Analysis Overview
Threat Level: Likely malicious
The file https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html was found to be: Likely malicious.
Malicious Activity Summary
Credentials from Password Stores: Credentials from Web Browsers
Possible privilege escalation attempt
Boot or Logon Autostart Execution: Active Setup
Credentials from Password Stores: Windows Credential Manager
Checks computer location settings
UPX packed file
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Checks installed software on the system
Checks for any installed AV software in registry
Program crash
Detects Pyinstaller
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Runs .reg file with regedit
Uses Task Scheduler COM API
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Checks processor information in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-11 19:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-11 19:40
Reported
2024-08-11 19:59
Platform
win10v2004-20240802-en
Max time kernel
315s
Max time network
604s
Command Line
Signatures
Credentials from Password Stores: Credentials from Web Browsers
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe | N/A |
Credentials from Password Stores: Windows Credential Manager
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Browser Information Discovery
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.spl | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell\open\command | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.gif\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.log\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.pdf | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.bat\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.xlsx | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.csv\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xml\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.tar | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.cmd\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI43682\\flashplayer.exe\" %1" | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.xml | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.wav\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.txt | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.gif | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.avi | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.bmp | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.doc\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.ppt | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ppt\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.7z | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.wav | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.dll | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.swf\ = "ShockwaveFlash.ShockwaveFlash" | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI43682\\flashplayer.exe,-204" | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\ = "Executable File" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.jpeg | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.json\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.iso | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.pdf\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.doc | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI43682\\flashplayer.exe\" %1" | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI43682\\flashplayer.exe\" %1" | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.mp4\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.bat | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open | C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.mp3 | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.mp3\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ps1\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\error.exe\" \"%1\"" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xlsx\ = "exe_override" | C:\Users\Admin\Downloads\Tlauncher.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ebfd46f8,0x7ff8ebfd4708,0x7ff8ebfd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:8
C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\ReadRename.reg"
C:\Users\Admin\Downloads\Tlauncher.exe
"C:\Users\Admin\Downloads\Tlauncher.exe"
C:\Users\Admin\Downloads\Tlauncher.exe
"C:\Users\Admin\Downloads\Tlauncher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-945322488-2060912225-3527527000-1000"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\3c193ce4b0604d6aa8cc43edfdd02f1d /t 3656 /p 3452
C:\Users\Admin\Downloads\Tlauncher.exe
"C:\Users\Admin\Downloads\Tlauncher.exe"
C:\Users\Admin\Downloads\Tlauncher.exe
"C:\Users\Admin\Downloads\Tlauncher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-945322488-2060912225-3527527000-1000"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-945322488-2060912225-3527527000-1000"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x2f8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.udacity.com
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.washingtonpost.com
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.independent.co.uk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.independent.co.uk
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.hackernews.com
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.behance.net
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\Downloads\Tlauncher.exe
C:\Users\Admin\Downloads\Tlauncher.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.livescience.com
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\Downloads\Tlauncher.exe
C:\Users\Admin\Downloads\Tlauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.cnet.com
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\taskmgr.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI53882\tlauncher.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI53882\tlauncher.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI53882\tlauncher.exe"
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\014d27620a6244c4a5f003e2433e6aba /t 4296 /p 4836
C:\Users\Admin\AppData\Roaming\error.exe
"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.reddit.com
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.reddit.com
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.example.com
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.example.com
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.wired.com
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.freecodecamp.org
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.bloomberg.com
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.ign.com
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf""
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.udacity.com
C:\Windows\system32\taskkill.exe
taskkill /f /im explorer.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start explorer.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.udemy.com
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6100 -ip 6100
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 1256
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Windows\system32\SystemUWPLauncher.exe
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.ft.com
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"
C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe
"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dosya.co | udp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.111.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| IT | 157.240.203.2:443 | connect.facebook.net | tcp |
| NL | 142.251.36.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | qjmlmaffrqj.com | udp |
| US | 8.8.8.8:53 | youradexchange.com | udp |
| US | 8.8.8.8:53 | qvjqbtbt.com | udp |
| US | 172.67.160.24:443 | qjmlmaffrqj.com | tcp |
| US | 104.21.91.188:443 | youradexchange.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | pubtrky.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| US | 104.21.8.108:443 | pubtrky.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.203.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.91.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.8.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.pretrackings.com | udp |
| NL | 34.147.21.42:443 | tracking.pretrackings.com | tcp |
| NL | 34.147.21.42:443 | tracking.pretrackings.com | tcp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
| US | 8.8.8.8:53 | toptfeds.azurewebsites.net | udp |
| US | 8.8.8.8:53 | 42.21.147.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 20.119.8.44:80 | toptfeds.azurewebsites.net | tcp |
| US | 20.119.8.44:443 | toptfeds.azurewebsites.net | tcp |
| US | 8.8.8.8:53 | feed.rtbadshubmy.com | udp |
| US | 104.21.76.3:443 | feed.rtbadshubmy.com | tcp |
| US | 8.8.8.8:53 | sdk.ocmhood.com | udp |
| US | 172.67.72.9:443 | sdk.ocmhood.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 44.8.119.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.21.104.in-addr.arpa | udp |
| GB | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdn.ocmtag.com | udp |
| US | 104.21.5.19:443 | cdn.ocmtag.com | tcp |
| US | 8.8.8.8:53 | t.ocmhood.com | udp |
| US | 172.67.72.9:443 | t.ocmhood.com | tcp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.5.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ocmhood.com | udp |
| US | 8.8.8.8:53 | client.wns.windows.com | udp |
| GB | 20.90.156.32:443 | client.wns.windows.com | tcp |
| US | 8.8.8.8:53 | www.yahoo.com | udp |
| GB | 87.248.114.11:443 | www.yahoo.com | tcp |
| GB | 87.248.114.11:443 | www.yahoo.com | tcp |
| US | 8.8.8.8:53 | guce.yahoo.com | udp |
| IE | 54.246.139.239:443 | guce.yahoo.com | tcp |
| US | 8.8.8.8:53 | consent.yahoo.com | udp |
| IE | 52.215.244.169:443 | consent.yahoo.com | tcp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| IE | 52.215.244.169:443 | consent.yahoo.com | tcp |
| US | 8.8.8.8:53 | 32.156.90.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.139.246.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.244.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ver.tubroaffs.net | udp |
| US | 104.21.62.26:443 | ver.tubroaffs.net | tcp |
| US | 8.8.8.8:53 | allgarrad.azurewebsites.net | udp |
| US | 20.119.0.46:443 | allgarrad.azurewebsites.net | tcp |
| US | 8.8.8.8:53 | 26.62.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.0.119.20.in-addr.arpa | udp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| US | 8.8.8.8:53 | server1.dosya.co | udp |
| DE | 195.201.85.233:443 | server1.dosya.co | tcp |
| US | 8.8.8.8:53 | 233.85.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | am-feed.rtblmnhome.com | udp |
| US | 104.21.34.147:443 | am-feed.rtblmnhome.com | tcp |
| US | 8.8.8.8:53 | am-t.rtblmnhome.com | udp |
| US | 8.8.8.8:53 | cdn4image.com | udp |
| US | 8.8.8.8:53 | so-gr3ate.com | udp |
| DE | 178.63.248.53:443 | so-gr3ate.com | tcp |
| DE | 116.202.235.239:443 | cdn4image.com | tcp |
| US | 8.8.8.8:53 | 147.34.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.235.202.116.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 104.20.36.13:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | 13.36.20.104.in-addr.arpa | udp |
| US | 104.20.36.13:443 | dl2.tlauncher.org | tcp |
| US | 104.20.36.13:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.193.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 181.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 181.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.130.101.151.in-addr.arpa | udp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.66.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 208.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 181.1.101.151.in-addr.arpa | udp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 151.101.194.208:443 | images.unsplash.com | tcp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.129.181:443 | api.unsplash.com | tcp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 181.129.101.151.in-addr.arpa | udp |
| US | 151.101.129.181:443 | api.unsplash.com | tcp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
| US | 151.101.129.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.2.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | 208.2.101.151.in-addr.arpa | udp |
| US | 151.101.1.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.65.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
| US | 8.8.8.8:53 | api.unsplash.com | udp |
| US | 151.101.193.181:443 | api.unsplash.com | tcp |
| US | 8.8.8.8:53 | images.unsplash.com | udp |
| US | 151.101.130.208:443 | images.unsplash.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_3388_DCATKVAUBJNSWMMF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 685e02d015c76b74b6a7c7137421986d |
| SHA1 | 7f79cc65beb378e99f8e70d7ef9883db3eac50e7 |
| SHA256 | 05d780a14746a06bb4093ce653fb527b85a6d6cf849662664e86d2b073b68603 |
| SHA512 | cb03e7df043257719ae26c17d013525539abc2cf48d0ed3d8e0dba87589a2ef65e551c2f675ddf6fe2c51511b095391433c37b8a595591e1fa4928cabcfa04e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 379d7e644f362956ffe7c1560089af6b |
| SHA1 | 9029ce00dd184668b0f05f7e2ab59d7de0f08d44 |
| SHA256 | d7126bfe7628d34b9b24f7c0317f3d7ecec9a55ce782e65f1cd088892979a2ad |
| SHA512 | 846a132eede969f6faeb7b6632708633dd7bd34e7e47c0c6b486bafdadef079b7f5f6693fdddd55863d9d1cc372c407547ce8109878b0cec9090fbcd93371a48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef8c3e6c5a8ad5e781235e6efc689f35 |
| SHA1 | 868f1c65f8c9bc2bf63b1d041369f609c487c7b6 |
| SHA256 | 3a4173f430749ac56f59ef5917c2693525ebfd9a825fe2b3d1d4eedd7eb6874c |
| SHA512 | 934803d0b4f4905e5d0491ec26c88677188000d9945297ffc17df7e3e6b6645140eb6bd504431e69214e3752edfd8a6c5a04f68cb73d3d0e8c2dab59aadedb7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 953de3c099cc1daba7e3a123c45fab63 |
| SHA1 | d4b87b01e8c3806f27895b48f2fa89216b97e90f |
| SHA256 | be562c0550741d358195f15db0082f2d15c13b188746e4d9b9ed5c14872061d0 |
| SHA512 | 8454695d24a3d145b8e91d1c0a9bdb09f30b815307b681d590a0e5c769bf5c8f5b08868ee8d30bc8731b0b089affddac9a293f2996b50497c2239eacabc622d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9d6437f9f2fa23edd1e0acf5ad2f8f5 |
| SHA1 | 7410597b0349ac8b7b4a982692813e1137e4b5a8 |
| SHA256 | 009b4e6379ac8af5d72e9d8b1e5f5fccb60c30d0425b74f73e6bb0c38a3ce914 |
| SHA512 | f893c04e1be651dc3891ac8617d7ad63ef64035347ad77c152db9c702c8cf55399bbbf587b95fccbfc67ae8349df8ec9acece2ee9476306d5564bfdf0af5dc4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7585b6732d678ecf16957341b4f92b86 |
| SHA1 | bd1d48529d6acc0b90c1ea80718d11e84a8cb899 |
| SHA256 | 1dcf1d5c850cff803120da633040fee04570a3ab822a56583a413b2936f7fdcf |
| SHA512 | 9f05804fb44ca5fb7d5a1d5c48e7af9c7255be230c71cee622fa144011e71a0789f4a7566c4799c78941e4753c20b1cea69b8fd5fb01cb84b1c851cf3e26b287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 98824201fb757cf498bc8cc925511871 |
| SHA1 | a6db8d10a2197ee13b12e3a3ff77115ece71664f |
| SHA256 | 657fc7e433d77f1cd806365413f2e792752dff4fc3dbd3eee414a7414d061a1c |
| SHA512 | 6c891caf4ecaa55beb07a08fa4ee84441ddfd5f44e1ee128af5509d27dc2f4822ace6b57cf6715c20b16d19e192096749696050efd8680edd1dea43765819edf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1a58451906f60a441a2741bc16cb8b4b |
| SHA1 | d98f5d783a4e27fe14bef9f39cc1a0df7da87444 |
| SHA256 | 0834915efff1dce5fc7bf46db87ca3377fd4cacc300e9959316634534bc9b317 |
| SHA512 | ff1b4855f870de0d86257a877f90fea278b996a15da31bef98e23db626f69e5134f228ba20eaf7cafc62a532d45ea595da9fa5b1ff1ecfc6063ee1918256daaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fdd3.TMP
| MD5 | 339385adeb43f6bb88db348ae60a2192 |
| SHA1 | 421f3b45f5374521295871e6dea17b61ec067066 |
| SHA256 | 525a003848f1cad030a49d596618d8cd558d3a935ebca6598235b9d1dd9db2b9 |
| SHA512 | b9dac8181d8e19a2fe48c962392faa1f7bd28d62196b9fd976a36cd892d6882b650d6bd524b31002b4ff6dbb86e515d8ba325ef8f49bf4ffaae9ae4851817d1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59162e.TMP
| MD5 | 1614919c4b4484bd4a32244510951420 |
| SHA1 | c9934f14ed3b98b28a146a52b650b3523a8edcf0 |
| SHA256 | 3151346aa2ade4b101ed5818e6edc6568b41ecc79246c18d449a7ef51f6ce372 |
| SHA512 | b0c7b3c5e0a06c87ff6c2b9ec7ad7b443313c34d293f235dff8fcce3664bb0d8398137ffcecb2537658c52c7d6ed76268aa3500e20e8a958f007823b49298705 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 09ad49ea0a2c6628f33177fed2c742af |
| SHA1 | c3dcf8edfec9d563b59e8af76a9abd5718d25576 |
| SHA256 | 342ab3d2200944941d4044d77a23b01d4c468efea13d0682bfd927b16c771499 |
| SHA512 | fb490bfec52a56a5d1164118c40ceca970ffd85b45e4e33607d4b762e2f53b3fb97f26c44a695e6bbe9f5da2f9d53b699f9ec1d407b2439d69ad57ba6de8de06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6bec61df4762facb55908b36a243984d |
| SHA1 | c31c761b6349950e1768a89267a0420ce34aef4a |
| SHA256 | 9d47d64437d7fc00f6b5bb0b2bfe19836d6095a1c3ff5ab9c38734efc0bf03f4 |
| SHA512 | 14aef31b10664221adfb7cc0fd02c1310877b24fdcc66df15963b4f52a60493cbfa36f84de17126a322fdc0cdacb64388218cd496b4980970b40d42196fc4e3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6667d0056813ee7bcac6f027ec9ad497 |
| SHA1 | e1b180ac07fe78346caaba0e3b219b6ceb4306da |
| SHA256 | fde7bce18f99ff6f864cfa963a8169eb554b5ea33065f2ecab64343fa1aff56b |
| SHA512 | c28f692eee73a5ae8943e42202af6b1abdcb267b40fe851e7bde167190512e4b4bdc440d727dee3142334f07f1a4fa4e8fa967b90ded82f0f140baa360995411 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b03cc3cde8285ee7a1b996f51b784c8a |
| SHA1 | 9a599b9764147c68899df1d2ed209a91ef887275 |
| SHA256 | 244adfb9d4288c1d4eb5609f8b0caa031eaca9a236983a464d37a30f520f8d22 |
| SHA512 | c819103301a957888c35afcde5f76a69921b90a2caf9d959ee1287610d309ebe6efa94122c6910cee6381e9ecb44e1ef4ee34d4d03be17d29dfb5d4a4e117855 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 64f70731ba240f09eeb50912cb4d9769 |
| SHA1 | c493d11e59d023dab2327e85f7dadf0e0045fec7 |
| SHA256 | 39af90bcb5875033ec7d052574ef7c99cd91c586d98c535fc12697c046712f5e |
| SHA512 | bd1c6376a4f3cfa27770367cb08830e91ba70522595df3e277b4a8fa05efe88f31916a1e23c536701fb41764c58c4d13a90eb90e07bed1fdb735c9b79046bce3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 036c55b814763fb8e55b01f800178f8a |
| SHA1 | 0fe83bbbb74b7f9d9b14170619d0f57f396fa97a |
| SHA256 | 11fb551a5fe51e8fee062010e666bc57dbf5a6ceea035e274285e8f7196adb7a |
| SHA512 | d114b5332b1e4eb1fb4045c23892328ec19853b8313be82271dad94d387f2d54b3ec7d7bddb6a4d9a6062994b93b0433a083faf9a9d908870eb7bd2ff493a817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 06ba8c5c59700dabc6ab7829a66dd0f7 |
| SHA1 | 1a98f18e7e22b0f79186aa008d6c07ce601c4b40 |
| SHA256 | 797cebcca60c1d8ca41ff960d9feec3320497c9ce7a68c72f97118ee84e39b69 |
| SHA512 | e751b6cf377e6db1d468d2e901f0eba00cc9c719e1ae9e56d1fe2807ed4e8ef2401cb3165ef0763843ddaac64ee094f526c17ac145e790682518c17c693b7eb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9bd2c35d1d56cd2c8196125d52f2cbe9 |
| SHA1 | dc918e23cfb97678e3dbe663886586ad89077d68 |
| SHA256 | afd12fa81edcca20965b40d26a1d3d343c721a372162037fbe85fec2494d2859 |
| SHA512 | 015fef3489ec783bd15ab8243c3d669c2d4104a44a869b00584f1ede487c9c5d2891f019dbb75640ee81b324a32a2ef28069a5e90f6bacfdee0615152f0950c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7c08a3d98499d326288a45aada5f0e89 |
| SHA1 | 4b2e8a9501ab50ad0d7088343a546327380a7236 |
| SHA256 | 103eae9467ac7cc9fd189bdc277223c9f2e46437485b814126cfd9ca71bba6df |
| SHA512 | 9d0e0413215aac249e82fb2907099167195e9b4bfce8fd61e6f4936a413cb7ef6f747aed45f88053fea3c2fd1912ad7f8a4d2743c9469b24933eb4f590fea89f |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\BSOD\bsodgif\frame_39_delay-0.05s.png
| MD5 | a92ceeda62a4e0e47b8040939fc916d5 |
| SHA1 | 5b25096d67a8a9100e5f81e3554001cdc34102bd |
| SHA256 | 646ab22ba269e0ff5491f9b1482ea1aae961be00a18f7cf5337ea58b53572b50 |
| SHA512 | 7403833a3422f8e672086a9c877cac2827933e3524f1f906a10e3d59bb71b3773246008d3fa2af9ccaa71e30ee2997981197350deaf4a3bf5bad5b9c78978514 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\ucrtbase.dll
| MD5 | a9f5b06fae677c9eb5be8b37d5fb1cb9 |
| SHA1 | 5c37b880a1479445dd583f85c58a8790584f595d |
| SHA256 | 4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52 |
| SHA512 | 5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\python312.dll
| MD5 | d521654d889666a0bc753320f071ef60 |
| SHA1 | 5fd9b90c5d0527e53c199f94bad540c1e0985db6 |
| SHA256 | 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2 |
| SHA512 | 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\python3.DLL
| MD5 | a07661c5fad97379cf6d00332999d22c |
| SHA1 | dca65816a049b3cce5c4354c3819fef54c6299b0 |
| SHA256 | 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b |
| SHA512 | 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\_lzma.pyd
| MD5 | 195defe58a7549117e06a57029079702 |
| SHA1 | 3795b02803ca37f399d8883d30c0aa38ad77b5f2 |
| SHA256 | 7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a |
| SHA512 | c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-string-l1-1-0.dll
| MD5 | f6afbc523b86f27b93074bc04668d3f2 |
| SHA1 | 6311708ab0f04cb82accc6c06ae6735a2c691c1d |
| SHA256 | 71c0c7c163d1a3d35e74f8d7299eb38ef7268af1fa276e9a3966761212c570f0 |
| SHA512 | 9ab0c2d025525fe047e27769c3b2be7526ad0d0cbe76eb1e3a84dc2cff60ab3c4a218388892f600f7b3b003909ae133b0e7da19c9ba96b624fa8f5123c3a97cf |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | 650c005113599fb8b0b2e0d357756ac7 |
| SHA1 | 56791db00766dc400df477dcb4bd59c6fa509de6 |
| SHA256 | 5f16a1131c8f00ebbe3c4b108bd772071a2d9b4ca01b669b8aeb3ffb43dabcda |
| SHA512 | 4bc54ad70b75f550e623311dc48ea0fd8ff71207f64127379fcd48027ee2458d27a2aaa454637b4f09d713cc9e1f2cc09bb6cd55b0c6b7ed25e52cb46827fff2 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-profile-l1-1-0.dll
| MD5 | 82e58246846b6daf6ad4e4b208d322d4 |
| SHA1 | 80f3b8460ab80d9abe54886417a6bc53fd9289fa |
| SHA256 | f6eb755c146d0a0ebf59d24fb9e1e87dc0220b31b33c6acbc8bebaf31493c785 |
| SHA512 | e1a032846c6110758fbc8eb84dbd3d228e83b3200bf5820c67d9740f6f8c7e926e4c89b92e8d34721d84fd597ab64455fd3029138e35f22329af23f599afdadf |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | e26a5e364a76bf00feaab920c535adbb |
| SHA1 | 411eaf1ca1d8f1aebcd816d93933561c927f2754 |
| SHA256 | b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15 |
| SHA512 | 333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | eaa2228507c1fbde1698256c01cd97b7 |
| SHA1 | c98936c79b769cf03e2163624b195c152324c88a |
| SHA256 | 4297033ef8061c797127f0382df24f69264dca5c14d4f5b6cd2bcca33e26c1f5 |
| SHA512 | 8319949a1e1acca312dbe99dfd9eedd1b5e4a13946a6ff829d6792d72f0a3a618ce10140954c035a5390a5a6e3b8ae2f23513629007cd3b7a88d5fb6fd81d763 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | 8b0fe1a0ea86820020d2662873425bc4 |
| SHA1 | 3c2292c34a2b53b29f62cc57838e087e98498012 |
| SHA256 | 070d8827798ee2aa4c2dc70d7faef8ef680eca4c46ecc2dad3ce16380cab1f82 |
| SHA512 | 0c29c8fae6c5a8de2f0047cbe66e0b2ae7c30cbeced6df1ea2e472ba123bf9e542d9e6cd8eb06b4f0cbe2e343b7929cf25bce1e79937076bf1d0480d91d2c9b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 83a0b483d37ed23c6e67896d91cea3f0 |
| SHA1 | 6b5045ed8717c5b9f50e6a23643357c8c024abdb |
| SHA256 | d7511eb9191a63eb293af941667aa2318fa6da79f06119b280e0b11e6b6b1d25 |
| SHA512 | dab0203fc26c0249b7a8882d41365d82690d908db359c3a6880f41a1c4eebde51ae084bd123864c32d8574cb0a22cfbc94bcd8e33b51f37f49575e2b9de93807 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 3abf2eb0c597131b05ee5b8550a13079 |
| SHA1 | 5197da49b5e975675d1b954febb3738d6141f0c8 |
| SHA256 | ff611cc2cb492c84748fa148eda80dec0cb23fc3b71828475ecea29597c26cd8 |
| SHA512 | 656213a8785fe937c38c58f0f01f693dc10dff1192b232f00fb18aa32c05c76a95566a9148462ea39b39f1740a7fee1c9ac9a90c6810f38512b3103d18c89b72 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-localization-l1-2-0.dll
| MD5 | f1d0595773886d101e684e772118d1ef |
| SHA1 | 290276053a75cbeb794441965284b18311ab355d |
| SHA256 | 040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a |
| SHA512 | db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | 0ccdef1404dbe551cd48604ff4252055 |
| SHA1 | 38a8d492356dc2b1f1376bdeacab82d266a9d658 |
| SHA256 | 4863006b0c2aa2a39dff2050b64fbbe448b3e28a239e9e58a9a6d32f5f5a3549 |
| SHA512 | 0846489a418d2480e65f7bef4a564fe68fe554f4a603a6f372ddd03eed7ee6299649b61172a7a9ca9a9500a924c2642493cce1040fcd6601d5862c248c902e9e |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | f8203547595aa86bfe2cf85e579de087 |
| SHA1 | ca31fc30201196931595ac90f87c53e736f64acf |
| SHA256 | e2d698823ba78b85d221744f38d3f9e8acccd0eedbb62c13e7d0dff4a04bd2b1 |
| SHA512 | d0818ee6b1a775793305828ba59c6c0f721d3fe2fcaca5bbfe047f25a500243ab4486c368302636e1c3934becc88c8178606a29871fe019d68b932ad1be3ee1b |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-heap-l1-1-0.dll
| MD5 | aa20afdb5cbf1041d355a4234c2c1d45 |
| SHA1 | 811f508bd33e89bbd13e37623b6e2e9e88fdcd7c |
| SHA256 | ef6657aac4aa97a57e034fd5baf4490706128ffafce7c285dc8736b1f7ee4d09 |
| SHA512 | 06740552875ff2df234ec76f45cce3c66b7d5280a3d1b90874799780ff534437e5dffacf9e40bfddc301507d833235e25eab8119ac80d2587a43a80d4f0068b8 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-handle-l1-1-0.dll
| MD5 | c79ccd7c5b752b1289980b0be29804c4 |
| SHA1 | 2054a8f9ebf739adfcfc23534759ae52901c189f |
| SHA256 | 8e910589f3f9a27ed6ce1d4f2d579b4ef99cfa80c0bf6f59b48ba6556e1578a0 |
| SHA512 | 92de7aec7f91f6f4f7cc3dd575b11ea0f4fe516682ba2d05d605380a785597bc953b575cf0ff722980f0849a65d8c4a14c7717eeed8631a7aac0cb626d050e75 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-file-l2-1-0.dll
| MD5 | cdfc83e189bda0ac9eab447671754e87 |
| SHA1 | cf597ee626366738d0ea1a1d8be245f26abbea72 |
| SHA256 | f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007 |
| SHA512 | 659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-file-l1-2-0.dll
| MD5 | 852904535068e569e2b157f3bca0c08f |
| SHA1 | c79b4d109178f4ab8c19ab549286eee4edf6eddb |
| SHA256 | 202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225 |
| SHA512 | 3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-file-l1-1-0.dll
| MD5 | 6ee268f365dc48d407c337d1c7924b0c |
| SHA1 | 3eb808e972ae127c5cfcd787c473526a0caee699 |
| SHA256 | eb50cc53863c5a1c0b2fe805d9ecefef3f2dbd0e749a6cc142f89406f4ffdb10 |
| SHA512 | 914da19994d7c9b1b02adb118d0b9cb2fdd5433ee448b15e21445ecfc30941045246b7c389a2d9c59fb6487bb00426579b054c946e52982516d09b095279c4d9 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-fibers-l1-1-0.dll
| MD5 | 221f63ee94e3ffb567d2342df588bebc |
| SHA1 | 4831d769ebe1f44bf4c1245ee319f1452d45f3cd |
| SHA256 | fd7c5503aa81dea1de9baee318e6a53663f7a4634f42e116e83c6a0f36d11143 |
| SHA512 | 3d36175eaa6dc035f2b26b5638e332408579aa461d663f1cf5a3e9df20e11a7cca982b80c9dcf35ba9a8bc4203ac2f64f5dc043b60a6f16720f4d4ce052096c9 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 586d46d392348ad2ee25404b9d005a4e |
| SHA1 | 4bece51a5daacf3c7dcff0edf34bcb813512027f |
| SHA256 | 2859fe2fe069e5f4300dd0106733750b1c8c67ee5d8788c4556b7d21c6da651d |
| SHA512 | daad865dbb4ca7542d5bd50186ffa633a709bfe1cf79d0d98e738760634da49afef1c418357d9482dbe33fe995847e05f653b6e3bba00aa42badce47dd072115 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 28840d7d1ea0a873fb8f91c3e93d6108 |
| SHA1 | 0856b3ceb5e300510b9791b031fffceaa78ee929 |
| SHA256 | d3fad206a52d9b1dd954c37a45e63e691ebc7bfe8af27a87553203fb445224ce |
| SHA512 | 93596ec710bd738fcbddf4db0f102f537355bbbaea347d2314d62064d5110cf1deb3ecb6d1e0922f019351acfe2d1c694684d0e62e22c004d5a20a6cae5c7fe3 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | adf9263b966cea234762c0782aba6e78 |
| SHA1 | e97047edecf92a0b654f7a25efd5484f13ded88f |
| SHA256 | 10cd6bf518350f93ab4643f701efdac851cdd7a26a0d8bcabfbb2bd273e1f529 |
| SHA512 | 56c09d786f4ba401d4827da4148d96b140f28f647a03ac6ab94f64de9be4c75ecb8b583efad28aa0c51356978caa96f0cb9d56cc4883ff42c1ee7f736e481c52 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-console-l1-1-0.dll
| MD5 | a58f3fbbbbb1ecb4260d626b07be2cda |
| SHA1 | aed4398a71905952064fc5da1191f57846bbd2d6 |
| SHA256 | 89dd6fbea61edb8f1c934b7e5e822b4ce9bea939ff585c83c197e06a1fd8311a |
| SHA512 | 7fd371818932384b014d219bb318fb86c1787f3a58a3f08e904b7bbe3486f7ad6bc3776b335c178658c87efd663b913a14fb16d1e52198801659e132fa830d07 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\ahk.exe
| MD5 | ac51a71e06fb8b7e2a8be659387203e5 |
| SHA1 | 3cf8a1c2730b725f445010cae3d561704ff7f002 |
| SHA256 | 5ea670d23777834e3558c073f19e5abcb1d21f63b088af73216006accf7280a5 |
| SHA512 | 4954e8355680aea55275f3467f5ef433da7cbd1a100f493334e9c4891a054d3fc98182d177c1367408bb7cb6d31b62b0171f77464b62b92888c03dfddffe9f4a |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf
| MD5 | 11f7cd8ffb17b45fc349629ddc616c23 |
| SHA1 | e3c0f315d61d66c353267348391605caaeffd20b |
| SHA256 | dca877835bec9a8f28d805a57311866821aef2d7a872181ba23a822572e14fb8 |
| SHA512 | 8ce3ed80a2ad62c14eb8fa7760936a43eca73e30f3926edd42198f779b16fcd4c638e85f9dd8c83a83d6dd17fbbd078bf8cecd5c913b317d2bc83aceadf5b26f |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf
| MD5 | 35b04774ee5a3267807228d3c5768eb0 |
| SHA1 | 20da3b9480602b5e75b0b4f946505059f28c16ea |
| SHA256 | 3d9ee2bd39d1826b0200d6e752363abe19344dc219ee41f5d9c1de29e80a2875 |
| SHA512 | bf0138af2b9a97ffffb60617de9051ac868edca7fbe79cd6c6581654e865e6f203c7d61fdb4778fb32a224d67f84cf01fdf6bb826388caf596cdf1ba4e28beea |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf
| MD5 | 8b254d264309020f0a53bef13f3df546 |
| SHA1 | abd67d47ebef90b8a8d6bb6b17265dea3328302f |
| SHA256 | 201fa377ea302b93aa346585b9ed18c6bd3e7dcf56dcd43feef8fb0a25570a2b |
| SHA512 | fdd5edfaa435900729124879901e36182281e505973f93b4ab76b75eb0c22f4b6b644b624bad547f6a8c78052fe5c2ef1c6142ce22cab3d26383281fa9dbd1c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf
| MD5 | 0b6586aa6a73a2358b769fb3233eb0df |
| SHA1 | ef2e934e9451068f4976acadaa343c11a9949da8 |
| SHA256 | 2e5415107cea1d2fb6974d41a504435a4273d049774dc88770a1be6b2f08d45f |
| SHA512 | 04629b7d044688e919d6d027d2fae164ed88899813ff5155b7588682d6b76bfd046ded32c433f4b7b47d27000e690ff0756544c16e89de003ff1f9e7633cf1ad |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf
| MD5 | d3409f48d01162828f15230177332b37 |
| SHA1 | e951d22daf162a823bfc4e26f1498e7db6506e46 |
| SHA256 | b8cb552feedc7d71fd4d25341d09a6179d3e9a6920a200803d58369ac6a34b6a |
| SHA512 | b1bda52a74245c2877db410964ebcc83f06677ff6f175e82d9bf293a5c1e21c4153db1c12cdc1871a5cd410006337989290753e141f985016705171d3a220866 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\_bz2.pyd
| MD5 | 5bebc32957922fe20e927d5c4637f100 |
| SHA1 | a94ea93ee3c3d154f4f90b5c2fe072cc273376b3 |
| SHA256 | 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62 |
| SHA512 | afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6 |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\_ctypes.pyd
| MD5 | fb454c5e74582a805bc5e9f3da8edc7b |
| SHA1 | 782c3fa39393112275120eaf62fc6579c36b5cf8 |
| SHA256 | 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1 |
| SHA512 | 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d |
C:\Users\Admin\AppData\Local\Temp\_MEI43682\base_library.zip
| MD5 | 43935f81d0c08e8ab1dfe88d65af86d8 |
| SHA1 | abb6eae98264ee4209b81996c956a010ecf9159b |
| SHA256 | c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0 |
| SHA512 | 06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | f3b300079862aff353b412d490bf5abc |
| SHA1 | b61ad13daa7d39a02aa1329788ece0737390a45d |
| SHA256 | c052cb74d9b0ce37efba9c018b5bcf74c51cfbdcaf990ae53cb9772ea318945a |
| SHA512 | d6e02701ec0990fd9a4b0e82ce69048a35ac114e7515ed2ed6a445ec9f8ad9f98287491e087a269b3e973fb55da360e2df1a516a9fa850c68cfcfaadacb2fbb6 |
memory/3452-1703-0x00000000001A0000-0x0000000000589000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP
| MD5 | 5c9fb63e5ba2c15c3755ebbef52cabd2 |
| SHA1 | 79ce7b10a602140b89eafdec4f944accd92e3660 |
| SHA256 | 54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7 |
| SHA512 | 262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
memory/3452-2369-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | dabd469bae99f6f2ada08cd2dd3139c3 |
| SHA1 | 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b |
| SHA256 | 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606 |
| SHA512 | 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
| MD5 | 199e6e6533c509fb9c02a6971bd8abda |
| SHA1 | b95e5ef6c4c5a15781e1046c9a86d7035f1df26d |
| SHA256 | 4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8 |
| SHA512 | 34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579 |
memory/2204-2392-0x00007FF8EBBE0000-0x00007FF8EBC0A000-memory.dmp
memory/3452-2394-0x0000000010000000-0x0000000010051000-memory.dmp
memory/3452-2393-0x00000000001A0000-0x0000000000589000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI7682\BSOD\bsod1.png
| MD5 | 91da2c53725c459519b05a3b7a199855 |
| SHA1 | 4123e3f1837bfab170ac6f52214973f9b99b13e5 |
| SHA256 | 77acae6db220f6386d66cb2e9027a6f1b762216933666fa42357637d05f94096 |
| SHA512 | 7545e5c3f578e7a02333966a75056cf3ed545a40a093961b9ea011c7d2c897414034968ab7c324c5a504429d0e33864f6950f2dfcf2b4fd8f522f722b3db62d5 |
C:\Users\Admin\AppData\Local\Temp\_MEI7682\cryptography-43.0.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI7682\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\GooseModdingAPI\bin\Release\GooseModdingAPI.pdb
| MD5 | 5e0ccb3bd78be9cd539fef6e4005e47a |
| SHA1 | 9a28756dffdef59d36bf42cb9cc8e02e454026d2 |
| SHA256 | 4e4eb668831c91756eb030045d118ebd069fda0b0e0065ee2467c4c1c382cdd8 |
| SHA512 | 4c58e1d9d77c42500c3d91314257f563a6b3af627ae0d5ec257b38a8b8008b47ad10b8b3a0661bc72a12bdaf549a33453a971802542f5c719fc979fa9f6c1372 |
C:\Users\Admin\AppData\Local\Temp\_MEI7682\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\GooseModdingAPI\bin\Release\GooseModdingAPI.dll
| MD5 | 6f6c8f80d6c36739147b38016bd4b469 |
| SHA1 | bf0f81a00ccc595242620b15ade2a0661424d9e3 |
| SHA256 | fba607ccfd47e2b6ba04d449f1de10e3b66ba35b7d0e96f71e7c61d0c10486f4 |
| SHA512 | 1b3d6da8eedc140f3836c60eadc5251870d01db99e72d33ec0b2a585e2e4b2f7e643e2a12ad42f8e6d8704e8af67ca1df728acdbe18c614a1b8f6746d0c3fbc6 |
memory/2300-3606-0x0000000000AA0000-0x0000000000E89000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
| MD5 | 1ce84d00958cf602fe5212df2ee8f16b |
| SHA1 | d2eeb31ce966b6068f7f77dca886339577fd59fb |
| SHA256 | 1b753d82577e885c1ca5643b2947295fa67c18c6bf812b811f1a729bfcbb085f |
| SHA512 | 9a7d13b72788238b3c57ede48eb164a0e1210809a6d7b9c318cd13846a59a90566f4608f09241a494f8e4415916af02ecd6bfa3fc214b5b86613930585bcf7f9 |
memory/2300-4276-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\check_latest_tl.txt
| MD5 | be27a7da181fe2e0f9daaae4c93dc291 |
| SHA1 | 79bbf661f01c7d11916343bd98f0ec594a4c2434 |
| SHA256 | ccdb663ffa26bada8c166707005ebe784ca0beb9297de2f183f662950ac8d31d |
| SHA512 | caced540aa47296317a88ac0c1a0932bfd3eced56ed653ba74e9c2b5bc0c02b20b3fb79f814a2ecfbc85f65c592ce1c0bec4495b2928b2ddbbd41300b083062e |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG1.PNG
| MD5 | 66f6065f9f54487aa740e0dcaa2951b4 |
| SHA1 | 6ee958852ac17dd5e7ad2614f697e61dd72c2d80 |
| SHA256 | 2264bcdf6498620779f0c4b8fe23da78c7f7773d9649e0d8efd38e6df0cca232 |
| SHA512 | 4694bea262f6c516d51581a1c652163d9fdafbdfb7540b12b8a972cf2faa612dcf849c56b9b74d4247324e78f9ca5561205fc3ba1542c3104c1fa0986e3c5731 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG3.BMP
| MD5 | f5d6a81635291e408332cc01c565068f |
| SHA1 | 72fa5c8111e95cc7c5e97a09d1376f0619be111b |
| SHA256 | 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26 |
| SHA512 | 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG2.BMP
| MD5 | f35117734829b05cfceaa7e39b2b61fb |
| SHA1 | 342ae5f530dce669fedaca053bd15b47e755adc2 |
| SHA256 | 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3 |
| SHA512 | 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG1.BMP
| MD5 | 3adf5e8387c828f62f12d2dd59349d63 |
| SHA1 | bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a |
| SHA256 | 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0 |
| SHA512 | e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be |
memory/4248-4307-0x0000000000C40000-0x0000000001029000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\Menu1Text1EN.html
| MD5 | ac4725ad14a44844c24f77b201c05077 |
| SHA1 | 26ac7d670b1cfb432bcd9337814a850b68c2509d |
| SHA256 | 93ec6593dc0e29027b5a7aaae44f469103d4809f2dd8c31bef9e4ecbbba4910a |
| SHA512 | cbda2778b058a0abdc67e306d50ac4ed5221e6292d9b1f0a7c18c8f056683572788e4fa02e1f43d5303df2294c654bbeab37a620ad7f2908d76de478caf1a35b |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\MenuOperaText1DK.html
| MD5 | 560b9252575c317363bd4e95b297f7f8 |
| SHA1 | a6c7fb21b29395ab63c38ce0c7f7e0e92ad95ff4 |
| SHA256 | e2d05208ca70dc3339b25003f28aa72181de0ce59462bbf73875aedf21fda59a |
| SHA512 | 804fe0d8b6d308dae976f96d897358541047bc05f119d23fc8f9c8da76318b865c908a54f7daabf923b295023ad249eb19d7bc492c835324e0097a4c610a1ebf |
memory/4248-4977-0x0000000010000000-0x0000000010051000-memory.dmp
memory/4596-4996-0x00007FF8DD580000-0x00007FF8DD5AA000-memory.dmp
memory/2300-4998-0x0000000010000000-0x0000000010051000-memory.dmp
memory/2300-4997-0x0000000000AA0000-0x0000000000E89000-memory.dmp
memory/4248-5001-0x0000000010000000-0x0000000010051000-memory.dmp
memory/4248-5000-0x0000000000C40000-0x0000000001029000-memory.dmp
memory/4876-5018-0x0000000000F50000-0x0000000000F8E000-memory.dmp
memory/4876-5040-0x00000000058F0000-0x0000000005982000-memory.dmp
memory/4876-5064-0x0000000005FE0000-0x0000000006584000-memory.dmp
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
| MD5 | b3a2c15833ed3013c1c8f09a3090613b |
| SHA1 | 89ad338ef38db8fceda43ef113abfc7ee3e748c4 |
| SHA256 | 1e6364e1a33cce9395071c75f7d8df3759dc475baa6f677422f29c9bcf3e6869 |
| SHA512 | a14189f7236cda4574771269ab1e9da5c100eb5bc59c3dc77a77b5d85b97755f45bf9e28451183128f22aa01a70d63e2e1a54810b22dd57a5c639c9854de8342 |
memory/4876-5071-0x0000000005A10000-0x0000000005A1A000-memory.dmp
memory/4876-5072-0x0000000006E90000-0x0000000006E9A000-memory.dmp
memory/4876-5073-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5074-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5076-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5075-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5077-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5078-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5081-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5080-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5079-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5082-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5083-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5086-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5085-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5084-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5087-0x0000000008130000-0x0000000008140000-memory.dmp
C:\Users\Admin\AppData\Roaming\error.exe
| MD5 | 415c03867cad0b216f84de46ae0573b6 |
| SHA1 | a3d468bd535670f49e9f21111acd221dcc270b0a |
| SHA256 | e5677511a4cccf1d7bb03b6e1e86e7c7058604e2694979fe8a181597ceb747cd |
| SHA512 | 1cdb46e13cda2776144a3db764e7be116a27745baa927b22cb9d2bb5f63e39f28e18a64e8dfffaae7739a4a10de92404dbc7510097be07ea7f8742e215fd89e9 |
memory/4876-5100-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5101-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5099-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5098-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5097-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5102-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5105-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5104-0x0000000008130000-0x0000000008140000-memory.dmp
memory/4876-5103-0x0000000008130000-0x0000000008140000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133678797121354499.txt
| MD5 | 61e58f0d403f4c6f4dfbb8e55268ff43 |
| SHA1 | 733548bce4c4280a151dcd8bc0bc95cfe43fe59d |
| SHA256 | 12a3b7d9f0f6769e4316f924358d7b4e29afa215f5d2b2d3354a5cdddc552f9d |
| SHA512 | 19bcbdb0dfdacc4e210811779cfc3e8d0a524970a9656af1c64fbdcac2aff2d4027ac1639c8b913b1f565659f9dcd7a861cf90eb68fe0d105453ac06b7f2ec6b |
memory/3396-5283-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Roaming\MusaLLaT.exe
| MD5 | 55c38db4b199f52bd5fe466746852a6c |
| SHA1 | e683a9fffd0f16cd4d4e1f32089ec3ac5fce2e96 |
| SHA256 | d98ca9de107c1f0c55d62a48d2af195269d3bf2a164595e2e33d57b4ff975a2b |
| SHA512 | cf9b94213acfd49ce28973573717cc77d25b00eb22bba452d63466043776cab0e1b3ad4f6f851a0a5b53aadeb45c15a86decf90f6465c872e43440d8f79e03e7 |
memory/3396-5346-0x0000000000400000-0x000000000048D000-memory.dmp
memory/4500-5395-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\4ZLXTYAF\microsoft.windows[1].xml
| MD5 | 561d428fca25aaeff220ca801100323c |
| SHA1 | 703808c3abb1172a6a05ea8a7bdc297eed3d01e6 |
| SHA256 | 1fd2a6b24b2e481e24953b38587394eab230127867ca14b0f9ac3e365561a83c |
| SHA512 | 72f5711ee30b7d41a4bac8bb59ec4c9d488de5a138079ec897a407917b0c4199985077045cbf345654a06352310881c9baef5eaaeb75fb774faad5ee938e1d00 |
memory/3692-5583-0x0000000000400000-0x000000000048D000-memory.dmp
memory/2448-5766-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5724-5811-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI59002\_decimal.pyd
| MD5 | 492c0c36d8ed1b6ca2117869a09214da |
| SHA1 | b741cae3e2c9954e726890292fa35034509ef0f6 |
| SHA256 | b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1 |
| SHA512 | b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0 |
memory/5788-5865-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI59002\unicodedata.pyd
| MD5 | cc8142bedafdfaa50b26c6d07755c7a6 |
| SHA1 | 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe |
| SHA256 | bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268 |
| SHA512 | c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\select.pyd
| MD5 | d0cc9fc9a0650ba00bd206720223493b |
| SHA1 | 295bc204e489572b74cc11801ed8590f808e1618 |
| SHA256 | 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019 |
| SHA512 | d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 9f15a5d2f28cca5f4c2b51451fa2db7c |
| SHA1 | cef982e7cb6b31787c462d21578c3c750d1f3edb |
| SHA256 | 33af8b4a4f1f9a76d5d59fdf634bb469ca9a830133a293a5eef1236b27e37e63 |
| SHA512 | 7668d42fd8cce5daa7e0c8c276edd3bda0d4ee1c5450fa8d46cf7600f40b2f56e024f98157a86e9843d0b7d33cb281ebdca3a25275e08981f5d9cbaad1cfe371 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-time-l1-1-0.dll
| MD5 | a1002f4a501f4a8de33d63f561a9fbc6 |
| SHA1 | e1217b42c831ce595609cfde857cd1b6727c966d |
| SHA256 | fe94985959fe310cafa1eb3e32f28001ef03afefd32497d0c099eb9393bf6f4b |
| SHA512 | 123a5ebca5d8a1292f238bab3bd8cc12ab3157672a904361a72f5f7177f4ce0dd4708fdfda34f2ed0b4973ad7d92bc69b85651687a4604def4bf7bdca5d49b17 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 06f29e2e2ebc8e3d8d0110a48aa7b289 |
| SHA1 | b9047a9aa94d25f331e85aa343729a7f3ff23773 |
| SHA256 | 6c24d050afc07bc5d2ba5eb07840345569b52e97442bcc7c4413fccedc11e6c4 |
| SHA512 | 9de0b3f3ab2c0ed61920d99e3a931bbc08015d848907bf4cd5cb2c81017de4d23f2f8977a3a7895b92208ae7e5753ab8c4b00c00e375da005b432b5534ea7838 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 374349666a3b260411281ab95c5405a2 |
| SHA1 | 42a9a8f5d1933ec140bd89aa6c42c894285f14d1 |
| SHA256 | 2a6f53be6e8b8fabbf8fcc2ac1224f70628f4ab35e0b36612a6728df7685d56a |
| SHA512 | 5c4a79503f83eb8e12a38605c1ab2cf6332f7ef845dc7ac5c34dc71cb86e903dc002c91a7142a56433fff97ff21ec926c9cc0be92a31ecffe2a7c5e042d6fc4a |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 6edcd747d5beb5d5b0550b9e8c84e3a3 |
| SHA1 | 8b8baf8f112ac0a64ee79091b02a412d19497e69 |
| SHA256 | d5b5c4ee347678e60af236c5e6fd6b47ad5786e080d14fdb11af0aa5740e7760 |
| SHA512 | 1bc72f7b6b13374dab05f8914dc96f194bfa86cad4549a3fca1dd79485cfdbe1d45053f197e2bdd280b8787edcbd96c4c74dffdf044c99520148d153bb0a438e |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 98bf2202e52b98a742f24724bb534166 |
| SHA1 | 60a24df76b24aa6946bb16ead9575c7828d264b0 |
| SHA256 | fe005d1a7908e36d4fd6cb2711de251462c9bebf99e4060687df11bd0bbedc8a |
| SHA512 | d346eaf8a966720e47099293d91f2856c816acb7e5f952e6700e007ba176147218798648a4a3e1b928e7a46622ef3603aa4d909113fb02d5551c40ed0e243441 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-math-l1-1-0.dll
| MD5 | e07a207d5d3cc852aa6d60325b68ed03 |
| SHA1 | 64ba9a5c2ca4b6af03e369a7c2a2b3c79cac6c51 |
| SHA256 | b8fdf7893ff152a08fbc4d3f962905da3161b0b9fe71393ab68c56199277e322 |
| SHA512 | 0dbafab60618ec0c815ae91994490c55878c904af625ba6931fe0ea80eb229c98e367623e472e3b4c0e27e0af6feeb4d2cdacd4c426e1a99a1291b41cc52f666 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | c74e10b82c8e652efdec8e4d6ad6deaa |
| SHA1 | bad903bb9f9ecfda83f0db58d4b281ea458a06bd |
| SHA256 | d42b2d466a81e8e64d8132fad0f4df61d33875449ead8d4f76732b04f74bbce6 |
| SHA512 | 5cc4b0d7e862fd32e8374501d1b8798e369b19dc483cdb568915b48a956e4f0a79b1d2c59322394128a330fea7c939161a7af1787b4dc5f250e74f8df8805f6e |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 5d3da2f634470ab215345829c1518456 |
| SHA1 | fec712a88415e68925f63257d3a20ab496c2aac0 |
| SHA256 | d2ed53111a652fde26c08504803f76301fce2fba04f33a7f250b5b2569e4f240 |
| SHA512 | 16079ce0bcc9816297f23c95573bd52da08b29b90da4855b4315b3fa98947b1b35ffd30760064144f3f5647c27e0c1bd3aba623d17364fff45c9b2fa598a2ba8 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 10a42548fcf16732d354a6ed24f53ec5 |
| SHA1 | b6b28307c0cc79e0abef15ed25758947c1ccab85 |
| SHA256 | ca3e5b21f83d87a958ba7934c5e4d8e7939b2e9013fe2deaeba1f9088b4277bb |
| SHA512 | ecebb5973ecf8f34115985ae24061c29a9d943592389a4e8f215df7408c770a1f7c6c8927d30403d5c43814a4b64ac622ec018be02532f88dbbca6d6208266ab |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | e9d4a1374a200a6e195e3c5ab42e6bbd |
| SHA1 | c0c79309a6ab14592b91087bec0cc519979e5ebf |
| SHA256 | 612df2aaf3435c2be575581d1b2deddcef33f1b53179acff3e4ac24a0fcd3d50 |
| SHA512 | 1de9d70036eb5211184b3b40f671608cf75b539f6fd36b812facdd9722927eb8e5c4c579db6a360003d06cc139f2ddbda8d19de17cb3a36fcfb53e462a9d7b27 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 17680cd553168e9126ca9d7437caecc7 |
| SHA1 | 8acafcb5f01d3b01a7c48a3b91bdeeb8bf1cf841 |
| SHA256 | 6438c683e376583f6368c582ce3caab274cf3f7d7320e7f6cda427ba338847ca |
| SHA512 | 146ae3230c213ffab4b2c7805374ccb5f53155266ba9213d8f22e073deef0bd733b9488c2091c3db037c1d1dfaa4bbfb90e2afd041a447603c25690681239ae3 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | eeafb70f56cc0052435c2268021588e9 |
| SHA1 | 89c89278c2ac4846ac7b8bd4177965e6f8f3a750 |
| SHA256 | b529fed3875c6f4eecf2d9c012bc0e27cb2d124c2dd1da155f8337b4cb002030 |
| SHA512 | ce211b79f4d0dc942dbe1544d7e26e8e6f2c116dce6bc678aede9cb2104771758c0bd670e1eca2d5a9a6728346d093f44459e9791317b215c6ff73e47d1203f8 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-util-l1-1-0.dll
| MD5 | 0793ca01735f1d6a40dd6767e06dbb67 |
| SHA1 | 6abea799a4a6e94d5a68fab51e79734751e940c5 |
| SHA256 | cdf7915f619a728fb64c257bfaa8257ee2353bf3c0b88214d5624931a1ac247b |
| SHA512 | 33f703cea3b6cef3fcbd973812635129ef204c2b1590ffe027dbd55ba35cbd481cf769de16634bd02acbdbd59e6af52cad0964d4d36327606c1948f38048703f |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 566232dabd645dcd37961d7ec8fde687 |
| SHA1 | 88a7a8c777709ae4b6d47bed6678d0192eb3bc3f |
| SHA256 | 1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96 |
| SHA512 | e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | c1919eacf044d5c47cc2c83d3d9c9cd9 |
| SHA1 | 0a80158c5999ea9f1c4ca11988456634d7491fcc |
| SHA256 | 9b82643497092524e0aed6cfbaf7467849cde82292313bbd745c61ed2fd32ea8 |
| SHA512 | ad2ccabbdc769cbeb3c0b4d8d647647c8f43d3c3f3c85ab638ce00665379f9a0f5bfc24fe25184003d180143c29da0c36c6d2c7ffeae68a81c27b90f69336cbe |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 5da5938e0d3a9024f42d55e1fd4c0cd7 |
| SHA1 | 7e83fec64b4c4a96cfcae26ced9a48d4447f12b7 |
| SHA256 | 0ea1cf78c0be94554ff7cd17a9c863c951c1e1eaa54191d7f2b0e043697c8d00 |
| SHA512 | 9a302c664bfddf509c0489af24a238b15612802c7d6dccbbfb57b39691b80af79ed35cab31e84424a34e0de32179054277ca09a0457b90c72af195f8328c82dd |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 445571331c2fc8a153952a6980c1950a |
| SHA1 | bea310d6243f2b25f2de8d8d69abaeb117cf2b82 |
| SHA256 | 1dda55027f7d215442e11c88a82c95f312673b7e7454569e5c969c1c24047915 |
| SHA512 | 853797dd50d0ad6018e7e7d11aefbca61653baa8c60b22fdd34133fce6bf6f02ed0c747457c2783e699e8e7097f14429286904267c13521ee9cb255d3ea79806 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\_socket.pyd
| MD5 | dd8ff2a3946b8e77264e3f0011d27704 |
| SHA1 | a2d84cfc4d6410b80eea4b25e8efc08498f78990 |
| SHA256 | b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085 |
| SHA512 | 958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8 |
C:\Users\Admin\AppData\Local\Temp\_MEI59002\_hashlib.pyd
| MD5 | da02cefd8151ecb83f697e3bd5280775 |
| SHA1 | 1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7 |
| SHA256 | fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354 |
| SHA512 | a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283 |
C:\Windows\System32\drivers\etc\hosts
| MD5 | d62dbea82a3b61b280e9af18ff7a3e2b |
| SHA1 | fabea61665d61e9d099e463e5a5f9fcb069af2bf |
| SHA256 | dbaf01f64a24a2080a7ed8c37a50eb9b312c0c6410cfa636862da5d9c682c468 |
| SHA512 | fc162182e1e560906e011385a2dede3a043a4d80b3cc50bc149dd7dedbdfe08bf83e2c178e1a73dbc9263bcc76f6887716a27a4598d5577dfa24554b3a25f363 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
| MD5 | 2398b8f71464a773ff35c0b19b61a0ee |
| SHA1 | 947c869566b9c751083018e78b94bcc8878a0c65 |
| SHA256 | ed02db729d8439272c961eb05f56601c6f294d214e915f0396ad0aaa75c8a05d |
| SHA512 | 935839f4086758ca32a48d3acca996ffcecb9e4d37c43d205a061fbee105c8eea88a8799b552ed38a6b777a70fe8144b2aa9f677326c699a0d3e72b1f22c9f7b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | bc52a28f018dfe7328c68e5202bae308 |
| SHA1 | 69e4ecd5452d2e3580afd8ce1e99b02cfcf188f5 |
| SHA256 | a19634b3ddc6a0c921b811df691490fa74b41974a6671675250c0a505b4c4bdc |
| SHA512 | bb8612c7d29e8128e9d207acc9901b60954231101dea37e6b32ad4449a9631a8a20a7f3a1e577c9213808195161478fa398dfb4cf872cb57b0db3c1267330148 |
memory/5476-6010-0x0000000000400000-0x000000000048D000-memory.dmp
memory/1524-6009-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | 8c7e9168e2b6939f14ce88c95f2946c3 |
| SHA1 | 8ca4dd016f9f499a5003bfe928f3f1e53d86f839 |
| SHA256 | ce8cfc1b0c5fde3ea130fd3bc7fed921cf599d21e2fd77dea6b63068c443c877 |
| SHA512 | 93635bcb642137d68dc71eac8dd6b3c7bc202c399c0bd85b45e408d02af2dd2c3c4676bb87ea9de06d49024c0175d1ef23d8563fc0ab281e5aafdef7629d4927 |
memory/5412-6263-0x0000000000400000-0x000000000048D000-memory.dmp
memory/840-6262-0x0000000000400000-0x000000000048D000-memory.dmp
memory/1752-6346-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6068-6344-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\Desktop\certcli.dll
| MD5 | 0e7e1990fa62caabd6633d119559cc8b |
| SHA1 | f96c44da21772c2f4c5331ce33e0a5aad6193a60 |
| SHA256 | 34996caf7b7ae47d4e4cf32d1c82c9859073f0fd33fd78870605744c6750e577 |
| SHA512 | 32d24d055dddda4e70e583b308f6578bf9b6c5139a16900369625ebac48825250a6c3790605b83950c221bb879816dfaa93d303b7fe3e1e4b494abb075681786 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
| MD5 | 2860a6add925f6ead1ec2e55da7f2205 |
| SHA1 | 9804ceb5153e6fb2fa33f8561d8d237e1613382e |
| SHA256 | 643190d5f50e4d25436d1049e22fc457c41144b3812756cf0ba39e9563815633 |
| SHA512 | a745d11542d10f4a48acbfb020e30b083b91ea134e9fd3ff4e46429161fdfdfc2f3839e9258dab70831f05bb55b0d99c15ddfe158258203e0b6a5e39f0720c89 |
memory/6292-6531-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6728-6533-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6224-6598-0x0000000000400000-0x000000000048D000-memory.dmp
memory/7092-6600-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6640-6716-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6592-6714-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI53882\BSOD\bsodgif\frame_05_delay-0.05s.png
| MD5 | 599ea2cf88c9bdc512bf69b16442f883 |
| SHA1 | 9f5f5060275653b3e037f9960ecaaecaf37fde88 |
| SHA256 | 3253bfefda6605db8f7fdb1cdf1044eac1202c92c33bba983160d0be498db049 |
| SHA512 | 9f9fe7522489ab9961ffd2600646dbcf99b844053656e453d5af8ea30d77a7edd40d8e2e3049fa319c818d8de78cf820464df5f65dc942c91b98cff0e5e630b7 |
C:\Users\Admin\AppData\Local\Temp\_MEI53882\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\DefaultMod\bin\Release\DefaultMod.pdb
| MD5 | ea84a9650bc71ee622841e827e4b39e2 |
| SHA1 | 7298af7d1a0742349b68f78d7a5b4dcd41d1b647 |
| SHA256 | 4c97839956c209c0f2a734e26a7a2d23235befeb938384545fd85f691084de7f |
| SHA512 | 532ed6194c95fb36de8e385289464e11c034d0c41e0354629563ad69a41ee034c27e54f4de96985189e8e65b0dda6cd6f8a8cbc8374bc55f895cd7693207491b |
C:\Users\Admin\AppData\Local\Temp\_MEI53882\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\DefaultMod\bin\Release\DefaultMod.dll
| MD5 | d9d3634150a96a3d15961599979db1a8 |
| SHA1 | ba4773062cac856ab60e35c29fb655dc82af9144 |
| SHA256 | feb32e09081e223ddaf453321abaebc12c3f18d533a393326142deec7c31394e |
| SHA512 | a086f46c1c2743cd13b59c492c23b8b15972070c3555f50fbbfbf5eb40d187cbc179f473939b615cd32672fb6c6d952d5b11400e7172770f2d968347df39b29a |
C:\Users\Admin\AppData\Local\Temp\_MEI53882\tcl\encoding\euc-cn.enc
| MD5 | c5aa0d11439e0f7682dae39445f5dab4 |
| SHA1 | 73a6d55b894e89a7d4cb1cd3ccff82665c303d5c |
| SHA256 | 1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00 |
| SHA512 | eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5 |
memory/8064-8013-0x0000000000400000-0x000000000048D000-memory.dmp
memory/6196-8011-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5852-8121-0x0000000000400000-0x000000000048D000-memory.dmp
memory/7300-8191-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5744-8204-0x0000000000400000-0x000000000048D000-memory.dmp
memory/7296-8334-0x0000000000400000-0x000000000048D000-memory.dmp
memory/5968-8331-0x0000000000400000-0x000000000048D000-memory.dmp
memory/8264-8518-0x0000000000400000-0x000000000048D000-memory.dmp
memory/3952-8517-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | cf29f00f538cd6e89543b075dbc630e1 |
| SHA1 | 3215ebf4d0d73e1e29d4f1ccd3e0f986e214f201 |
| SHA256 | fd3a2d1bc760e571707a7fa2dd48130c3fce647f188c1ccd8cd69b802759d02f |
| SHA512 | 5d142501ed6afb0334d4f3b1355cf0423266120c1fd41813fdab8a49269a4b12a335c55550242d037cbcb1ab13092cb3e11c9ae173040f0424caf0477698c7a3 |
memory/8260-8767-0x0000000000400000-0x000000000048D000-memory.dmp
memory/4344-8765-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
| MD5 | e789877a444636429d71797a4a4ee052 |
| SHA1 | 06771feb56ee499dd1221a2e3a45dd28b445aa4a |
| SHA256 | ce4bf0cfd7ccc649c09daae02db389302681df9ef9f8079df952da90d6bc33db |
| SHA512 | 2cbde44875111f1ba6fc871b711164522d8071ee98aeb4e7c45254bcda106290c27b3f33763eaa44677cb99888ee5a40d30a39b8a68d5b013d404f8aad4be14b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | 539781a2271acc76b0a5274a8b6cdccf |
| SHA1 | 07a966ed5096a4c71709c63a30efb2a2d1107834 |
| SHA256 | 380757455a47058f982714e78cfe52583c1afd161d371d514b5b36fbfe844c99 |
| SHA512 | 995f770a8add0016d41f99844f6802aa92429cddc86aaeec1c5349965581d81a3d4c0da019fd3a8aea22290c979bb20ba294961e3a154bc95142a1520bbd7a66 |
memory/164-8925-0x0000000000400000-0x000000000048D000-memory.dmp
memory/8972-8927-0x0000000000400000-0x000000000048D000-memory.dmp
memory/2768-9061-0x0000000000400000-0x000000000048D000-memory.dmp
memory/2420-9148-0x0000000000400000-0x000000000048D000-memory.dmp
memory/8500-9150-0x0000000000400000-0x000000000048D000-memory.dmp
memory/2236-9302-0x0000000000400000-0x000000000048D000-memory.dmp
memory/8512-9304-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\Desktop\wimgapi.dll
| MD5 | 78b1247cffa609afba2f7bc22c0ac8e1 |
| SHA1 | 58152a0a6602b1aac8950145997d45ffa397b804 |
| SHA256 | c0af808954ce4c93ea47d6dd567f34daf63d6571ebd7273beeb28d2ef9d86988 |
| SHA512 | 502fbf0e1dbafa0598929b4ecb4513f7711f7281bb6f5ac72b9ff3bbdcbd4c695f7a6d9fc4717a6e1b5d53261c7819dff378e2c5d55b75b10b2bfd15cab631f9 |
C:\Users\Admin\Desktop\icu.dll
| MD5 | 947d07fa32abb13db520016769eb901b |
| SHA1 | 0dd11fe5389efc3c098e3ac8d2a8261b9aa2d377 |
| SHA256 | 097b810f0f8b4121907dafafb36e834a080d411fce25d78c0159303f07fb4012 |
| SHA512 | 4772c26f693b1c62775eb759caba28ca3c1233c7143efd540641015ad5a3ee498726bea037c3b213936f3d9c52e33267c6ff6f96d2c40bfd2c86940f7bd889e7 |
memory/6688-9411-0x0000000000400000-0x000000000048D000-memory.dmp
memory/10072-9406-0x0000000000400000-0x000000000048D000-memory.dmp
memory/9680-9497-0x0000000000400000-0x000000000048D000-memory.dmp
memory/3288-9580-0x0000000000400000-0x000000000048D000-memory.dmp
memory/2420-9703-0x0000000000400000-0x000000000048D000-memory.dmp
memory/4316-9701-0x0000000000400000-0x000000000048D000-memory.dmp
C:\Users\Admin\Desktop\D3D12Core.dll
| MD5 | c0f92951f7fc055bd9da42cc10984342 |
| SHA1 | f30cbec52c69e064940d7cf9aa492573567c03b8 |
| SHA256 | c2e38fb88651c32fd3804ba59fafef6c49a4de7e2628a6089be2cc460b8ceafd |
| SHA512 | 261ff2fb63ea730f79a66c3c6acc6c7c2621cf751960a8f60fead394f026ca6a9995a8ec0979782801e649e07fdbdea71d6dd131ef960aa07e7599790848527c |
memory/10496-9851-0x0000000000400000-0x000000000048D000-memory.dmp
memory/9420-9850-0x0000000000400000-0x000000000048D000-memory.dmp
memory/10600-9919-0x0000000000400000-0x000000000048D000-memory.dmp
memory/9112-10043-0x0000000000400000-0x000000000048D000-memory.dmp
memory/7372-10041-0x0000000000400000-0x000000000048D000-memory.dmp
memory/9812-10120-0x0000000000400000-0x000000000048D000-memory.dmp
memory/11196-10128-0x0000000000400000-0x000000000048D000-memory.dmp