB | 95.101.129.194:443 | r.bing.com | tcp |
| GB | 95.101.129.194:443 | r.bing.com | tcp |
| GB | 95.101.129.194:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.136:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| NL | 142.250.179.206:443 | www.youtube.com | tcp |
| NL | 142.250.179.206:443 | www.youtube.com | tcp |
| NL | 142.250.179.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nzy.googlevideo.com | udp |
| NL | 142.250.179.150:443 | i.ytimg.com | tcp |
| NL | 172.217.132.168:443 | rr3---sn-5hne6nzy.googlevideo.com | tcp |
| NL | 172.217.132.168:443 | rr3---sn-5hne6nzy.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.150:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 150.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| NL | 172.217.23.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 172.217.23.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 142.250.179.142:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 142.250.179.142:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-5hnekn76.googlevideo.com | udp |
| NL | 209.85.226.6:443 | rr1---sn-5hnekn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | 6.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.250.179.134:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| NL | 142.251.36.46:443 | i9.ytimg.com | tcp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| NL | 142.250.179.142:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 104.20.37.13:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | 13.37.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 104.20.37.13:443 | dl2.tlauncher.org | tcp |
| US | 104.20.37.13:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 181.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.193.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.2.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 181.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 151.101.2.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 181.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.66.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 208.66.101.151.in-addr.arpa | udp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 151.101.66.208:443 | images.unsplash.com | tcp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 151.101.66.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 208.194.101.151.in-addr.arpa | udp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.66.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.193.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.2.208:443 | images.unsplash.com | tcp |
| US | 151.101.193.181:443 | api.unsplash.com | tcp |
| US | 151.101.2.208:443 | images.unsplash.com | tcp |
| US | 151.101.193.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.129.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | 181.129.101.151.in-addr.arpa | udp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.193.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.66.208:443 | images.unsplash.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9ebc024cdb324eb41f33c6ec63d1458d |
| SHA1 | f623e96981ee63c1b6879f682c4364fd5c2265e5 |
| SHA256 | 23b9bd7316816043f42a80784e7f247f3afebd3dbe370fbc702189a6a0dddb1f |
| SHA512 | 6971b6430bc01a36c48bc1e41cf8c4bed65a2890837f7778a896072159940ae739d11834176cc7be6cf6fa0f2ea9e6764c30cd23beadcc88c390e5573bbad097 |
\??\pipe\LOCAL\crashpad_2576_ELJMVERSHWELGEVK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 709c6f4a32b317f6487b598788b6353d |
| SHA1 | 50f44d43be9630018f0bd2acb1528df07cd05b7f |
| SHA256 | 353aff71e8cf078c88c836e66d86be266ddbe36496a597b9b5a5a87d21eae83b |
| SHA512 | 4f33792eb73a792c88e8e2dc8bef7b00a2af7b1b91f4bab0cd5076dd2cb9abbb752eb7e60a4c6204d15f9bca1562915f2468b94e5f01f79279e1e7469055f0a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4032de65-e9fc-4d8d-bd48-4c93a30ccc6b.tmp
| MD5 | d5564ceec38956ced47203d28ceba212 |
| SHA1 | 648cdabc5c88e97f2b3787893cfb6c130c19f667 |
| SHA256 | 063fb59a8e8b06a8f91935273996043125872629bde08a03df062c913523ed71 |
| SHA512 | a3c4d9c9d0c5e4d0cbfad7908e975711884e39b3ac9528a21cc6cfbceaaf38f965db09336068fe20937eaabd4eee2e2080907fe52b6aaa55e43235cdee6308dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6415e5e0bf1143688fec9a65e1e4cf34 |
| SHA1 | 6e7b84add42aec7158d2d275f8543dffdbed1621 |
| SHA256 | 77839b2167758e693339da6aec025f08e199353197c9df175a4e263eedec749a |
| SHA512 | 56ef94aebc766c2a0854acd9810df97a173416096ce15a0fbce4147ae5ca62fcac94046decdb34c82cc3a1d2ff55d49dbf4aa2ab056f9ab0baa657301439f681 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4cb8d1a0754463837c9385f79380b0b |
| SHA1 | 946cec4c9ea59e1c693ad6ebc1609c3744dd3638 |
| SHA256 | add8fad1943932673e53776fbe41816c5b6f5d5e37816a45d1c7dde29f7c7a47 |
| SHA512 | deb1d90f0ca23ad9c4096f9674af60c1a36d7cf34f78566524e8792ec03320e83d5fa3725c80dd7a8912f6f4a2ee07302290309b1082f7443aca361f2ee0d579 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 494a861dfe3fb61b7f6e9a8e1f92d179 |
| SHA1 | 903db9c91a888cdd2a359e921ea2c1a958228aa9 |
| SHA256 | 46ffd9cec0b1524402f64218ea9584cb751cd61e56eae54ac0ad61c55273c690 |
| SHA512 | f97bfb87546ee38f100ef52f6ee6d102d05feb378a940954a1953f5dc301e6ae7a91de2b2176dcac165a61abf867e06e3e31572a378b1abd9ea2768de76e7175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce1956851ac52eced699f366b7bfb7b1 |
| SHA1 | 790e2a3b77677547931ea2aa2c25ab8d907cbd61 |
| SHA256 | 591ba0b877b75eea0802944075f0ac7fb5015851f710eb104ed0e7a34034dd3c |
| SHA512 | 3326c87dd31a70c0f5f476545bc6f0ed845c3635a02a45fef67230015d69bab7690bf9429810d44a7c336c242a8727f835ce9999204c38b6e9593783121901a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cf330e0e6c393a122aa2f72090e4c049 |
| SHA1 | b04e86735085d770d803566e745126a49e21351d |
| SHA256 | 881dd2b53c333b7dbc36b1635b3208e49fb25773d35417231e95e5d30c26fd1f |
| SHA512 | 40186d83fd5084b744aab0530793caae4a57352a708070ef487c0acbb71e75592d025df73672071972be5a44762b28d2607dda2a984ee5805b9c35cb407fc2b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d51b0541e3467e854c1bf462262e0ff3 |
| SHA1 | e55f478d6f75147eadbba1bc82236ef6936f4ef5 |
| SHA256 | 8ea431d5bbbfff8e3f88c4d3394e70af5d7d9411d196a71532c7053f3437edbd |
| SHA512 | 8aaaf24ce3709ce5a444e0713bb32f4a7b1bd6d9234206317ed4f2b3053013a99d70b703927f22e0beeee0f0bc72dac052d07610531a61e8c7a16b6b9f88514e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c635dff2265628e70c8a74aca0e99bb |
| SHA1 | 1d4615becac11c60c9a11fb1dba77123f30811ca |
| SHA256 | 7bee34876931125bbe009a41b621b209672ffc86d189cbfa377f00aa4fd0a4c6 |
| SHA512 | cb66de8ec882cc421bddc1b9ddc9d2eb7ff977ca83caef85eb9c918e4d257e4b4d7d423a161011e70365be5b65cd93156daafa9214f90e63879dcbd7cb35c611 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b25d101b10f33584a467b0253c7cf6bb |
| SHA1 | 171bcc9b7f0c08a201afb56350beabdf2605d00e |
| SHA256 | 8156b66b38faad53e26e3165d0ec9aa5d197e782f6b5130d48dbaf8b5069f26e |
| SHA512 | 713b07918cb8bcd73a69d485840442ae9426217e9edd438f5e343b3124ded33b79239ce528ca10f74ae0f09d015e30eaaa7562f25a5bdefc07c76f8bc2ce7815 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5fb7c2e4249063467d7a37c6d504d4ff |
| SHA1 | 61643806b3275e95a5a06c5b319fd066c0bfb1ab |
| SHA256 | 6835240da5b5e66878ebcab1c1cc38106ad232746be0ca496b0376bde57df15d |
| SHA512 | 96263f8a4813749a0bbdd751a6500f356e9c24400834df09f2cd579e490301c55929f5cace2ba27e627838fbc52ffd6220ecb9115ac3895031f3d4412d0dea94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589f19.TMP
| MD5 | 56fd7d72af1e7b83ee8d6df88f69d66a |
| SHA1 | 37582ceefa2d6a4d3471e12d08a89311d5014ad7 |
| SHA256 | 9fb22ebf778fe2c02f2951248ada1376d08e8e7aeb875e760117bc6c5ee4ef56 |
| SHA512 | 25cbb3f741429b6b2b337a9cc821d80f05b9b4411bedd6c47ef7464bc6c86861679464b4b8838b9df4a1b71f163b92650d14d37e98bfd42eb2c9c5953dd48be4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a90899ddb207a523d15fea0f071732ed |
| SHA1 | e93a84fa9c655b2d71d92e69e91ad37466eecfa1 |
| SHA256 | 3a0444f75860bf91af073c3ceb922b18565ab4e4caa2ec7dc21f2a7098dd00af |
| SHA512 | 04fad6e61aed49fc0ab13f4599559bbe7c24a051e709ce93ff025b73acc8d7487b4886d7cef2b4960cc19be5d7488d0770d192b1e84a480444558ebc02c60406 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df7e9d83ad184c0569ff2e3287c833ac |
| SHA1 | 083b703c5ce264416b053491481c547fbf199fc5 |
| SHA256 | 0204a5a03c2d37c37efaa5cba54501c40796d22c0fabdb87792146bdd730b0a8 |
| SHA512 | ca953cb6ea6bb737c367d378ad55b57cd73da26ad4ca434f901b14ca14de9ed8c77673214c32107835f82270a63c3ce44a57703871999adebbb241d623706d82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b79b952f3b57788811b88435e82cebdb |
| SHA1 | fca4fe7951d8df770fb0d3bd4e5b65225131ad93 |
| SHA256 | e1d65f238f03de90d2b75a55c73351ce3cbeaf180cee39dddfa82b70ec006df4 |
| SHA512 | aa8da1227b9e7eec4c6fc3c7f927e3994dc3af468f50566ccbb04d7e82f81e999b1193cefd69132516c975ee98ca9f41602f0dc9f0945d9306fe204389a4bace |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | a7ee007fb008c17e73216d0d69e254e8 |
| SHA1 | 160d970e6a8271b0907c50268146a28b5918c05e |
| SHA256 | 414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346 |
| SHA512 | 669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | a074f116c725add93a8a828fbdbbd56c |
| SHA1 | 88ca00a085140baeae0fd3072635afe3f841d88f |
| SHA256 | 4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6 |
| SHA512 | 43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 9f8f80ca4d9435d66dd761fbb0753642 |
| SHA1 | 5f187d02303fd9044b9e7c74e0c02fe8e6a646b7 |
| SHA256 | ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359 |
| SHA512 | 9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0c63180143ffa24a4441ce079410f2de |
| SHA1 | 4bf80c4c6da84d6a130534d8eec3f5e5e7f25afa |
| SHA256 | 245cf62b02f5cdf96b4118d8616ecde703ebae437406b0c1e60313f0721c1c37 |
| SHA512 | dd3a64142971d20040033f681e7467a119c9cc6eff0650d48bf1a84d6bc322e7695d21349a99229ab1b0208a4b088ea49b965b009a92fc21ac48670f273634be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a2e94f91a8d01ec7efe1793e0f87e466 |
| SHA1 | 6065c1510c481d72bc145fc65cdcd666fd6876ed |
| SHA256 | 3e848ea1d1322051eee0a92e3cc600abba6c96d8655bace42387572b5e9ab7f3 |
| SHA512 | 5992f501e9f303ba33a27faa225fe337d17a760d290d4a491a9498347db8e57c76c93cc12b29883b8d2a3eed56aa0deab8d628d88881c43f7b0365a162ee32ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 3fe035baf562b09a29e4d29bbb22cacc |
| SHA1 | d36dee7734c76ad1b825fa1c140552fe770c362d |
| SHA256 | c5168f1762925b4b244cec98f2595e5a16b5be60b4b61d244f93187edc7e6678 |
| SHA512 | 44a5c4530f47bf3c60f2d5a4068c29780e2a94d768f1bbaba96b02d03f3daf92ccbe939652cfb187d34718bbc9d97a2ce5854b4d3448925c2b3413d856766b92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2f3cc48145e1c910267f0240f6fa0d6e |
| SHA1 | 03ca00436cd0a15590c3befec94d8355975ab9d9 |
| SHA256 | 62bef1ffc30f4cef46527d374a8bdbdbd41a73c2c2e620c884fc405c51004040 |
| SHA512 | 98a9e20a8f57c572aeb1baca8c64849907bdd7fe3aafa29db2f55d0ff7b19a2c82920a848677f21d4c5cda2accff3bc6a49f5d8241088b3a9204d27c90467e2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58ed97.TMP
| MD5 | 8667e8bb00a84aa4271d6ddcbdadc641 |
| SHA1 | d7e745af76152853c8809206da34d0012ff97254 |
| SHA256 | 32c7b42460b8203708ac24c8ab3eeb4058bb3eace748f94d46da8d3cdffc8799 |
| SHA512 | 5d5df171b2e281361bd7d558ed0d6a7695b93e624bfc9833a1b6c718056f6630b9a81299a6ce9524396713427a4f1bd5563bf7cb5b89aacbbbe772449e24c96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6b68692978c75dd8271cfb67ee6cd46b |
| SHA1 | 6b7690a03fc21c6c851c5a1efeb43615500cf5f5 |
| SHA256 | 7041298e37c13b98f1a08d404a34fa8c4d28480ea11c4de9e16ed8d44abe1e5f |
| SHA512 | 60e90ecb671ca6fc040d8f35822c65244813ec41919c85bbe6f846b0a2478a94e9c8cbb3541d04612484a824679436722eeeaa4b93304fa7f5d17e3e4263a26f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a931ed52-24ef-475c-baa0-9cf32d464d59\index-dir\the-real-index~RFe590296.TMP
| MD5 | 1a278eeaa99256c623cab4a33e6077f4 |
| SHA1 | fdab3ddf2eebe4007391306f734f48bdf6340c44 |
| SHA256 | 3fa6cf57ec72a209336edf93e1f33259817f8c25b055213f5a576ee492ac8b53 |
| SHA512 | 90850541d0f8bd534ed76658ab9fbc720ab0d98bd3978211eb89b6d0ca3c693f779d786b6701c7a05b2ec771342efbb2c4ad0f30c97b86c49a31876a52ae8db0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a931ed52-24ef-475c-baa0-9cf32d464d59\index-dir\the-real-index
| MD5 | 6b438e75b03bbd8110269e45111ce296 |
| SHA1 | 3f613d3e3a7a11053333df78933b62a55a950126 |
| SHA256 | b844ddc416d3c23ee8ce748433d922e6e795881f12f6d4bef08756a1e20855e5 |
| SHA512 | 55f2689e85d9c9266ba4d70806516e00ade829aad3528d8d9bc3779a9778e261bde1d2b0346d33a63325e6255d4273b9be90f7ea85233a3f47c0230b138b774a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 95ac0a6713fa7774f9c8af7dc4cc2ec3 |
| SHA1 | 161a2180f6a1d913fd854164b1ffd96dad980256 |
| SHA256 | b9215cc3a53142765e9cbc64a1dfe12d2e495405eb844768a3bdcb1f7b8213bf |
| SHA512 | e549df09ad417092acaf38a60263717a0491a4e2a9a66a58691cc721720542af9c4a1a52fc791528028fc2925df87656d7753f8a6f7e312be45c258ab0db6c22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\52ac101d-8d24-4c28-9649-41faaaff35ce\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 56a212e4c7404e533acfe51897bdeec3 |
| SHA1 | 0e52fe5c3f3aa53506d76f68277dafed530b213b |
| SHA256 | 9812a351f61013a9a190a6f6c069551927dad02eeeed6195e6d455b8df17a589 |
| SHA512 | f5a59ed3d33c1cc863fc12bed10489661202ba1ab21e71a971ab5b02b0b305640ced0266f29e0bbcb77fe35dff94b19dcaac7b56f242b126cc36bcddc50f6fd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 53cadff1dc952af05a13f01e037135a7 |
| SHA1 | 4a79afa097cdd2db6dcb99a4ebe482ceb1c1ff63 |
| SHA256 | 9158c7ece263ce1bc7b95548ec11e06521767e1b31950b894dc2f4fa9be70a11 |
| SHA512 | a90d6a739cb6a0773c338b40912cefc3ca3cc312c9980101137d23badde9fa70341f7f9be5157e7bad817be410c34fef76fc28858ba8b71f83c7f5ec595afc7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ecfc6141a4be589ca105217ec89d2df |
| SHA1 | d47246d768813e2ee0e52a06900dd10d8fb74452 |
| SHA256 | 7dc8c48d59f5d0a47937e6fd2afe900879eb6ec19ed65b382c3caa990a40671e |
| SHA512 | c72ab45159717d6b9afbec8f08ca87b3b6e4e53fd4be96faac1eecd2f8220147aa10388471001cfdae23da380c2c7eba35306f62c22df6f67b6e8c0e0d89b8c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 00be450e53be4c6908de198044d0d123 |
| SHA1 | 8791756b3cc3becb7a8daa77d0df718571256c14 |
| SHA256 | 95675e664f3a169ccdc99be73c4fe4a1217d8ff21373ba7d6839c3d72f8ad8dd |
| SHA512 | 8d758753acc6ed7d26c5d770d55c88aa6fbf4e84bc71ed56b64b0342c17bb02164e26cc7d91049061fbb02c5563fde21c8f0ad3312fc35454524abc980c5f8a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 26d51f80be8b4eba2f2bfd0bf12fd8e1 |
| SHA1 | 34b25b9da6aa0418b734dfc3ac5303d31bfbb37f |
| SHA256 | a962b42006d54887e66690312ab151780b57640a341e70e3374990d2e96e4a46 |
| SHA512 | 5b6e3f1a5336bdc3ba4c2793c046c2bcd3a3adddb30c3587dd2ab544ea5e5836df780c3c1ab2c9b2670f1eaba6bf7f619dd646f5b8d58551a48f7f79d2c22c34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | fd1f79856510e1cddd8141f1d82aff4f |
| SHA1 | 659aa5c13b63adfb1480856cf8da6acd4fa624f4 |
| SHA256 | d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4 |
| SHA512 | 7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | bdcf1dd416d169d87ad5f73b2fb38bb2 |
| SHA1 | f6f595a5d88f84b54533e34be969f3871ed9942f |
| SHA256 | ee2264f45d3d0fc70f89a61c215d0470df5a9c39e47828db7e48c59fca9a50dd |
| SHA512 | 335a8b789c5dd06285df135e9e33cbaae0b20b3cda378fd2e92b33a66d7726e4e079f7920055121d2495d102e993e18d9a4430a36860d8cef5cfa100452186fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 594730cc5a615279acc5cfb7c546dbe4 |
| SHA1 | 08a3e4c2d08cb62aca40a0d942551c912ba715ed |
| SHA256 | 59301e3b9937b7d60f1ae913fcb5284126c68294d3616ddfe73875e3f7d1ef60 |
| SHA512 | 226a7edb2b74169c08fcc9be51526a7e215e2f9fef3895ef683120fbf3e36417b24eb80910bd1fdaf7003e2ed5e3de837a869418fb8ceaad34eca8cbdc1ec27f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 180a346fbcbf2efb4a26869b3d22b17d |
| SHA1 | ce3ceb13dfad8eb22f0c361f29bc26aa325ae260 |
| SHA256 | 8520b3c5c04524086b89eb13422cff53204a34e32097027b61d59e118521fe62 |
| SHA512 | 6472b6741cd8dc1d84ba3c3ee25f10ddd485fc550d06bb0ce1fe7630c8f3f7c0fe50ef6a65ca93822ff9e8df0a40e93f1a467dda3e0841b7b72cc18911c4f22d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | dea06ce2044829a0b49ff2e41d67b644 |
| SHA1 | eb77cf348815408f1899ce58318447472d280699 |
| SHA256 | c1227f52ae87ce78cff4835e455918ac0f8ea7de8038589508957e905a7b2adf |
| SHA512 | 7b11c6eb841dba926d60aedd92558699e2d44a49dec5bd7aa5fe9dca68ea8553ba6bb528bd6c31c5fab8ce12e82564398be5a8ba44d12e605d538112b16dbea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ef5bf9652302ee4c6621c54fc62bbe93 |
| SHA1 | 4705ccad5bd556fd7d2d8ff0e63649fe641544fa |
| SHA256 | d2328b3ceddfb7519cd3d1293e91f4660d3c845b3f4cccbba64e27dd58360cc9 |
| SHA512 | ca81a74b7de5971e73701d291849917c6b4503418b558dafc50dc3768e88d6954e8be0a4cdba157b97c13d5d14240385fa3dbcbef39aee210a5521232366b388 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595700.TMP
| MD5 | 080263809935692f15fe8dce961cf80c |
| SHA1 | ca73a2bf58df707ef039309586726e94043410a7 |
| SHA256 | 5776708704d16963f28c6919131745efd7133d0909daeb93d8ba130853c68884 |
| SHA512 | 64c42ac3519162c7b022db99a3f2264e0dd5798ee3bd8cf668d93d527878c3088f4b232cb8441328d7b6288a7f5e35c097812335f5e2daa534a82d753e7b6ed1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 573e7ab2031c1547c3462032be8958d2 |
| SHA1 | c82734d992bfbd03eec32807b42f0272eec9a8af |
| SHA256 | 5d1bdd8c0561031e173ba3f1a5adea6911428827b6237ccec4d554411ee90779 |
| SHA512 | 9d2af0c53cf9a5b2936ffbd91dd93be46acb53db3517d3e899ca0e26ae789e99ebeaf2ab0414e412e05b666533a11db39974c4ce473d10b05c0551c0e15fb391 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8f3b1094-2e7c-4f47-b395-84aa28dcf3eb\index-dir\the-real-index~RFe596690.TMP
| MD5 | 984bd8e52658cf3bad07b2cc981fc369 |
| SHA1 | 30cff552d0b58beeb99aa013bafd809a54a4fd18 |
| SHA256 | 388aa00fada35df7ce5f7fbd6c63f0deaa471bddcb5a08fd3c7e9c17e21a5ee9 |
| SHA512 | 041d3932692bcde9d445ffb5a1147b5333c01c4ec0945513161648c90c8eeca40995592c6c3e7096d166eba750aaf3cc290efe9d89c4a77246efc53423b57c77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8f3b1094-2e7c-4f47-b395-84aa28dcf3eb\index-dir\the-real-index
| MD5 | c083818dd439e36911dc3fe9f608078e |
| SHA1 | 76e7432a079148e0a8033db8145b6883d6f2e929 |
| SHA256 | 48f41199467bcd575d360ab50b79a7627d98864c365f78a9244dd3dc7184642a |
| SHA512 | 74879b9b53c478b227413b75c41bfe56cfc62f038f6f7297e7f4c779d2bc0532cdff8a37e854cedb4bc7e1654db7398a527c62639d9a3acf09b6ab95772525ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c709d2b4dddafa2380dd73d82612462a |
| SHA1 | cf58cd042bed562e90635d64ae48998cbe03d1dd |
| SHA256 | 96227a426024aef4e2959a4a4bb3a4a162f43dc29d41a7a97dc6d1fe31c7d580 |
| SHA512 | 340f7183d0149adb7aedb9e6d6f7920c29ee6f28ae212ae360cf581cfb8586e6863e636d3b2a92bfa992bad2f641131056664ba0aced1e2226ea5b4666a1b61e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a931ed52-24ef-475c-baa0-9cf32d464d59\index-dir\temp-index
| MD5 | ebed29be0d6b5e20d5d70dd102b72ded |
| SHA1 | 9fa2508c6030063dcf4e8c9c6be7380a6693bff3 |
| SHA256 | 291e5774c5c3919c81ff953a03306406f80b54e13349b00dc82b262af2d0e602 |
| SHA512 | 8f72c4b1325be689d17a328930ef41937a49d93f0712d006efdd6307b7c8606f178be1efd8eb0bc9256162028b4a84db4905dd193b48b8da33ec39a9a1135c36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a108b9e92446957e6d0e6e06aa4c39cd |
| SHA1 | 587935b2922fdcc7b7dd0a21396a69b474295581 |
| SHA256 | dca2267b0a13086d867661261351d1b0dfa90d54c3f27d457b33d6d94ebc0142 |
| SHA512 | e26ca8fd4fe06b35fee51378d301354e1fe2b129992a1b2192661e6c29fffcab3e0c6ca06395bbc8fa928fae73fa832a6c4bbba4b0e13cbde0c325dfafee444b |
memory/4444-1253-0x000002C79D770000-0x000002C79D780000-memory.dmp
memory/4444-1256-0x000002C79D7A0000-0x000002C79D7B0000-memory.dmp
memory/4444-1263-0x000002C7A5A80000-0x000002C7A5A81000-memory.dmp
memory/4444-1265-0x000002C7A5B00000-0x000002C7A5B01000-memory.dmp
memory/4444-1267-0x000002C7A5B00000-0x000002C7A5B01000-memory.dmp
memory/4444-1268-0x000002C7A5B90000-0x000002C7A5B91000-memory.dmp
memory/4444-1269-0x000002C7A5B90000-0x000002C7A5B91000-memory.dmp
memory/4444-1270-0x000002C7A5BA0000-0x000002C7A5BA1000-memory.dmp
memory/4444-1271-0x000002C7A5BA0000-0x000002C7A5BA1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ad3630d4264add77717fb6adef3b4241 |
| SHA1 | 663d1eebdbc6115c9e792e77eba6201421834528 |
| SHA256 | 6ce3358591cb6399f7506406cd1bc13a0620ca0a0b910970bb1f25ade5aadaad |
| SHA512 | b6894ed54919369e7c0a74d10e626a32b91d9f110e164a54a193da7abfe2c5cac698e2a540ce037914319194751c6008d8c6a2ebdb6fe2606978313017ac5716 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd24e00891e90e9f510c391d8d87bd12 |
| SHA1 | 68b77e8fec66c0e705da7913a6fdd3bcc2287909 |
| SHA256 | a46057d373483360fbc399dae85c057c032559d3f2e199736c4d96ead04de3d8 |
| SHA512 | 029d95a48541e97594547f939da984d1b56a805c1761c40e61d988862e319eb285254d00f6802a966940d9519430c9f54697c88710bac4c1a34dc83012f006c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4c9d35dec14fc3eff96b5a060b66bd2 |
| SHA1 | 4d78e758fc4baa40997176189f16dc542b2c7cc9 |
| SHA256 | 9c60a3baf1199328e8d82b0b0f0b73504c899177070f7084475b460ce7f0cff5 |
| SHA512 | 80a1fbb23be5a9d589b60b7766d5f2c8686a43cae1a5eebb6578a63d1a978c8a9acec7355820f56d32fb361f45a597559226daafcb5d3a6bd44dfd8ae0144823 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 297b41b4dd339729f97c67d5b583b236 |
| SHA1 | bd05cce878c6b322b89f70c2e24154dab230203c |
| SHA256 | c93090a18d60339b081ebb3aff50258382dd46f8305a336143a3cfd0db78e1ee |
| SHA512 | eae26132e6f0ebb1ddbfb92bc9b3dacee7f1930373a65ecab6475059131a67830474ecbc3adb93779618c73aa073c4488e201f0cc0e67767135faa80db980970 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\BSOD\bsodgif\frame_39_delay-0.05s.png
| MD5 | a92ceeda62a4e0e47b8040939fc916d5 |
| SHA1 | 5b25096d67a8a9100e5f81e3554001cdc34102bd |
| SHA256 | 646ab22ba269e0ff5491f9b1482ea1aae961be00a18f7cf5337ea58b53572b50 |
| SHA512 | 7403833a3422f8e672086a9c877cac2827933e3524f1f906a10e3d59bb71b3773246008d3fa2af9ccaa71e30ee2997981197350deaf4a3bf5bad5b9c78978514 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\ucrtbase.dll
| MD5 | a9f5b06fae677c9eb5be8b37d5fb1cb9 |
| SHA1 | 5c37b880a1479445dd583f85c58a8790584f595d |
| SHA256 | 4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52 |
| SHA512 | 5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\python312.dll
| MD5 | d521654d889666a0bc753320f071ef60 |
| SHA1 | 5fd9b90c5d0527e53c199f94bad540c1e0985db6 |
| SHA256 | 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2 |
| SHA512 | 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\base_library.zip
| MD5 | 43935f81d0c08e8ab1dfe88d65af86d8 |
| SHA1 | abb6eae98264ee4209b81996c956a010ecf9159b |
| SHA256 | c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0 |
| SHA512 | 06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_ctypes.pyd
| MD5 | fb454c5e74582a805bc5e9f3da8edc7b |
| SHA1 | 782c3fa39393112275120eaf62fc6579c36b5cf8 |
| SHA256 | 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1 |
| SHA512 | 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\python3.DLL
| MD5 | a07661c5fad97379cf6d00332999d22c |
| SHA1 | dca65816a049b3cce5c4354c3819fef54c6299b0 |
| SHA256 | 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b |
| SHA512 | 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_bz2.pyd
| MD5 | 5bebc32957922fe20e927d5c4637f100 |
| SHA1 | a94ea93ee3c3d154f4f90b5c2fe072cc273376b3 |
| SHA256 | 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62 |
| SHA512 | afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\_lzma.pyd
| MD5 | 195defe58a7549117e06a57029079702 |
| SHA1 | 3795b02803ca37f399d8883d30c0aa38ad77b5f2 |
| SHA256 | 7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a |
| SHA512 | c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\1.swf
| MD5 | d3409f48d01162828f15230177332b37 |
| SHA1 | e951d22daf162a823bfc4e26f1498e7db6506e46 |
| SHA256 | b8cb552feedc7d71fd4d25341d09a6179d3e9a6920a200803d58369ac6a34b6a |
| SHA512 | b1bda52a74245c2877db410964ebcc83f06677ff6f175e82d9bf293a5c1e21c4153db1c12cdc1871a5cd410006337989290753e141f985016705171d3a220866 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\2.swf
| MD5 | 0b6586aa6a73a2358b769fb3233eb0df |
| SHA1 | ef2e934e9451068f4976acadaa343c11a9949da8 |
| SHA256 | 2e5415107cea1d2fb6974d41a504435a4273d049774dc88770a1be6b2f08d45f |
| SHA512 | 04629b7d044688e919d6d027d2fae164ed88899813ff5155b7588682d6b76bfd046ded32c433f4b7b47d27000e690ff0756544c16e89de003ff1f9e7633cf1ad |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\3.swf
| MD5 | 8b254d264309020f0a53bef13f3df546 |
| SHA1 | abd67d47ebef90b8a8d6bb6b17265dea3328302f |
| SHA256 | 201fa377ea302b93aa346585b9ed18c6bd3e7dcf56dcd43feef8fb0a25570a2b |
| SHA512 | fdd5edfaa435900729124879901e36182281e505973f93b4ab76b75eb0c22f4b6b644b624bad547f6a8c78052fe5c2ef1c6142ce22cab3d26383281fa9dbd1c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-fibers-l1-1-0.dll
| MD5 | 221f63ee94e3ffb567d2342df588bebc |
| SHA1 | 4831d769ebe1f44bf4c1245ee319f1452d45f3cd |
| SHA256 | fd7c5503aa81dea1de9baee318e6a53663f7a4634f42e116e83c6a0f36d11143 |
| SHA512 | 3d36175eaa6dc035f2b26b5638e332408579aa461d663f1cf5a3e9df20e11a7cca982b80c9dcf35ba9a8bc4203ac2f64f5dc043b60a6f16720f4d4ce052096c9 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 586d46d392348ad2ee25404b9d005a4e |
| SHA1 | 4bece51a5daacf3c7dcff0edf34bcb813512027f |
| SHA256 | 2859fe2fe069e5f4300dd0106733750b1c8c67ee5d8788c4556b7d21c6da651d |
| SHA512 | daad865dbb4ca7542d5bd50186ffa633a709bfe1cf79d0d98e738760634da49afef1c418357d9482dbe33fe995847e05f653b6e3bba00aa42badce47dd072115 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 28840d7d1ea0a873fb8f91c3e93d6108 |
| SHA1 | 0856b3ceb5e300510b9791b031fffceaa78ee929 |
| SHA256 | d3fad206a52d9b1dd954c37a45e63e691ebc7bfe8af27a87553203fb445224ce |
| SHA512 | 93596ec710bd738fcbddf4db0f102f537355bbbaea347d2314d62064d5110cf1deb3ecb6d1e0922f019351acfe2d1c694684d0e62e22c004d5a20a6cae5c7fe3 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | adf9263b966cea234762c0782aba6e78 |
| SHA1 | e97047edecf92a0b654f7a25efd5484f13ded88f |
| SHA256 | 10cd6bf518350f93ab4643f701efdac851cdd7a26a0d8bcabfbb2bd273e1f529 |
| SHA512 | 56c09d786f4ba401d4827da4148d96b140f28f647a03ac6ab94f64de9be4c75ecb8b583efad28aa0c51356978caa96f0cb9d56cc4883ff42c1ee7f736e481c52 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\api-ms-win-core-console-l1-1-0.dll
| MD5 | a58f3fbbbbb1ecb4260d626b07be2cda |
| SHA1 | aed4398a71905952064fc5da1191f57846bbd2d6 |
| SHA256 | 89dd6fbea61edb8f1c934b7e5e822b4ce9bea939ff585c83c197e06a1fd8311a |
| SHA512 | 7fd371818932384b014d219bb318fb86c1787f3a58a3f08e904b7bbe3486f7ad6bc3776b335c178658c87efd663b913a14fb16d1e52198801659e132fa830d07 |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\ahk.exe
| MD5 | ac51a71e06fb8b7e2a8be659387203e5 |
| SHA1 | 3cf8a1c2730b725f445010cae3d561704ff7f002 |
| SHA256 | 5ea670d23777834e3558c073f19e5abcb1d21f63b088af73216006accf7280a5 |
| SHA512 | 4954e8355680aea55275f3467f5ef433da7cbd1a100f493334e9c4891a054d3fc98182d177c1367408bb7cb6d31b62b0171f77464b62b92888c03dfddffe9f4a |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\5.swf
| MD5 | 11f7cd8ffb17b45fc349629ddc616c23 |
| SHA1 | e3c0f315d61d66c353267348391605caaeffd20b |
| SHA256 | dca877835bec9a8f28d805a57311866821aef2d7a872181ba23a822572e14fb8 |
| SHA512 | 8ce3ed80a2ad62c14eb8fa7760936a43eca73e30f3926edd42198f779b16fcd4c638e85f9dd8c83a83d6dd17fbbd078bf8cecd5c913b317d2bc83aceadf5b26f |
C:\Users\Admin\AppData\Local\Temp\_MEI14642\4.swf
| MD5 | 35b04774ee5a3267807228d3c5768eb0 |
| SHA1 | 20da3b9480602b5e75b0b4f946505059f28c16ea |
| SHA256 | 3d9ee2bd39d1826b0200d6e752363abe19344dc219ee41f5d9c1de29e80a2875 |
| SHA512 | bf0138af2b9a97ffffb60617de9051ac868edca7fbe79cd6c6581654e865e6f203c7d61fdb4778fb32a224d67f84cf01fdf6bb826388caf596cdf1ba4e28beea |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | f3b300079862aff353b412d490bf5abc |
| SHA1 | b61ad13daa7d39a02aa1329788ece0737390a45d |
| SHA256 | c052cb74d9b0ce37efba9c018b5bcf74c51cfbdcaf990ae53cb9772ea318945a |
| SHA512 | d6e02701ec0990fd9a4b0e82ce69048a35ac114e7515ed2ed6a445ec9f8ad9f98287491e087a269b3e973fb55da360e2df1a516a9fa850c68cfcfaadacb2fbb6 |
memory/5524-2667-0x0000000000D80000-0x0000000001169000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP
| MD5 | 5c9fb63e5ba2c15c3755ebbef52cabd2 |
| SHA1 | 79ce7b10a602140b89eafdec4f944accd92e3660 |
| SHA256 | 54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7 |
| SHA512 | 262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
memory/5524-3337-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | dabd469bae99f6f2ada08cd2dd3139c3 |
| SHA1 | 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b |
| SHA256 | 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606 |
| SHA512 | 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
| MD5 | 199e6e6533c509fb9c02a6971bd8abda |
| SHA1 | b95e5ef6c4c5a15781e1046c9a86d7035f1df26d |
| SHA256 | 4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8 |
| SHA512 | 34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579 |
memory/5012-3360-0x00007FFBE5470000-0x00007FFBE549A000-memory.dmp
memory/5524-3368-0x0000000010000000-0x0000000010051000-memory.dmp
memory/5524-3367-0x0000000000D80000-0x0000000001169000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1f4fa4b5a0d25058593c336f88940094 |
| SHA1 | c4d1efbc607e8ba49a3d35182f50ab178233ce15 |
| SHA256 | 0b6c736b1d730e6e7fb130ace350e071c1763db5ee1331a9ac810b9d520bb6ee |
| SHA512 | aa81d3df3c324b4ca47f1c2e73033a2f7c6665e7314e8ecb596dfdfeca55724caec8ceb0560606679c13e3c281f741b0cca0f99b32a93954400fb21cd4e4f583 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e7ff9ac335dc3322e8acb7dcfbb5138 |
| SHA1 | bc67546dbf6616f72536086599b39370ec40f4da |
| SHA256 | 2045b9a55c9a14bfb63cb58efe00780540ba8fd33855473d0d8c50154b2805c7 |
| SHA512 | 4578081937798e57ec9e3772e7259ca6eb34f9adb23529ea5a1674623383ed86743b06ee9cda404cd1c763c73750ab6feb3c870d8f84d4bfde5d6bd0b92a8415 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d03c2a1ab3ac044a55dd94fd7e86cf16 |
| SHA1 | 5b00cb5c33dc586d8426ad6347a4822405f66f55 |
| SHA256 | 5beb40ecd126b3bc7ebdcceb8d67a367e597902e52de841d03eef543f04ff6b7 |
| SHA512 | 483c0a372173210992f948e7cd4ebc42c14481e5aa2305d7f816556b2c1671f807ebc90e62a79ecf387f3bb47b716d976d2d6afea32ba823d3f5da663d56371b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6aa953a7d87d8f296a2f51e04ac9e2b7 |
| SHA1 | a0a6b47656136f34683a9a363e34e85c22fbf874 |
| SHA256 | 2c8cca1ac2eda860365e4f045b2f87c87c81ec50ffb7efec2d2756ed8b02b8d5 |
| SHA512 | 58ae26452c74710e88bf4b691ba6df1495a93f5cbcffc9d59676133f4e6282f89448b7e5ba70557aae654b67979f41745efb001765bf5a23ac940a03925e02d4 |
C:\Users\Admin\AppData\Local\Temp\_MEI31122\BSOD\bsod1.png
| MD5 | 91da2c53725c459519b05a3b7a199855 |
| SHA1 | 4123e3f1837bfab170ac6f52214973f9b99b13e5 |
| SHA256 | 77acae6db220f6386d66cb2e9027a6f1b762216933666fa42357637d05f94096 |
| SHA512 | 7545e5c3f578e7a02333966a75056cf3ed545a40a093961b9ea011c7d2c897414034968ab7c324c5a504429d0e33864f6950f2dfcf2b4fd8f522f722b3db62d5 |
C:\Users\Admin\AppData\Local\Temp\_MEI31122\cryptography-43.0.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI31122\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\GooseModdingAPI\bin\Release\GooseModdingAPI.dll
| MD5 | 6f6c8f80d6c36739147b38016bd4b469 |
| SHA1 | bf0f81a00ccc595242620b15ade2a0661424d9e3 |
| SHA256 | fba607ccfd47e2b6ba04d449f1de10e3b66ba35b7d0e96f71e7c61d0c10486f4 |
| SHA512 | 1b3d6da8eedc140f3836c60eadc5251870d01db99e72d33ec0b2a585e2e4b2f7e643e2a12ad42f8e6d8704e8af67ca1df728acdbe18c614a1b8f6746d0c3fbc6 |
C:\Users\Admin\AppData\Local\Temp\_MEI31122\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\GooseModdingAPI\bin\Release\GooseModdingAPI.pdb
| MD5 | 5e0ccb3bd78be9cd539fef6e4005e47a |
| SHA1 | 9a28756dffdef59d36bf42cb9cc8e02e454026d2 |
| SHA256 | 4e4eb668831c91756eb030045d118ebd069fda0b0e0065ee2467c4c1c382cdd8 |
| SHA512 | 4c58e1d9d77c42500c3d91314257f563a6b3af627ae0d5ec257b38a8b8008b47ad10b8b3a0661bc72a12bdaf549a33453a971802542f5c719fc979fa9f6c1372 |
memory/4596-4702-0x0000000000E10000-0x00000000011F9000-memory.dmp
memory/5292-4747-0x0000000000620000-0x0000000000A09000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG1.BMP
| MD5 | 3adf5e8387c828f62f12d2dd59349d63 |
| SHA1 | bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a |
| SHA256 | 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0 |
| SHA512 | e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG1.PNG
| MD5 | 66f6065f9f54487aa740e0dcaa2951b4 |
| SHA1 | 6ee958852ac17dd5e7ad2614f697e61dd72c2d80 |
| SHA256 | 2264bcdf6498620779f0c4b8fe23da78c7f7773d9649e0d8efd38e6df0cca232 |
| SHA512 | 4694bea262f6c516d51581a1c652163d9fdafbdfb7540b12b8a972cf2faa612dcf849c56b9b74d4247324e78f9ca5561205fc3ba1542c3104c1fa0986e3c5731 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG3.BMP
| MD5 | f5d6a81635291e408332cc01c565068f |
| SHA1 | 72fa5c8111e95cc7c5e97a09d1376f0619be111b |
| SHA256 | 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26 |
| SHA512 | 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRIMG2.BMP
| MD5 | f35117734829b05cfceaa7e39b2b61fb |
| SHA1 | 342ae5f530dce669fedaca053bd15b47e755adc2 |
| SHA256 | 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3 |
| SHA512 | 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.dat
| MD5 | 1ce84d00958cf602fe5212df2ee8f16b |
| SHA1 | d2eeb31ce966b6068f7f77dca886339577fd59fb |
| SHA256 | 1b753d82577e885c1ca5643b2947295fa67c18c6bf812b811f1a729bfcbb085f |
| SHA512 | 9a7d13b72788238b3c57ede48eb164a0e1210809a6d7b9c318cd13846a59a90566f4608f09241a494f8e4415916af02ecd6bfa3fc214b5b86613930585bcf7f9 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\MenuOperaText1DK.html
| MD5 | 560b9252575c317363bd4e95b297f7f8 |
| SHA1 | a6c7fb21b29395ab63c38ce0c7f7e0e92ad95ff4 |
| SHA256 | e2d05208ca70dc3339b25003f28aa72181de0ce59462bbf73875aedf21fda59a |
| SHA512 | 804fe0d8b6d308dae976f96d897358541047bc05f119d23fc8f9c8da76318b865c908a54f7daabf923b295023ad249eb19d7bc492c835324e0097a4c610a1ebf |
memory/4596-5930-0x0000000010000000-0x0000000010051000-memory.dmp
memory/5292-6050-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\check_latest_tl.txt
| MD5 | be27a7da181fe2e0f9daaae4c93dc291 |
| SHA1 | 79bbf661f01c7d11916343bd98f0ec594a4c2434 |
| SHA256 | ccdb663ffa26bada8c166707005ebe784ca0beb9297de2f183f662950ac8d31d |
| SHA512 | caced540aa47296317a88ac0c1a0932bfd3eced56ed653ba74e9c2b5bc0c02b20b3fb79f814a2ecfbc85f65c592ce1c0bec4495b2928b2ddbbd41300b083062e |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\Menu1Text1EN.html
| MD5 | ac4725ad14a44844c24f77b201c05077 |
| SHA1 | 26ac7d670b1cfb432bcd9337814a850b68c2509d |
| SHA256 | 93ec6593dc0e29027b5a7aaae44f469103d4809f2dd8c31bef9e4ecbbba4910a |
| SHA512 | cbda2778b058a0abdc67e306d50ac4ed5221e6292d9b1f0a7c18c8f056683572788e4fa02e1f43d5303df2294c654bbeab37a620ad7f2908d76de478caf1a35b |
memory/812-6092-0x00007FFBD58D0000-0x00007FFBD58FA000-memory.dmp
memory/4596-6094-0x0000000010000000-0x0000000010051000-memory.dmp
memory/4596-6093-0x0000000000E10000-0x00000000011F9000-memory.dmp
memory/5292-6095-0x0000000000620000-0x0000000000A09000-memory.dmp
memory/5292-6096-0x0000000010000000-0x0000000010051000-memory.dmp
memory/4052-6111-0x0000000000340000-0x000000000037E000-memory.dmp
memory/4052-6112-0x0000000004C20000-0x0000000004CB2000-memory.dmp
memory/4052-6157-0x0000000005270000-0x0000000005814000-memory.dmp
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
| MD5 | b3a2c15833ed3013c1c8f09a3090613b |
| SHA1 | 89ad338ef38db8fceda43ef113abfc7ee3e748c4 |
| SHA256 | 1e6364e1a33cce9395071c75f7d8df3759dc475baa6f677422f29c9bcf3e6869 |
| SHA512 | a14189f7236cda4574771269ab1e9da5c100eb5bc59c3dc77a77b5d85b97755f45bf9e28451183128f22aa01a70d63e2e1a54810b22dd57a5c639c9854de8342 |
memory/4052-6161-0x0000000004CD0000-0x0000000004CDA000-memory.dmp
memory/4052-6162-0x0000000005840000-0x000000000584A000-memory.dmp
memory/4052-6163-0x0000000006BE0000-0x0000000006BF0000-memory.dmp
memory/4052-6166-0x0000000006BE0000-0x0000000006BF0000-memory.dmp
memory/4052-6165-0x0000000006BE0000-0x0000000006BF0000-memory.dmp
memory/4052-6164-0x0000000006BE0000-0x0000000006BF0000-memory.dmp
memory/4052-6167-0x0000000006BE0000-0x0000000006BF0000-memory.dmp
memory/4052-6168-0x0000000006BE0000-0x0000000006BF0000-memory.dmp
memory/4052-6169-0x0000000006BE0000-0x0000000006BF0000-memory.dmp
C:\Users\Admin\AppData\Roaming\error.exe
| MD5 | 415c03867cad0b216f84de46ae0573b6 |
| SHA1 | a3d468bd535670f49e9f21111acd221dcc270b0a |
| SHA256 | e5677511a4cccf1d7bb03b6e1e86e7c7058604e2694979fe8a181597ceb747cd |
| SHA512 | 1cdb46e13cda2776144a3db764e7be116a27745baa927b22cb9d2bb5f63e39f28e18a64e8dfffaae7739a4a10de92404dbc7510097be07ea7f8742e215fd89e9 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1EALJNKU\microsoft.windows[1].xml
| MD5 | e9474f76e56e4f8298ed32d85776ddc0 |
| SHA1 | 85b5c1919bb4fe74dc30b4dd0911d1994dd0974f |
| SHA256 | b62242af1adf03ea40e4dff979f8b28430afebd75f7bf0e04a54745a47972c61 |
| SHA512 | 7b1b354c53b204e1ac9b9fba462dd2474cedf64607be42d5865ca2dca611b9b2224ed84ff696978d1ac35adccb2f2199111dffcf54cd4189dc5b989678b55ab6 |
memory/4876-6455-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
| MD5 | 55c38db4b199f52bd5fe466746852a6c |
| SHA1 | e683a9fffd0f16cd4d4e1f32089ec3ac5fce2e96 |
| SHA256 | d98ca9de107c1f0c55d62a48d2af195269d3bf2a164595e2e33d57b4ff975a2b |
| SHA512 | cf9b94213acfd49ce28973573717cc77d25b00eb22bba452d63466043776cab0e1b3ad4f6f851a0a5b53aadeb45c15a86decf90f6465c872e43440d8f79e03e7 |
memory/6132-6511-0x0000000000400000-0x000000000048D000-memory.dmp
memory/4876-6521-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133678819400008876.txt
| MD5 | 5d228ae0b35f5de0dcf5b303764cab64 |
| SHA1 | 9cab9a55bea2f371f87d25b11175668aba20022b |
| SHA256 | f473464a9f9527a3679ba28dfb5457d5fbb60a088b34a865cd2f975a27904402 |
| SHA512 | 8a46ee92cb503b72b2c6bcf1ebab78b72c4d2b8fd5e11d52e37c04d3b12c0b09a88d3b607aaf4b3f1bf1440a67df3d9aaf65ac3ea1fde4656603507b83db689b |
memory/6132-6576-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
| MD5 | f5522cc26bb08791f61d59be01a7f18e |
| SHA1 | e7969816336ca25a45175b420ec91e87688da079 |
| SHA256 | 6c9f6a11b583d2bd75da3aa5d9384291f7a480e25013da678b20d5502ab9753c |
| SHA512 | 472097c26e31e0a4b313c50c47c04bb77abe3ce80cfcd6b8dc43aae3a0bd61f17e2376d0c018411d71497c7fbea7ed2b333a9f6f2594b55e9a0c49f8efb74d43 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-string-l1-1-0.dll
| MD5 | f6afbc523b86f27b93074bc04668d3f2 |
| SHA1 | 6311708ab0f04cb82accc6c06ae6735a2c691c1d |
| SHA256 | 71c0c7c163d1a3d35e74f8d7299eb38ef7268af1fa276e9a3966761212c570f0 |
| SHA512 | 9ab0c2d025525fe047e27769c3b2be7526ad0d0cbe76eb1e3a84dc2cff60ab3c4a218388892f600f7b3b003909ae133b0e7da19c9ba96b624fa8f5123c3a97cf |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | e9d4a1374a200a6e195e3c5ab42e6bbd |
| SHA1 | c0c79309a6ab14592b91087bec0cc519979e5ebf |
| SHA256 | 612df2aaf3435c2be575581d1b2deddcef33f1b53179acff3e4ac24a0fcd3d50 |
| SHA512 | 1de9d70036eb5211184b3b40f671608cf75b539f6fd36b812facdd9722927eb8e5c4c579db6a360003d06cc139f2ddbda8d19de17cb3a36fcfb53e462a9d7b27 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\unicodedata.pyd
| MD5 | cc8142bedafdfaa50b26c6d07755c7a6 |
| SHA1 | 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe |
| SHA256 | bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268 |
| SHA512 | c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd |
memory/3592-6852-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI35802\select.pyd
| MD5 | d0cc9fc9a0650ba00bd206720223493b |
| SHA1 | 295bc204e489572b74cc11801ed8590f808e1618 |
| SHA256 | 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019 |
| SHA512 | d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b |
memory/6092-6859-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI35802\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 9f15a5d2f28cca5f4c2b51451fa2db7c |
| SHA1 | cef982e7cb6b31787c462d21578c3c750d1f3edb |
| SHA256 | 33af8b4a4f1f9a76d5d59fdf634bb469ca9a830133a293a5eef1236b27e37e63 |
| SHA512 | 7668d42fd8cce5daa7e0c8c276edd3bda0d4ee1c5450fa8d46cf7600f40b2f56e024f98157a86e9843d0b7d33cb281ebdca3a25275e08981f5d9cbaad1cfe371 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-time-l1-1-0.dll
| MD5 | a1002f4a501f4a8de33d63f561a9fbc6 |
| SHA1 | e1217b42c831ce595609cfde857cd1b6727c966d |
| SHA256 | fe94985959fe310cafa1eb3e32f28001ef03afefd32497d0c099eb9393bf6f4b |
| SHA512 | 123a5ebca5d8a1292f238bab3bd8cc12ab3157672a904361a72f5f7177f4ce0dd4708fdfda34f2ed0b4973ad7d92bc69b85651687a4604def4bf7bdca5d49b17 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 06f29e2e2ebc8e3d8d0110a48aa7b289 |
| SHA1 | b9047a9aa94d25f331e85aa343729a7f3ff23773 |
| SHA256 | 6c24d050afc07bc5d2ba5eb07840345569b52e97442bcc7c4413fccedc11e6c4 |
| SHA512 | 9de0b3f3ab2c0ed61920d99e3a931bbc08015d848907bf4cd5cb2c81017de4d23f2f8977a3a7895b92208ae7e5753ab8c4b00c00e375da005b432b5534ea7838 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 374349666a3b260411281ab95c5405a2 |
| SHA1 | 42a9a8f5d1933ec140bd89aa6c42c894285f14d1 |
| SHA256 | 2a6f53be6e8b8fabbf8fcc2ac1224f70628f4ab35e0b36612a6728df7685d56a |
| SHA512 | 5c4a79503f83eb8e12a38605c1ab2cf6332f7ef845dc7ac5c34dc71cb86e903dc002c91a7142a56433fff97ff21ec926c9cc0be92a31ecffe2a7c5e042d6fc4a |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 6edcd747d5beb5d5b0550b9e8c84e3a3 |
| SHA1 | 8b8baf8f112ac0a64ee79091b02a412d19497e69 |
| SHA256 | d5b5c4ee347678e60af236c5e6fd6b47ad5786e080d14fdb11af0aa5740e7760 |
| SHA512 | 1bc72f7b6b13374dab05f8914dc96f194bfa86cad4549a3fca1dd79485cfdbe1d45053f197e2bdd280b8787edcbd96c4c74dffdf044c99520148d153bb0a438e |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 98bf2202e52b98a742f24724bb534166 |
| SHA1 | 60a24df76b24aa6946bb16ead9575c7828d264b0 |
| SHA256 | fe005d1a7908e36d4fd6cb2711de251462c9bebf99e4060687df11bd0bbedc8a |
| SHA512 | d346eaf8a966720e47099293d91f2856c816acb7e5f952e6700e007ba176147218798648a4a3e1b928e7a46622ef3603aa4d909113fb02d5551c40ed0e243441 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-math-l1-1-0.dll
| MD5 | e07a207d5d3cc852aa6d60325b68ed03 |
| SHA1 | 64ba9a5c2ca4b6af03e369a7c2a2b3c79cac6c51 |
| SHA256 | b8fdf7893ff152a08fbc4d3f962905da3161b0b9fe71393ab68c56199277e322 |
| SHA512 | 0dbafab60618ec0c815ae91994490c55878c904af625ba6931fe0ea80eb229c98e367623e472e3b4c0e27e0af6feeb4d2cdacd4c426e1a99a1291b41cc52f666 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | c74e10b82c8e652efdec8e4d6ad6deaa |
| SHA1 | bad903bb9f9ecfda83f0db58d4b281ea458a06bd |
| SHA256 | d42b2d466a81e8e64d8132fad0f4df61d33875449ead8d4f76732b04f74bbce6 |
| SHA512 | 5cc4b0d7e862fd32e8374501d1b8798e369b19dc483cdb568915b48a956e4f0a79b1d2c59322394128a330fea7c939161a7af1787b4dc5f250e74f8df8805f6e |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 5d3da2f634470ab215345829c1518456 |
| SHA1 | fec712a88415e68925f63257d3a20ab496c2aac0 |
| SHA256 | d2ed53111a652fde26c08504803f76301fce2fba04f33a7f250b5b2569e4f240 |
| SHA512 | 16079ce0bcc9816297f23c95573bd52da08b29b90da4855b4315b3fa98947b1b35ffd30760064144f3f5647c27e0c1bd3aba623d17364fff45c9b2fa598a2ba8 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 10a42548fcf16732d354a6ed24f53ec5 |
| SHA1 | b6b28307c0cc79e0abef15ed25758947c1ccab85 |
| SHA256 | ca3e5b21f83d87a958ba7934c5e4d8e7939b2e9013fe2deaeba1f9088b4277bb |
| SHA512 | ecebb5973ecf8f34115985ae24061c29a9d943592389a4e8f215df7408c770a1f7c6c8927d30403d5c43814a4b64ac622ec018be02532f88dbbca6d6208266ab |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | eeafb70f56cc0052435c2268021588e9 |
| SHA1 | 89c89278c2ac4846ac7b8bd4177965e6f8f3a750 |
| SHA256 | b529fed3875c6f4eecf2d9c012bc0e27cb2d124c2dd1da155f8337b4cb002030 |
| SHA512 | ce211b79f4d0dc942dbe1544d7e26e8e6f2c116dce6bc678aede9cb2104771758c0bd670e1eca2d5a9a6728346d093f44459e9791317b215c6ff73e47d1203f8 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 17680cd553168e9126ca9d7437caecc7 |
| SHA1 | 8acafcb5f01d3b01a7c48a3b91bdeeb8bf1cf841 |
| SHA256 | 6438c683e376583f6368c582ce3caab274cf3f7d7320e7f6cda427ba338847ca |
| SHA512 | 146ae3230c213ffab4b2c7805374ccb5f53155266ba9213d8f22e073deef0bd733b9488c2091c3db037c1d1dfaa4bbfb90e2afd041a447603c25690681239ae3 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-util-l1-1-0.dll
| MD5 | 0793ca01735f1d6a40dd6767e06dbb67 |
| SHA1 | 6abea799a4a6e94d5a68fab51e79734751e940c5 |
| SHA256 | cdf7915f619a728fb64c257bfaa8257ee2353bf3c0b88214d5624931a1ac247b |
| SHA512 | 33f703cea3b6cef3fcbd973812635129ef204c2b1590ffe027dbd55ba35cbd481cf769de16634bd02acbdbd59e6af52cad0964d4d36327606c1948f38048703f |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 566232dabd645dcd37961d7ec8fde687 |
| SHA1 | 88a7a8c777709ae4b6d47bed6678d0192eb3bc3f |
| SHA256 | 1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96 |
| SHA512 | e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | c1919eacf044d5c47cc2c83d3d9c9cd9 |
| SHA1 | 0a80158c5999ea9f1c4ca11988456634d7491fcc |
| SHA256 | 9b82643497092524e0aed6cfbaf7467849cde82292313bbd745c61ed2fd32ea8 |
| SHA512 | ad2ccabbdc769cbeb3c0b4d8d647647c8f43d3c3f3c85ab638ce00665379f9a0f5bfc24fe25184003d180143c29da0c36c6d2c7ffeae68a81c27b90f69336cbe |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 5da5938e0d3a9024f42d55e1fd4c0cd7 |
| SHA1 | 7e83fec64b4c4a96cfcae26ced9a48d4447f12b7 |
| SHA256 | 0ea1cf78c0be94554ff7cd17a9c863c951c1e1eaa54191d7f2b0e043697c8d00 |
| SHA512 | 9a302c664bfddf509c0489af24a238b15612802c7d6dccbbfb57b39691b80af79ed35cab31e84424a34e0de32179054277ca09a0457b90c72af195f8328c82dd |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 445571331c2fc8a153952a6980c1950a |
| SHA1 | bea310d6243f2b25f2de8d8d69abaeb117cf2b82 |
| SHA256 | 1dda55027f7d215442e11c88a82c95f312673b7e7454569e5c969c1c24047915 |
| SHA512 | 853797dd50d0ad6018e7e7d11aefbca61653baa8c60b22fdd34133fce6bf6f02ed0c747457c2783e699e8e7097f14429286904267c13521ee9cb255d3ea79806 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 650c005113599fb8b0b2e0d357756ac7 |
| SHA1 | 56791db00766dc400df477dcb4bd59c6fa509de6 |
| SHA256 | 5f16a1131c8f00ebbe3c4b108bd772071a2d9b4ca01b669b8aeb3ffb43dabcda |
| SHA512 | 4bc54ad70b75f550e623311dc48ea0fd8ff71207f64127379fcd48027ee2458d27a2aaa454637b4f09d713cc9e1f2cc09bb6cd55b0c6b7ed25e52cb46827fff2 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 82e58246846b6daf6ad4e4b208d322d4 |
| SHA1 | 80f3b8460ab80d9abe54886417a6bc53fd9289fa |
| SHA256 | f6eb755c146d0a0ebf59d24fb9e1e87dc0220b31b33c6acbc8bebaf31493c785 |
| SHA512 | e1a032846c6110758fbc8eb84dbd3d228e83b3200bf5820c67d9740f6f8c7e926e4c89b92e8d34721d84fd597ab64455fd3029138e35f22329af23f599afdadf |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | e26a5e364a76bf00feaab920c535adbb |
| SHA1 | 411eaf1ca1d8f1aebcd816d93933561c927f2754 |
| SHA256 | b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15 |
| SHA512 | 333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | eaa2228507c1fbde1698256c01cd97b7 |
| SHA1 | c98936c79b769cf03e2163624b195c152324c88a |
| SHA256 | 4297033ef8061c797127f0382df24f69264dca5c14d4f5b6cd2bcca33e26c1f5 |
| SHA512 | 8319949a1e1acca312dbe99dfd9eedd1b5e4a13946a6ff829d6792d72f0a3a618ce10140954c035a5390a5a6e3b8ae2f23513629007cd3b7a88d5fb6fd81d763 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 8b0fe1a0ea86820020d2662873425bc4 |
| SHA1 | 3c2292c34a2b53b29f62cc57838e087e98498012 |
| SHA256 | 070d8827798ee2aa4c2dc70d7faef8ef680eca4c46ecc2dad3ce16380cab1f82 |
| SHA512 | 0c29c8fae6c5a8de2f0047cbe66e0b2ae7c30cbeced6df1ea2e472ba123bf9e542d9e6cd8eb06b4f0cbe2e343b7929cf25bce1e79937076bf1d0480d91d2c9b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 3abf2eb0c597131b05ee5b8550a13079 |
| SHA1 | 5197da49b5e975675d1b954febb3738d6141f0c8 |
| SHA256 | ff611cc2cb492c84748fa148eda80dec0cb23fc3b71828475ecea29597c26cd8 |
| SHA512 | 656213a8785fe937c38c58f0f01f693dc10dff1192b232f00fb18aa32c05c76a95566a9148462ea39b39f1740a7fee1c9ac9a90c6810f38512b3103d18c89b72 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 83a0b483d37ed23c6e67896d91cea3f0 |
| SHA1 | 6b5045ed8717c5b9f50e6a23643357c8c024abdb |
| SHA256 | d7511eb9191a63eb293af941667aa2318fa6da79f06119b280e0b11e6b6b1d25 |
| SHA512 | dab0203fc26c0249b7a8882d41365d82690d908db359c3a6880f41a1c4eebde51ae084bd123864c32d8574cb0a22cfbc94bcd8e33b51f37f49575e2b9de93807 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-localization-l1-2-0.dll
| MD5 | f1d0595773886d101e684e772118d1ef |
| SHA1 | 290276053a75cbeb794441965284b18311ab355d |
| SHA256 | 040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a |
| SHA512 | db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | 0ccdef1404dbe551cd48604ff4252055 |
| SHA1 | 38a8d492356dc2b1f1376bdeacab82d266a9d658 |
| SHA256 | 4863006b0c2aa2a39dff2050b64fbbe448b3e28a239e9e58a9a6d32f5f5a3549 |
| SHA512 | 0846489a418d2480e65f7bef4a564fe68fe554f4a603a6f372ddd03eed7ee6299649b61172a7a9ca9a9500a924c2642493cce1040fcd6601d5862c248c902e9e |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | f8203547595aa86bfe2cf85e579de087 |
| SHA1 | ca31fc30201196931595ac90f87c53e736f64acf |
| SHA256 | e2d698823ba78b85d221744f38d3f9e8acccd0eedbb62c13e7d0dff4a04bd2b1 |
| SHA512 | d0818ee6b1a775793305828ba59c6c0f721d3fe2fcaca5bbfe047f25a500243ab4486c368302636e1c3934becc88c8178606a29871fe019d68b932ad1be3ee1b |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-heap-l1-1-0.dll
| MD5 | aa20afdb5cbf1041d355a4234c2c1d45 |
| SHA1 | 811f508bd33e89bbd13e37623b6e2e9e88fdcd7c |
| SHA256 | ef6657aac4aa97a57e034fd5baf4490706128ffafce7c285dc8736b1f7ee4d09 |
| SHA512 | 06740552875ff2df234ec76f45cce3c66b7d5280a3d1b90874799780ff534437e5dffacf9e40bfddc301507d833235e25eab8119ac80d2587a43a80d4f0068b8 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-handle-l1-1-0.dll
| MD5 | c79ccd7c5b752b1289980b0be29804c4 |
| SHA1 | 2054a8f9ebf739adfcfc23534759ae52901c189f |
| SHA256 | 8e910589f3f9a27ed6ce1d4f2d579b4ef99cfa80c0bf6f59b48ba6556e1578a0 |
| SHA512 | 92de7aec7f91f6f4f7cc3dd575b11ea0f4fe516682ba2d05d605380a785597bc953b575cf0ff722980f0849a65d8c4a14c7717eeed8631a7aac0cb626d050e75 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-file-l2-1-0.dll
| MD5 | cdfc83e189bda0ac9eab447671754e87 |
| SHA1 | cf597ee626366738d0ea1a1d8be245f26abbea72 |
| SHA256 | f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007 |
| SHA512 | 659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-file-l1-2-0.dll
| MD5 | 852904535068e569e2b157f3bca0c08f |
| SHA1 | c79b4d109178f4ab8c19ab549286eee4edf6eddb |
| SHA256 | 202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225 |
| SHA512 | 3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\api-ms-win-core-file-l1-1-0.dll
| MD5 | 6ee268f365dc48d407c337d1c7924b0c |
| SHA1 | 3eb808e972ae127c5cfcd787c473526a0caee699 |
| SHA256 | eb50cc53863c5a1c0b2fe805d9ecefef3f2dbd0e749a6cc142f89406f4ffdb10 |
| SHA512 | 914da19994d7c9b1b02adb118d0b9cb2fdd5433ee448b15e21445ecfc30941045246b7c389a2d9c59fb6487bb00426579b054c946e52982516d09b095279c4d9 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\_socket.pyd
| MD5 | dd8ff2a3946b8e77264e3f0011d27704 |
| SHA1 | a2d84cfc4d6410b80eea4b25e8efc08498f78990 |
| SHA256 | b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085 |
| SHA512 | 958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\_hashlib.pyd
| MD5 | da02cefd8151ecb83f697e3bd5280775 |
| SHA1 | 1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7 |
| SHA256 | fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354 |
| SHA512 | a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283 |
C:\Users\Admin\AppData\Local\Temp\_MEI35802\_decimal.pyd
| MD5 | 492c0c36d8ed1b6ca2117869a09214da |
| SHA1 | b741cae3e2c9954e726890292fa35034509ef0f6 |
| SHA256 | b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1 |
| SHA512 | b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\c9209e64523c892.automaticDestinations-ms
| MD5 | e5fdb5b987fa17defaa971bcc74a936c |
| SHA1 | f9a9ea5148436ab31cb60179c7adaa43dfe56bd5 |
| SHA256 | ef42ae72e3c9435f3d1b16c5e7c56f26f79935da18b2d079992543b8e13346c3 |
| SHA512 | 34979d6984d3d12477c80bc66dbf1fab4fa67d6e0ab58caf314362eb5eb7dfb386e15fe6f97d1b40162047411776ee23ad0b6ad8992c7479b1dca01f465c8155 |
memory/6092-7188-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | c94345b532c6d728b80ddaff1721ec41 |
| SHA1 | 13aedfadd50966921453588ef2ae994c9ae8986a |
| SHA256 | 2d0b14d111f4fe24c66b283b768d86e63367fefd4d4b36966d9cf63424a608ad |
| SHA512 | 294d48b99778cbe58b8778efa51c60efddfbf9e6e932ff183a0c4c258f909c444da5eca9e4556e01bac92503c36a40c767675cd4abd156154a85a75651e16d2f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | 51bf327da106a884ecd29d76410db7e4 |
| SHA1 | 3f0acefccb06752de12e0177990da6721a1cdee0 |
| SHA256 | 7e3411b432d884eaf8539d8b0edcbfc530dd28a5640745da80aaf5db49eae5fb |
| SHA512 | a60f0360dd8c0d05c2cee40bef463269587636441c53abda62de81eae3a2ad7d2831f7ef8408c4b659d5b88640107c4a49ce6d4529a52011c008ad9316c4ba51 |
memory/900-7381-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Windows\System32\drivers\etc\hosts
| MD5 | d62dbea82a3b61b280e9af18ff7a3e2b |
| SHA1 | fabea61665d61e9d099e463e5a5f9fcb069af2bf |
| SHA256 | dbaf01f64a24a2080a7ed8c37a50eb9b312c0c6410cfa636862da5d9c682c468 |
| SHA512 | fc162182e1e560906e011385a2dede3a043a4d80b3cc50bc149dd7dedbdfe08bf83e2c178e1a73dbc9263bcc76f6887716a27a4598d5577dfa24554b3a25f363 |
memory/2176-7386-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
| MD5 | 855b63ba0e250be935f2341a3d63f12e |
| SHA1 | 712fc7799ea32baab02a54e30576b2a6c1d0995f |
| SHA256 | c46737af12e2efbb38c123045d539e3eee9263b9187324ea6038a53bf5d3ecef |
| SHA512 | 8816429935f1284924cfd7c56626a410ba640ec9061d5fe21930ab6cb10027187fe8a2b4bf1f15068f331ec2b575b7a7973dbe5a9d345a67d7cc5e7e3eae29a2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | bb0bb9b3ebbbc4d63a5ffd9d8a245661 |
| SHA1 | 457c3c7bde241d76f7f94a652cb1a40a830fff2e |
| SHA256 | 5818075560e63cdc584654e0fa7ecaeceb297365b030405f76bc49496962e0e1 |
| SHA512 | 93c4a28964758d06cd200c1cdf4c1b3c0e8a2d206488328d9b12091c90bf15c629a1f15158e0e5efdc79772745ce6f18c878283f454efaf8c73a3c46089d82d4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | c2f55794ff90794fa9eb20779a53dd17 |
| SHA1 | 978a52b6519560693fa011dad3a6a8f5ce41eec9 |
| SHA256 | 8af0ad7996e8ba96c929cd8a931269a750cd011e76c53afad980ee7a54c696d6 |
| SHA512 | 2691a869985e125fb5896978b99480c56128107834403ff917758bb50ae8f089933123aa5a417b1bb880532f74ae91bad5e4f015cc1d65bfb14f818febfde88a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\0.0.filtertrie.intermediate.txt
| MD5 | 50e7d02833284f297d811b7ac67321a4 |
| SHA1 | 736b3499c0b741b5ddba704a7585c1ceb88c3ad6 |
| SHA256 | e08aea69c30f4229a267be8cce98fd90d9df4641a2a5d87863a16f380894004d |
| SHA512 | c2d8cad60fe740e092b4177b1a35e0b27f69f13419c770d100d6dae5d626ea02697e3eec1bc109216075dd9d52c8e32e056ce0ff3cb2b51720c14c7986caee40 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\Apps.index
| MD5 | e9fd45a7fb0c9ad90b90893f016e2513 |
| SHA1 | b6c99706552bcc0d3186d6cf1d36c48a0784cb29 |
| SHA256 | 17131cd04f3cafdbeab1a6a6f5c99e3678e6e1ad8677dedf686d818ccfe8b1a1 |
| SHA512 | b11d4bb69920a14484d5dd10827a085fe9860853a4e786a4c5f76239a9b9771288f40f12d652c4c1fa2122fe5e6bddf81ca8658eba0d47e6a1d0aee0f034f13c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\Apps.ft
| MD5 | e495e5db8b4f4a0429ff300cb8cce356 |
| SHA1 | ebc725500af9f17d6a8f9775ee2dcd5e200fe88b |
| SHA256 | d67f709639950c7a5b4aa0d2155b1d90799117740dc0f93f3df0ab00a4185243 |
| SHA512 | 9a983b7ee5d82ea4de28b8691d2ad6bf658b639e13d67d3014eac36e0287ad8f9f23f648ef938e1f60fad6e8eb3101d1fc924b449ca15dde9de5bb0a7ec51dc8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\0.2.filtertrie.intermediate.txt
| MD5 | c204e9faaf8565ad333828beff2d786e |
| SHA1 | 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1 |
| SHA256 | d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f |
| SHA512 | e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{9f9429ee-76cb-4e00-b177-89346f6fe98a}\0.1.filtertrie.intermediate.txt
| MD5 | 34bd1dfb9f72cf4f86e6df6da0a9e49a |
| SHA1 | 5f96d66f33c81c0b10df2128d3860e3cb7e89563 |
| SHA256 | 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c |
| SHA512 | e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96 |
memory/2988-7733-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5220-7735-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 7f1f766029bd5dc1e89cb281e210fd14 |
| SHA1 | f5c01c369b9e7d44aa5ed586458040414fcfe173 |
| SHA256 | c0459103a18d20386f0cb764da7e2e42c3284871672cbbdbf22300ed3d38f5a2 |
| SHA512 | d5594da776470f6eadd9a54de03d668b37b3ddc110b08a22735b86326596d44f44d4781740c3b95b3a0c7e466e4ec90823ca165b3c16fd909687349ede07901c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
| MD5 | d6cdc83f8864f7006398900cdfef57dd |
| SHA1 | 036b7b2029fef57e1f0c5bcb3b5527bf51754d34 |
| SHA256 | f0d228d0e385f8eb63dc881b3033e8030d4d151ad046ad45be86cd1785dfa3d2 |
| SHA512 | 668fdcfc132866f9d759bdc8fb8ea603f050406c221171f2988123a2badce58f0085474ba8cf2f6efdbb055800726a9948a41fde67cde3d98128a64088c686af |
memory/3136-7869-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5348-7871-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | a83f5277633f5f4edca9ca364f0255ec |
| SHA1 | 2fbdbb74d2ef2b51f754c224666bf3cfea1dee4a |
| SHA256 | 37eca59abedb8bd69fa84fd7ddc133b751b8dcbddab00f6586f6b0db665d81d2 |
| SHA512 | bc0694b6554451f0934cd159af141787bc0e29ef6a38610195c29f6d8b10bcba19213e03666e399a9855477fd645e070fba379240ae2a352e6370768e2856320 |
memory/1364-7971-0x0000000000400000-0x000000000048D000-memory.dmp
memory/2244-7973-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6796-8127-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5200-8125-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5092-8232-0x0000000000400000-0x000000000048D000-memory.dmp
memory/4812-8231-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
| MD5 | 9303990119f60a5e257033595419b8bc |
| SHA1 | aaaece21c669caf07ca2e82cc1af548f410175e8 |
| SHA256 | 45e94c4e529acdf390469dd35fbbf52d750c70e6d57b4176c0168a73929ba089 |
| SHA512 | 788f0ec1f8b5e850b6ba7355e1e63ade38784da01dfd1f394d1a32aaf17a3038bd95fffb8fc57d8115fe42c4b028931fc0942bd7f3c330d23cc9a05a65fa4ed9 |
memory/6380-8339-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6224-8341-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI38082\BSOD\bsodgif\frame_05_delay-0.05s.png
| MD5 | 599ea2cf88c9bdc512bf69b16442f883 |
| SHA1 | 9f5f5060275653b3e037f9960ecaaecaf37fde88 |
| SHA256 | 3253bfefda6605db8f7fdb1cdf1044eac1202c92c33bba983160d0be498db049 |
| SHA512 | 9f9fe7522489ab9961ffd2600646dbcf99b844053656e453d5af8ea30d77a7edd40d8e2e3049fa319c818d8de78cf820464df5f65dc942c91b98cff0e5e630b7 |
C:\Users\Admin\AppData\Local\Temp\_MEI38082\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\DefaultMod\bin\Release\DefaultMod.pdb
| MD5 | ea84a9650bc71ee622841e827e4b39e2 |
| SHA1 | 7298af7d1a0742349b68f78d7a5b4dcd41d1b647 |
| SHA256 | 4c97839956c209c0f2a734e26a7a2d23235befeb938384545fd85f691084de7f |
| SHA512 | 532ed6194c95fb36de8e385289464e11c034d0c41e0354629563ad69a41ee034c27e54f4de96985189e8e65b0dda6cd6f8a8cbc8374bc55f895cd7693207491b |
C:\Users\Admin\AppData\Local\Temp\_MEI38082\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\DefaultMod\bin\Release\DefaultMod.dll
| MD5 | d9d3634150a96a3d15961599979db1a8 |
| SHA1 | ba4773062cac856ab60e35c29fb655dc82af9144 |
| SHA256 | feb32e09081e223ddaf453321abaebc12c3f18d533a393326142deec7c31394e |
| SHA512 | a086f46c1c2743cd13b59c492c23b8b15972070c3555f50fbbfbf5eb40d187cbc179f473939b615cd32672fb6c6d952d5b11400e7172770f2d968347df39b29a |
C:\Users\Admin\AppData\Local\Temp\_MEI38082\tcl\encoding\euc-cn.enc
| MD5 | c5aa0d11439e0f7682dae39445f5dab4 |
| SHA1 | 73a6d55b894e89a7d4cb1cd3ccff82665c303d5c |
| SHA256 | 1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00 |
| SHA512 | eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5 |
memory/9044-9622-0x0000000000400000-0x000000000048D000-memory.dmp
memory/8180-9621-0x0000000000400000-0x000000000048D000-memory.dmp
memory/2176-9623-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5216-9820-0x0000000000400000-0x000000000048D000-memory.dmp
memory/8440-9880-0x0000000000400000-0x000000000048D000-memory.dmp
memory/7388-10062-0x0000000000400000-0x000000000048D000-memory.dmp
memory/4000-10061-0x0000000000400000-0x000000000048D000-memory.dmp
memory/7148-10142-0x0000000000400000-0x000000000048D000-memory.dmp
memory/8396-10140-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\Desktop\workfolderssvc.dll
| MD5 | 0c47396732a10a530f63d159c4f1e5cb |
| SHA1 | 2e9f38676ac29b7268a4b0278a6a411b4d9c27ff |
| SHA256 | 23614dbdc243375115880cf26b2a018e2dd006fb4f31b6ba65fb192aef0076c5 |
| SHA512 | d4f11f35a7c2408f91b9d8ee3d6dc64842bee324e32982cc88690894a04178577e4baa41b58e73437af26e900f8108e618fc83f79a7bebdb62c0eaee029f65c6 |
memory/6300-10290-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6540-10362-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 36f20e80cde0b7765debe72eaf646588 |
| SHA1 | 32a31f0c5ed0eb0f8239cbce7956066424f1ad00 |
| SHA256 | 9bfc5a5b568d531c1419ec7e83223ea2bca65f11d742db9cdb077c7af216f515 |
| SHA512 | d1bb66f80bf287cb4e102d2c3e12ea3e72c554b0206afd065b81d312a7a7a3abefe92944b40cab248575088a41bcc480c55d01f8d6fc41308fe9b76b07b018d9 |
C:\Users\Admin\Desktop\SyncHostps.dll
| MD5 | 6a335e2fde5c60156ea2759fea471341 |
| SHA1 | e90b1fd29f68fccb831463f5418274934ad45f30 |
| SHA256 | b74e1ff06f91975379cc777fad383bf6822520043d0d096346a72ee148b3bf7f |
| SHA512 | 65c3cb4d2fd86a8f37751b52f7deb2f0607e49a042e8b591b39985ce33665df6dbd2b96023b693d44df3b9be7717519f8db2d22f765becd9f6205f0c14af1784 |
memory/7072-10497-0x0000000000400000-0x000000000048D000-memory.dmp
memory/8992-10604-0x0000000000400000-0x000000000048D000-memory.dmp
memory/3572-10607-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\Desktop\wpnprv.dll
| MD5 | 909bf64a700fe12a2588b657d269407a |
| SHA1 | 90ea654f71b01da192085974d92e2146c0875770 |
| SHA256 | 131d870e68cbdc5e6c4be5bd1ed7292966e4bf52a21d40c1a22233b075ce7cb9 |
| SHA512 | 9b23c6baf13a7770e657114dde746dea3bbce615f362e360f64804a0d1fafb43a386d7bb9b68bda4939744af790d46d74a7044043d0bb045a43a7068d056398b |
C:\Users\Admin\Desktop\WMALFXGFXDSP.dll
| MD5 | eb81b8555574b58288c44d4845244c11 |
| SHA1 | 7366fc319413887f095f397e9fd86a7fcf96789c |
| SHA256 | 7907356a2c960c39984cd9f9ff9391d2467d64586ae697e7677da730cf06a82e |
| SHA512 | 66e9fedea3f763fed871e63e3527775a27134f4bf0c07d69e041f106ea8c5aecb181d953ccb3398fd72d5e8c047c0502d933ea7e39fa54fd35169b155f397f9d |
C:\Users\Admin\Desktop\DesktopView.Internal.Broker.dll
| MD5 | 696532c8b4c28f86a18f177d03791ac6 |
| SHA1 | 6f6275c3521ed70d78bc059efdc39917e923336c |
| SHA256 | 7911d1c617eb14f321778af9bdb729aee288a9d29ba194e74152645b34f8bb80 |
| SHA512 | 0c5deb0743a99421f7391b9816ed1f13678b4f56d36a320933d438500283ef63ef873fa2b8ffbf2f3f11dad07b65b740ef2f708d83139e2a0fecf2b18f576015 |
memory/9348-10774-0x0000000000400000-0x000000000048D000-memory.dmp
memory/9672-10770-0x0000000000400000-0x000000000048D000-memory.dmp
memory/10004-10905-0x0000000000400000-0x000000000048D000-memory.dmp
memory/9416-10903-0x0000000000400000-0x000000000048D000-memory.dmp
memory/7224-10979-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6528-10977-0x0000000000400000-0x000000000048D000-memory.dmp
memory/4056-11171-0x0000000000400000-0x000000000048D000-memory.dmp
memory/8528-11173-0x0000000000400000-0x000000000048D000-memory.dmp
memory/10456-11354-0x0000000000400000-0x000000000048D000-memory.dmp
memory/10604-11370-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\Desktop\Windows.Internal.Feedback.Analog.ProxyStub.dll
| MD5 | 2e96d52e9274ffe9eb909b5d242bc1a8 |
| SHA1 | e40531e7bab78272c93458f508db19422261945f |
| SHA256 | e40912e33aa4f4e721aeb62719218be878a3e930f2f3064403c3a4c7186feba7 |
| SHA512 | ead3554d9965b1deedb2d51ca5afda0cf5689a9ef507d51ae2701b563d323e6adca4c9bfc2988abdb40bbf538f8dacd655aef63c4db8819c9990be14d0838261 |
memory/10360-11609-0x0000000000400000-0x000000000048D000-memory.dmp
memory/10284-11619-0x0000000000400000-0x000000000048D000-memory.dmp
memory/10772-11614-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5288-11800-0x0000000000400000-0x000000000048D000-memory.dmp
memory/9704-11798-0x0000000000400000-0x000000000048D000-memory.dmp
memory/11368-11802-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\Desktop\qasf.dll
| MD5 | 4f0d92c3b377ea4df95790ff5b1d2e46 |
| SHA1 | 450ec1400b2425e00d97a45586f611b75f4d7a72 |
| SHA256 | 636cdb1cbf9571841fe24788c9122b6f614fb3370648c92e0bf522254a98e09d |
| SHA512 | 23d1a206f33fe2bf4e90162b18a346e726fb1fcca5b168baae492b38d5ecb85081aab6738a9384c72c22655bedc0c386e01c0bb7bbdb715bae6f6b9b84960923 |
C:\Users\Admin\Desktop\Faultrep.dll
| MD5 | bf84af01fb429cab2fc546a9d7e22aa4 |
| SHA1 | 70a5a1b272295b51059fd226c42a8042bbebbc66 |
| SHA256 | a235e2c39268936e530622662d4ad89fde76fe9ef48108723ae94b7f62c458b6 |
| SHA512 | 4b3e215020543dd156753cf790733693ed07ae05500e621f007b5591bb5cb82132c118fcb3879d9cd4a88ff9e95ad8b8727402cd386e8518864f1e08dff5dc9f |