Malware Analysis Report

2024-11-16 12:51

Sample ID 240811-yd1teayeqg
Target https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html
Tags
credential_access discovery exploit persistence pyinstaller stealer upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery exploit persistence pyinstaller stealer upx

Credentials from Password Stores: Credentials from Web Browsers

Possible privilege escalation attempt

Boot or Logon Autostart Execution: Active Setup

Credentials from Password Stores: Windows Credential Manager

Checks computer location settings

UPX packed file

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Checks installed software on the system

Checks for any installed AV software in registry

Program crash

Detects Pyinstaller

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Runs .reg file with regedit

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Checks processor information in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-11 19:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-11 19:40

Reported

2024-08-11 19:59

Platform

win10v2004-20240802-en

Max time kernel

315s

Max time network

604s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html

Signatures

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Tlauncher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.spl C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell\open\command C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.gif\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.log\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.pdf C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.bat\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xlsx C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.csv\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xml\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tar C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cmd\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI43682\\flashplayer.exe\" %1" C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xml C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.wav\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.txt C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.gif C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.avi C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.bmp C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.doc\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ppt C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ppt\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.7z C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.wav C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.dll C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.swf\ = "ShockwaveFlash.ShockwaveFlash" C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI43682\\flashplayer.exe,-204" C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\ = "Executable File" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.jpeg C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.json\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.iso C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.pdf\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.doc C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI43682\\flashplayer.exe\" %1" C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\_MEI43682\\flashplayer.exe\" %1" C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.mp4\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.bat C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.mp3 C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.mp3\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ps1\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exe_override\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\error.exe\" \"%1\"" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xlsx\ = "exe_override" C:\Users\Admin\Downloads\Tlauncher.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3388 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 3916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dosya.co/5sae6l9tvemh/Tlauncher.zip.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ebfd46f8,0x7ff8ebfd4708,0x7ff8ebfd4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,9192565118359862914,3609883504536339487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 /prefetch:8

C:\Windows\regedit.exe

"regedit.exe" "C:\Users\Admin\Downloads\ReadRename.reg"

C:\Users\Admin\Downloads\Tlauncher.exe

"C:\Users\Admin\Downloads\Tlauncher.exe"

C:\Users\Admin\Downloads\Tlauncher.exe

"C:\Users\Admin\Downloads\Tlauncher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\taskmgr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\taskmgr.exe /grant administrators:F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-945322488-2060912225-3527527000-1000"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\3c193ce4b0604d6aa8cc43edfdd02f1d /t 3656 /p 3452

C:\Users\Admin\Downloads\Tlauncher.exe

"C:\Users\Admin\Downloads\Tlauncher.exe"

C:\Users\Admin\Downloads\Tlauncher.exe

"C:\Users\Admin\Downloads\Tlauncher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\taskmgr.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\taskmgr.exe /grant administrators:F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI7682\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-945322488-2060912225-3527527000-1000"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_MEI43682\tlauncher.exe" "__IRCT:3" "__IRTSS:25232289" "__IRSID:S-1-5-21-945322488-2060912225-3527527000-1000"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4a4 0x2f8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.udacity.com

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.washingtonpost.com

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.independent.co.uk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.independent.co.uk

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.hackernews.com

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.behance.net

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\Downloads\Tlauncher.exe

C:\Users\Admin\Downloads\Tlauncher.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.livescience.com

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\Downloads\Tlauncher.exe

C:\Users\Admin\Downloads\Tlauncher.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.cnet.com

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "takeown /f C:\Windows\System32\taskmgr.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "icacls C:\Windows\System32\taskmgr.exe /grant administrators:F"

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\taskmgr.exe /grant administrators:F

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "del C:\Windows\System32\taskmgr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI53882\tlauncher.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI53882\tlauncher.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI53882\tlauncher.exe"

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\014d27620a6244c4a5f003e2433e6aba /t 4296 /p 4836

C:\Users\Admin\AppData\Roaming\error.exe

"C:\Users\Admin\AppData\Roaming\error.exe" "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.reddit.com

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.reddit.com

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.example.com

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.example.com

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.wired.com

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.freecodecamp.org

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.bloomberg.com

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.ign.com

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf""

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.udacity.com

C:\Windows\system32\taskkill.exe

taskkill /f /im explorer.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "start explorer.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.udemy.com

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\desktopgoose\goose.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf""

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6100 -ip 6100

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 1256

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Windows\system32\SystemUWPLauncher.exe

Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge MicrosoftEdge.exe https://www.ft.com

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /f /im explorer.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf""

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\flashplayer.exe" "C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\musallat.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43682\error.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dosya.co udp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 49.111.201.195.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 apis.google.com udp
IT 157.240.203.2:443 connect.facebook.net tcp
NL 142.251.36.14:443 apis.google.com tcp
US 8.8.8.8:53 qjmlmaffrqj.com udp
US 8.8.8.8:53 youradexchange.com udp
US 8.8.8.8:53 qvjqbtbt.com udp
US 172.67.160.24:443 qjmlmaffrqj.com tcp
US 104.21.91.188:443 youradexchange.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 pubtrky.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
US 104.21.8.108:443 pubtrky.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 2.203.240.157.in-addr.arpa udp
US 8.8.8.8:53 24.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 188.91.21.104.in-addr.arpa udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 108.8.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 tracking.pretrackings.com udp
NL 34.147.21.42:443 tracking.pretrackings.com tcp
NL 34.147.21.42:443 tracking.pretrackings.com tcp
US 8.8.8.8:53 crt.sectigo.com udp
US 104.18.38.233:80 crt.sectigo.com tcp
US 8.8.8.8:53 toptfeds.azurewebsites.net udp
US 8.8.8.8:53 42.21.147.34.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 20.119.8.44:80 toptfeds.azurewebsites.net tcp
US 20.119.8.44:443 toptfeds.azurewebsites.net tcp
US 8.8.8.8:53 feed.rtbadshubmy.com udp
US 104.21.76.3:443 feed.rtbadshubmy.com tcp
US 8.8.8.8:53 sdk.ocmhood.com udp
US 172.67.72.9:443 sdk.ocmhood.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 44.8.119.20.in-addr.arpa udp
US 8.8.8.8:53 3.76.21.104.in-addr.arpa udp
GB 2.18.190.80:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.ocmtag.com udp
US 104.21.5.19:443 cdn.ocmtag.com tcp
US 8.8.8.8:53 t.ocmhood.com udp
US 172.67.72.9:443 t.ocmhood.com tcp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 9.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 19.5.21.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.ocmhood.com udp
US 8.8.8.8:53 client.wns.windows.com udp
GB 20.90.156.32:443 client.wns.windows.com tcp
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.11:443 www.yahoo.com tcp
GB 87.248.114.11:443 www.yahoo.com tcp
US 8.8.8.8:53 guce.yahoo.com udp
IE 54.246.139.239:443 guce.yahoo.com tcp
US 8.8.8.8:53 consent.yahoo.com udp
IE 52.215.244.169:443 consent.yahoo.com tcp
US 8.8.8.8:53 s.yimg.com udp
IE 52.215.244.169:443 consent.yahoo.com tcp
US 8.8.8.8:53 32.156.90.20.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 239.139.246.54.in-addr.arpa udp
US 8.8.8.8:53 169.244.215.52.in-addr.arpa udp
US 8.8.8.8:53 ver.tubroaffs.net udp
US 104.21.62.26:443 ver.tubroaffs.net tcp
US 8.8.8.8:53 allgarrad.azurewebsites.net udp
US 20.119.0.46:443 allgarrad.azurewebsites.net tcp
US 8.8.8.8:53 26.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 46.0.119.20.in-addr.arpa udp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 server1.dosya.co udp
DE 195.201.85.233:443 server1.dosya.co tcp
US 8.8.8.8:53 233.85.201.195.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 am-feed.rtblmnhome.com udp
US 104.21.34.147:443 am-feed.rtblmnhome.com tcp
US 8.8.8.8:53 am-t.rtblmnhome.com udp
US 8.8.8.8:53 cdn4image.com udp
US 8.8.8.8:53 so-gr3ate.com udp
DE 178.63.248.53:443 so-gr3ate.com tcp
DE 116.202.235.239:443 cdn4image.com tcp
US 8.8.8.8:53 147.34.21.104.in-addr.arpa udp
US 8.8.8.8:53 53.248.63.178.in-addr.arpa udp
US 8.8.8.8:53 239.235.202.116.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
NL 172.217.168.195:443 www.google.co.uk udp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 13.36.20.104.in-addr.arpa udp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 104.20.36.13:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.193.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.194.208:443 images.unsplash.com tcp
US 8.8.8.8:53 181.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 208.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.65.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.130.208:443 images.unsplash.com tcp
US 8.8.8.8:53 181.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 208.130.101.151.in-addr.arpa udp
US 151.101.65.181:443 api.unsplash.com tcp
US 151.101.130.208:443 images.unsplash.com tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.65.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.66.208:443 images.unsplash.com tcp
US 8.8.8.8:53 208.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.1.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.194.208:443 images.unsplash.com tcp
US 8.8.8.8:53 181.1.101.151.in-addr.arpa udp
US 151.101.1.181:443 api.unsplash.com tcp
US 151.101.194.208:443 images.unsplash.com tcp
US 151.101.1.181:443 api.unsplash.com tcp
US 151.101.194.208:443 images.unsplash.com tcp
US 151.101.1.181:443 api.unsplash.com tcp
US 151.101.194.208:443 images.unsplash.com tcp
US 151.101.1.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.130.208:443 images.unsplash.com tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.129.181:443 api.unsplash.com tcp
US 151.101.130.208:443 images.unsplash.com tcp
US 8.8.8.8:53 181.129.101.151.in-addr.arpa udp
US 151.101.129.181:443 api.unsplash.com tcp
US 151.101.130.208:443 images.unsplash.com tcp
US 151.101.129.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.130.208:443 images.unsplash.com tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.1.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.2.208:443 images.unsplash.com tcp
US 8.8.8.8:53 208.2.101.151.in-addr.arpa udp
US 151.101.1.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.130.208:443 images.unsplash.com tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.65.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.130.208:443 images.unsplash.com tcp
US 8.8.8.8:53 api.unsplash.com udp
US 151.101.193.181:443 api.unsplash.com tcp
US 8.8.8.8:53 images.unsplash.com udp
US 151.101.130.208:443 images.unsplash.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_3388_DCATKVAUBJNSWMMF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 685e02d015c76b74b6a7c7137421986d
SHA1 7f79cc65beb378e99f8e70d7ef9883db3eac50e7
SHA256 05d780a14746a06bb4093ce653fb527b85a6d6cf849662664e86d2b073b68603
SHA512 cb03e7df043257719ae26c17d013525539abc2cf48d0ed3d8e0dba87589a2ef65e551c2f675ddf6fe2c51511b095391433c37b8a595591e1fa4928cabcfa04e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 379d7e644f362956ffe7c1560089af6b
SHA1 9029ce00dd184668b0f05f7e2ab59d7de0f08d44
SHA256 d7126bfe7628d34b9b24f7c0317f3d7ecec9a55ce782e65f1cd088892979a2ad
SHA512 846a132eede969f6faeb7b6632708633dd7bd34e7e47c0c6b486bafdadef079b7f5f6693fdddd55863d9d1cc372c407547ce8109878b0cec9090fbcd93371a48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef8c3e6c5a8ad5e781235e6efc689f35
SHA1 868f1c65f8c9bc2bf63b1d041369f609c487c7b6
SHA256 3a4173f430749ac56f59ef5917c2693525ebfd9a825fe2b3d1d4eedd7eb6874c
SHA512 934803d0b4f4905e5d0491ec26c88677188000d9945297ffc17df7e3e6b6645140eb6bd504431e69214e3752edfd8a6c5a04f68cb73d3d0e8c2dab59aadedb7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 953de3c099cc1daba7e3a123c45fab63
SHA1 d4b87b01e8c3806f27895b48f2fa89216b97e90f
SHA256 be562c0550741d358195f15db0082f2d15c13b188746e4d9b9ed5c14872061d0
SHA512 8454695d24a3d145b8e91d1c0a9bdb09f30b815307b681d590a0e5c769bf5c8f5b08868ee8d30bc8731b0b089affddac9a293f2996b50497c2239eacabc622d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9d6437f9f2fa23edd1e0acf5ad2f8f5
SHA1 7410597b0349ac8b7b4a982692813e1137e4b5a8
SHA256 009b4e6379ac8af5d72e9d8b1e5f5fccb60c30d0425b74f73e6bb0c38a3ce914
SHA512 f893c04e1be651dc3891ac8617d7ad63ef64035347ad77c152db9c702c8cf55399bbbf587b95fccbfc67ae8349df8ec9acece2ee9476306d5564bfdf0af5dc4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7585b6732d678ecf16957341b4f92b86
SHA1 bd1d48529d6acc0b90c1ea80718d11e84a8cb899
SHA256 1dcf1d5c850cff803120da633040fee04570a3ab822a56583a413b2936f7fdcf
SHA512 9f05804fb44ca5fb7d5a1d5c48e7af9c7255be230c71cee622fa144011e71a0789f4a7566c4799c78941e4753c20b1cea69b8fd5fb01cb84b1c851cf3e26b287

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 98824201fb757cf498bc8cc925511871
SHA1 a6db8d10a2197ee13b12e3a3ff77115ece71664f
SHA256 657fc7e433d77f1cd806365413f2e792752dff4fc3dbd3eee414a7414d061a1c
SHA512 6c891caf4ecaa55beb07a08fa4ee84441ddfd5f44e1ee128af5509d27dc2f4822ace6b57cf6715c20b16d19e192096749696050efd8680edd1dea43765819edf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1a58451906f60a441a2741bc16cb8b4b
SHA1 d98f5d783a4e27fe14bef9f39cc1a0df7da87444
SHA256 0834915efff1dce5fc7bf46db87ca3377fd4cacc300e9959316634534bc9b317
SHA512 ff1b4855f870de0d86257a877f90fea278b996a15da31bef98e23db626f69e5134f228ba20eaf7cafc62a532d45ea595da9fa5b1ff1ecfc6063ee1918256daaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fdd3.TMP

MD5 339385adeb43f6bb88db348ae60a2192
SHA1 421f3b45f5374521295871e6dea17b61ec067066
SHA256 525a003848f1cad030a49d596618d8cd558d3a935ebca6598235b9d1dd9db2b9
SHA512 b9dac8181d8e19a2fe48c962392faa1f7bd28d62196b9fd976a36cd892d6882b650d6bd524b31002b4ff6dbb86e515d8ba325ef8f49bf4ffaae9ae4851817d1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59162e.TMP

MD5 1614919c4b4484bd4a32244510951420
SHA1 c9934f14ed3b98b28a146a52b650b3523a8edcf0
SHA256 3151346aa2ade4b101ed5818e6edc6568b41ecc79246c18d449a7ef51f6ce372
SHA512 b0c7b3c5e0a06c87ff6c2b9ec7ad7b443313c34d293f235dff8fcce3664bb0d8398137ffcecb2537658c52c7d6ed76268aa3500e20e8a958f007823b49298705

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 09ad49ea0a2c6628f33177fed2c742af
SHA1 c3dcf8edfec9d563b59e8af76a9abd5718d25576
SHA256 342ab3d2200944941d4044d77a23b01d4c468efea13d0682bfd927b16c771499
SHA512 fb490bfec52a56a5d1164118c40ceca970ffd85b45e4e33607d4b762e2f53b3fb97f26c44a695e6bbe9f5da2f9d53b699f9ec1d407b2439d69ad57ba6de8de06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6bec61df4762facb55908b36a243984d
SHA1 c31c761b6349950e1768a89267a0420ce34aef4a
SHA256 9d47d64437d7fc00f6b5bb0b2bfe19836d6095a1c3ff5ab9c38734efc0bf03f4
SHA512 14aef31b10664221adfb7cc0fd02c1310877b24fdcc66df15963b4f52a60493cbfa36f84de17126a322fdc0cdacb64388218cd496b4980970b40d42196fc4e3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6667d0056813ee7bcac6f027ec9ad497
SHA1 e1b180ac07fe78346caaba0e3b219b6ceb4306da
SHA256 fde7bce18f99ff6f864cfa963a8169eb554b5ea33065f2ecab64343fa1aff56b
SHA512 c28f692eee73a5ae8943e42202af6b1abdcb267b40fe851e7bde167190512e4b4bdc440d727dee3142334f07f1a4fa4e8fa967b90ded82f0f140baa360995411

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b03cc3cde8285ee7a1b996f51b784c8a
SHA1 9a599b9764147c68899df1d2ed209a91ef887275
SHA256 244adfb9d4288c1d4eb5609f8b0caa031eaca9a236983a464d37a30f520f8d22
SHA512 c819103301a957888c35afcde5f76a69921b90a2caf9d959ee1287610d309ebe6efa94122c6910cee6381e9ecb44e1ef4ee34d4d03be17d29dfb5d4a4e117855

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 64f70731ba240f09eeb50912cb4d9769
SHA1 c493d11e59d023dab2327e85f7dadf0e0045fec7
SHA256 39af90bcb5875033ec7d052574ef7c99cd91c586d98c535fc12697c046712f5e
SHA512 bd1c6376a4f3cfa27770367cb08830e91ba70522595df3e277b4a8fa05efe88f31916a1e23c536701fb41764c58c4d13a90eb90e07bed1fdb735c9b79046bce3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 036c55b814763fb8e55b01f800178f8a
SHA1 0fe83bbbb74b7f9d9b14170619d0f57f396fa97a
SHA256 11fb551a5fe51e8fee062010e666bc57dbf5a6ceea035e274285e8f7196adb7a
SHA512 d114b5332b1e4eb1fb4045c23892328ec19853b8313be82271dad94d387f2d54b3ec7d7bddb6a4d9a6062994b93b0433a083faf9a9d908870eb7bd2ff493a817

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 06ba8c5c59700dabc6ab7829a66dd0f7
SHA1 1a98f18e7e22b0f79186aa008d6c07ce601c4b40
SHA256 797cebcca60c1d8ca41ff960d9feec3320497c9ce7a68c72f97118ee84e39b69
SHA512 e751b6cf377e6db1d468d2e901f0eba00cc9c719e1ae9e56d1fe2807ed4e8ef2401cb3165ef0763843ddaac64ee094f526c17ac145e790682518c17c693b7eb5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9bd2c35d1d56cd2c8196125d52f2cbe9
SHA1 dc918e23cfb97678e3dbe663886586ad89077d68
SHA256 afd12fa81edcca20965b40d26a1d3d343c721a372162037fbe85fec2494d2859
SHA512 015fef3489ec783bd15ab8243c3d669c2d4104a44a869b00584f1ede487c9c5d2891f019dbb75640ee81b324a32a2ef28069a5e90f6bacfdee0615152f0950c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7c08a3d98499d326288a45aada5f0e89
SHA1 4b2e8a9501ab50ad0d7088343a546327380a7236
SHA256 103eae9467ac7cc9fd189bdc277223c9f2e46437485b814126cfd9ca71bba6df
SHA512 9d0e0413215aac249e82fb2907099167195e9b4bfce8fd61e6f4936a413cb7ef6f747aed45f88053fea3c2fd1912ad7f8a4d2743c9469b24933eb4f590fea89f

C:\Users\Admin\AppData\Local\Temp\_MEI43682\BSOD\bsodgif\frame_39_delay-0.05s.png

MD5 a92ceeda62a4e0e47b8040939fc916d5
SHA1 5b25096d67a8a9100e5f81e3554001cdc34102bd
SHA256 646ab22ba269e0ff5491f9b1482ea1aae961be00a18f7cf5337ea58b53572b50
SHA512 7403833a3422f8e672086a9c877cac2827933e3524f1f906a10e3d59bb71b3773246008d3fa2af9ccaa71e30ee2997981197350deaf4a3bf5bad5b9c78978514

C:\Users\Admin\AppData\Local\Temp\_MEI43682\ucrtbase.dll

MD5 a9f5b06fae677c9eb5be8b37d5fb1cb9
SHA1 5c37b880a1479445dd583f85c58a8790584f595d
SHA256 4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52
SHA512 5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

C:\Users\Admin\AppData\Local\Temp\_MEI43682\python312.dll

MD5 d521654d889666a0bc753320f071ef60
SHA1 5fd9b90c5d0527e53c199f94bad540c1e0985db6
SHA256 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2
SHA512 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

C:\Users\Admin\AppData\Local\Temp\_MEI43682\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI43682\python3.DLL

MD5 a07661c5fad97379cf6d00332999d22c
SHA1 dca65816a049b3cce5c4354c3819fef54c6299b0
SHA256 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b
SHA512 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

C:\Users\Admin\AppData\Local\Temp\_MEI43682\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI43682\_lzma.pyd

MD5 195defe58a7549117e06a57029079702
SHA1 3795b02803ca37f399d8883d30c0aa38ad77b5f2
SHA256 7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a
SHA512 c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-string-l1-1-0.dll

MD5 f6afbc523b86f27b93074bc04668d3f2
SHA1 6311708ab0f04cb82accc6c06ae6735a2c691c1d
SHA256 71c0c7c163d1a3d35e74f8d7299eb38ef7268af1fa276e9a3966761212c570f0
SHA512 9ab0c2d025525fe047e27769c3b2be7526ad0d0cbe76eb1e3a84dc2cff60ab3c4a218388892f600f7b3b003909ae133b0e7da19c9ba96b624fa8f5123c3a97cf

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 650c005113599fb8b0b2e0d357756ac7
SHA1 56791db00766dc400df477dcb4bd59c6fa509de6
SHA256 5f16a1131c8f00ebbe3c4b108bd772071a2d9b4ca01b669b8aeb3ffb43dabcda
SHA512 4bc54ad70b75f550e623311dc48ea0fd8ff71207f64127379fcd48027ee2458d27a2aaa454637b4f09d713cc9e1f2cc09bb6cd55b0c6b7ed25e52cb46827fff2

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-profile-l1-1-0.dll

MD5 82e58246846b6daf6ad4e4b208d322d4
SHA1 80f3b8460ab80d9abe54886417a6bc53fd9289fa
SHA256 f6eb755c146d0a0ebf59d24fb9e1e87dc0220b31b33c6acbc8bebaf31493c785
SHA512 e1a032846c6110758fbc8eb84dbd3d228e83b3200bf5820c67d9740f6f8c7e926e4c89b92e8d34721d84fd597ab64455fd3029138e35f22329af23f599afdadf

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-processthreads-l1-1-1.dll

MD5 e26a5e364a76bf00feaab920c535adbb
SHA1 411eaf1ca1d8f1aebcd816d93933561c927f2754
SHA256 b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15
SHA512 333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-processthreads-l1-1-0.dll

MD5 eaa2228507c1fbde1698256c01cd97b7
SHA1 c98936c79b769cf03e2163624b195c152324c88a
SHA256 4297033ef8061c797127f0382df24f69264dca5c14d4f5b6cd2bcca33e26c1f5
SHA512 8319949a1e1acca312dbe99dfd9eedd1b5e4a13946a6ff829d6792d72f0a3a618ce10140954c035a5390a5a6e3b8ae2f23513629007cd3b7a88d5fb6fd81d763

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 8b0fe1a0ea86820020d2662873425bc4
SHA1 3c2292c34a2b53b29f62cc57838e087e98498012
SHA256 070d8827798ee2aa4c2dc70d7faef8ef680eca4c46ecc2dad3ce16380cab1f82
SHA512 0c29c8fae6c5a8de2f0047cbe66e0b2ae7c30cbeced6df1ea2e472ba123bf9e542d9e6cd8eb06b4f0cbe2e343b7929cf25bce1e79937076bf1d0480d91d2c9b4

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 83a0b483d37ed23c6e67896d91cea3f0
SHA1 6b5045ed8717c5b9f50e6a23643357c8c024abdb
SHA256 d7511eb9191a63eb293af941667aa2318fa6da79f06119b280e0b11e6b6b1d25
SHA512 dab0203fc26c0249b7a8882d41365d82690d908db359c3a6880f41a1c4eebde51ae084bd123864c32d8574cb0a22cfbc94bcd8e33b51f37f49575e2b9de93807

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-memory-l1-1-0.dll

MD5 3abf2eb0c597131b05ee5b8550a13079
SHA1 5197da49b5e975675d1b954febb3738d6141f0c8
SHA256 ff611cc2cb492c84748fa148eda80dec0cb23fc3b71828475ecea29597c26cd8
SHA512 656213a8785fe937c38c58f0f01f693dc10dff1192b232f00fb18aa32c05c76a95566a9148462ea39b39f1740a7fee1c9ac9a90c6810f38512b3103d18c89b72

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-localization-l1-2-0.dll

MD5 f1d0595773886d101e684e772118d1ef
SHA1 290276053a75cbeb794441965284b18311ab355d
SHA256 040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a
SHA512 db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 0ccdef1404dbe551cd48604ff4252055
SHA1 38a8d492356dc2b1f1376bdeacab82d266a9d658
SHA256 4863006b0c2aa2a39dff2050b64fbbe448b3e28a239e9e58a9a6d32f5f5a3549
SHA512 0846489a418d2480e65f7bef4a564fe68fe554f4a603a6f372ddd03eed7ee6299649b61172a7a9ca9a9500a924c2642493cce1040fcd6601d5862c248c902e9e

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-interlocked-l1-1-0.dll

MD5 f8203547595aa86bfe2cf85e579de087
SHA1 ca31fc30201196931595ac90f87c53e736f64acf
SHA256 e2d698823ba78b85d221744f38d3f9e8acccd0eedbb62c13e7d0dff4a04bd2b1
SHA512 d0818ee6b1a775793305828ba59c6c0f721d3fe2fcaca5bbfe047f25a500243ab4486c368302636e1c3934becc88c8178606a29871fe019d68b932ad1be3ee1b

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-heap-l1-1-0.dll

MD5 aa20afdb5cbf1041d355a4234c2c1d45
SHA1 811f508bd33e89bbd13e37623b6e2e9e88fdcd7c
SHA256 ef6657aac4aa97a57e034fd5baf4490706128ffafce7c285dc8736b1f7ee4d09
SHA512 06740552875ff2df234ec76f45cce3c66b7d5280a3d1b90874799780ff534437e5dffacf9e40bfddc301507d833235e25eab8119ac80d2587a43a80d4f0068b8

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-handle-l1-1-0.dll

MD5 c79ccd7c5b752b1289980b0be29804c4
SHA1 2054a8f9ebf739adfcfc23534759ae52901c189f
SHA256 8e910589f3f9a27ed6ce1d4f2d579b4ef99cfa80c0bf6f59b48ba6556e1578a0
SHA512 92de7aec7f91f6f4f7cc3dd575b11ea0f4fe516682ba2d05d605380a785597bc953b575cf0ff722980f0849a65d8c4a14c7717eeed8631a7aac0cb626d050e75

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-file-l2-1-0.dll

MD5 cdfc83e189bda0ac9eab447671754e87
SHA1 cf597ee626366738d0ea1a1d8be245f26abbea72
SHA256 f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007
SHA512 659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-file-l1-2-0.dll

MD5 852904535068e569e2b157f3bca0c08f
SHA1 c79b4d109178f4ab8c19ab549286eee4edf6eddb
SHA256 202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225
SHA512 3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-file-l1-1-0.dll

MD5 6ee268f365dc48d407c337d1c7924b0c
SHA1 3eb808e972ae127c5cfcd787c473526a0caee699
SHA256 eb50cc53863c5a1c0b2fe805d9ecefef3f2dbd0e749a6cc142f89406f4ffdb10
SHA512 914da19994d7c9b1b02adb118d0b9cb2fdd5433ee448b15e21445ecfc30941045246b7c389a2d9c59fb6487bb00426579b054c946e52982516d09b095279c4d9

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-fibers-l1-1-0.dll

MD5 221f63ee94e3ffb567d2342df588bebc
SHA1 4831d769ebe1f44bf4c1245ee319f1452d45f3cd
SHA256 fd7c5503aa81dea1de9baee318e6a53663f7a4634f42e116e83c6a0f36d11143
SHA512 3d36175eaa6dc035f2b26b5638e332408579aa461d663f1cf5a3e9df20e11a7cca982b80c9dcf35ba9a8bc4203ac2f64f5dc043b60a6f16720f4d4ce052096c9

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 586d46d392348ad2ee25404b9d005a4e
SHA1 4bece51a5daacf3c7dcff0edf34bcb813512027f
SHA256 2859fe2fe069e5f4300dd0106733750b1c8c67ee5d8788c4556b7d21c6da651d
SHA512 daad865dbb4ca7542d5bd50186ffa633a709bfe1cf79d0d98e738760634da49afef1c418357d9482dbe33fe995847e05f653b6e3bba00aa42badce47dd072115

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-debug-l1-1-0.dll

MD5 28840d7d1ea0a873fb8f91c3e93d6108
SHA1 0856b3ceb5e300510b9791b031fffceaa78ee929
SHA256 d3fad206a52d9b1dd954c37a45e63e691ebc7bfe8af27a87553203fb445224ce
SHA512 93596ec710bd738fcbddf4db0f102f537355bbbaea347d2314d62064d5110cf1deb3ecb6d1e0922f019351acfe2d1c694684d0e62e22c004d5a20a6cae5c7fe3

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-datetime-l1-1-0.dll

MD5 adf9263b966cea234762c0782aba6e78
SHA1 e97047edecf92a0b654f7a25efd5484f13ded88f
SHA256 10cd6bf518350f93ab4643f701efdac851cdd7a26a0d8bcabfbb2bd273e1f529
SHA512 56c09d786f4ba401d4827da4148d96b140f28f647a03ac6ab94f64de9be4c75ecb8b583efad28aa0c51356978caa96f0cb9d56cc4883ff42c1ee7f736e481c52

C:\Users\Admin\AppData\Local\Temp\_MEI43682\api-ms-win-core-console-l1-1-0.dll

MD5 a58f3fbbbbb1ecb4260d626b07be2cda
SHA1 aed4398a71905952064fc5da1191f57846bbd2d6
SHA256 89dd6fbea61edb8f1c934b7e5e822b4ce9bea939ff585c83c197e06a1fd8311a
SHA512 7fd371818932384b014d219bb318fb86c1787f3a58a3f08e904b7bbe3486f7ad6bc3776b335c178658c87efd663b913a14fb16d1e52198801659e132fa830d07

C:\Users\Admin\AppData\Local\Temp\_MEI43682\ahk.exe

MD5 ac51a71e06fb8b7e2a8be659387203e5
SHA1 3cf8a1c2730b725f445010cae3d561704ff7f002
SHA256 5ea670d23777834e3558c073f19e5abcb1d21f63b088af73216006accf7280a5
SHA512 4954e8355680aea55275f3467f5ef433da7cbd1a100f493334e9c4891a054d3fc98182d177c1367408bb7cb6d31b62b0171f77464b62b92888c03dfddffe9f4a

C:\Users\Admin\AppData\Local\Temp\_MEI43682\5.swf

MD5 11f7cd8ffb17b45fc349629ddc616c23
SHA1 e3c0f315d61d66c353267348391605caaeffd20b
SHA256 dca877835bec9a8f28d805a57311866821aef2d7a872181ba23a822572e14fb8
SHA512 8ce3ed80a2ad62c14eb8fa7760936a43eca73e30f3926edd42198f779b16fcd4c638e85f9dd8c83a83d6dd17fbbd078bf8cecd5c913b317d2bc83aceadf5b26f

C:\Users\Admin\AppData\Local\Temp\_MEI43682\4.swf

MD5 35b04774ee5a3267807228d3c5768eb0
SHA1 20da3b9480602b5e75b0b4f946505059f28c16ea
SHA256 3d9ee2bd39d1826b0200d6e752363abe19344dc219ee41f5d9c1de29e80a2875
SHA512 bf0138af2b9a97ffffb60617de9051ac868edca7fbe79cd6c6581654e865e6f203c7d61fdb4778fb32a224d67f84cf01fdf6bb826388caf596cdf1ba4e28beea

C:\Users\Admin\AppData\Local\Temp\_MEI43682\3.swf

MD5 8b254d264309020f0a53bef13f3df546
SHA1 abd67d47ebef90b8a8d6bb6b17265dea3328302f
SHA256 201fa377ea302b93aa346585b9ed18c6bd3e7dcf56dcd43feef8fb0a25570a2b
SHA512 fdd5edfaa435900729124879901e36182281e505973f93b4ab76b75eb0c22f4b6b644b624bad547f6a8c78052fe5c2ef1c6142ce22cab3d26383281fa9dbd1c0

C:\Users\Admin\AppData\Local\Temp\_MEI43682\2.swf

MD5 0b6586aa6a73a2358b769fb3233eb0df
SHA1 ef2e934e9451068f4976acadaa343c11a9949da8
SHA256 2e5415107cea1d2fb6974d41a504435a4273d049774dc88770a1be6b2f08d45f
SHA512 04629b7d044688e919d6d027d2fae164ed88899813ff5155b7588682d6b76bfd046ded32c433f4b7b47d27000e690ff0756544c16e89de003ff1f9e7633cf1ad

C:\Users\Admin\AppData\Local\Temp\_MEI43682\1.swf

MD5 d3409f48d01162828f15230177332b37
SHA1 e951d22daf162a823bfc4e26f1498e7db6506e46
SHA256 b8cb552feedc7d71fd4d25341d09a6179d3e9a6920a200803d58369ac6a34b6a
SHA512 b1bda52a74245c2877db410964ebcc83f06677ff6f175e82d9bf293a5c1e21c4153db1c12cdc1871a5cd410006337989290753e141f985016705171d3a220866

C:\Users\Admin\AppData\Local\Temp\_MEI43682\_bz2.pyd

MD5 5bebc32957922fe20e927d5c4637f100
SHA1 a94ea93ee3c3d154f4f90b5c2fe072cc273376b3
SHA256 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62
SHA512 afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

C:\Users\Admin\AppData\Local\Temp\_MEI43682\_ctypes.pyd

MD5 fb454c5e74582a805bc5e9f3da8edc7b
SHA1 782c3fa39393112275120eaf62fc6579c36b5cf8
SHA256 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1
SHA512 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

C:\Users\Admin\AppData\Local\Temp\_MEI43682\base_library.zip

MD5 43935f81d0c08e8ab1dfe88d65af86d8
SHA1 abb6eae98264ee4209b81996c956a010ecf9159b
SHA256 c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0
SHA512 06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 f3b300079862aff353b412d490bf5abc
SHA1 b61ad13daa7d39a02aa1329788ece0737390a45d
SHA256 c052cb74d9b0ce37efba9c018b5bcf74c51cfbdcaf990ae53cb9772ea318945a
SHA512 d6e02701ec0990fd9a4b0e82ce69048a35ac114e7515ed2ed6a445ec9f8ad9f98287491e087a269b3e973fb55da360e2df1a516a9fa850c68cfcfaadacb2fbb6

memory/3452-1703-0x00000000001A0000-0x0000000000589000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP

MD5 5c9fb63e5ba2c15c3755ebbef52cabd2
SHA1 79ce7b10a602140b89eafdec4f944accd92e3660
SHA256 54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7
SHA512 262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

memory/3452-2369-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 dabd469bae99f6f2ada08cd2dd3139c3
SHA1 6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b
SHA256 89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606
SHA512 9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 199e6e6533c509fb9c02a6971bd8abda
SHA1 b95e5ef6c4c5a15781e1046c9a86d7035f1df26d
SHA256 4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8
SHA512 34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

memory/2204-2392-0x00007FF8EBBE0000-0x00007FF8EBC0A000-memory.dmp

memory/3452-2394-0x0000000010000000-0x0000000010051000-memory.dmp

memory/3452-2393-0x00000000001A0000-0x0000000000589000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI7682\BSOD\bsod1.png

MD5 91da2c53725c459519b05a3b7a199855
SHA1 4123e3f1837bfab170ac6f52214973f9b99b13e5
SHA256 77acae6db220f6386d66cb2e9027a6f1b762216933666fa42357637d05f94096
SHA512 7545e5c3f578e7a02333966a75056cf3ed545a40a093961b9ea011c7d2c897414034968ab7c324c5a504429d0e33864f6950f2dfcf2b4fd8f522f722b3db62d5

C:\Users\Admin\AppData\Local\Temp\_MEI7682\cryptography-43.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI7682\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\GooseModdingAPI\bin\Release\GooseModdingAPI.pdb

MD5 5e0ccb3bd78be9cd539fef6e4005e47a
SHA1 9a28756dffdef59d36bf42cb9cc8e02e454026d2
SHA256 4e4eb668831c91756eb030045d118ebd069fda0b0e0065ee2467c4c1c382cdd8
SHA512 4c58e1d9d77c42500c3d91314257f563a6b3af627ae0d5ec257b38a8b8008b47ad10b8b3a0661bc72a12bdaf549a33453a971802542f5c719fc979fa9f6c1372

C:\Users\Admin\AppData\Local\Temp\_MEI7682\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\GooseModdingAPI\bin\Release\GooseModdingAPI.dll

MD5 6f6c8f80d6c36739147b38016bd4b469
SHA1 bf0f81a00ccc595242620b15ade2a0661424d9e3
SHA256 fba607ccfd47e2b6ba04d449f1de10e3b66ba35b7d0e96f71e7c61d0c10486f4
SHA512 1b3d6da8eedc140f3836c60eadc5251870d01db99e72d33ec0b2a585e2e4b2f7e643e2a12ad42f8e6d8704e8af67ca1df728acdbe18c614a1b8f6746d0c3fbc6

memory/2300-3606-0x0000000000AA0000-0x0000000000E89000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

MD5 1ce84d00958cf602fe5212df2ee8f16b
SHA1 d2eeb31ce966b6068f7f77dca886339577fd59fb
SHA256 1b753d82577e885c1ca5643b2947295fa67c18c6bf812b811f1a729bfcbb085f
SHA512 9a7d13b72788238b3c57ede48eb164a0e1210809a6d7b9c318cd13846a59a90566f4608f09241a494f8e4415916af02ecd6bfa3fc214b5b86613930585bcf7f9

memory/2300-4276-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\check_latest_tl.txt

MD5 be27a7da181fe2e0f9daaae4c93dc291
SHA1 79bbf661f01c7d11916343bd98f0ec594a4c2434
SHA256 ccdb663ffa26bada8c166707005ebe784ca0beb9297de2f183f662950ac8d31d
SHA512 caced540aa47296317a88ac0c1a0932bfd3eced56ed653ba74e9c2b5bc0c02b20b3fb79f814a2ecfbc85f65c592ce1c0bec4495b2928b2ddbbd41300b083062e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG1.PNG

MD5 66f6065f9f54487aa740e0dcaa2951b4
SHA1 6ee958852ac17dd5e7ad2614f697e61dd72c2d80
SHA256 2264bcdf6498620779f0c4b8fe23da78c7f7773d9649e0d8efd38e6df0cca232
SHA512 4694bea262f6c516d51581a1c652163d9fdafbdfb7540b12b8a972cf2faa612dcf849c56b9b74d4247324e78f9ca5561205fc3ba1542c3104c1fa0986e3c5731

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG3.BMP

MD5 f5d6a81635291e408332cc01c565068f
SHA1 72fa5c8111e95cc7c5e97a09d1376f0619be111b
SHA256 4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26
SHA512 33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG2.BMP

MD5 f35117734829b05cfceaa7e39b2b61fb
SHA1 342ae5f530dce669fedaca053bd15b47e755adc2
SHA256 9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3
SHA512 1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\IRIMG1.BMP

MD5 3adf5e8387c828f62f12d2dd59349d63
SHA1 bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a
SHA256 1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0
SHA512 e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

memory/4248-4307-0x0000000000C40000-0x0000000001029000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\Menu1Text1EN.html

MD5 ac4725ad14a44844c24f77b201c05077
SHA1 26ac7d670b1cfb432bcd9337814a850b68c2509d
SHA256 93ec6593dc0e29027b5a7aaae44f469103d4809f2dd8c31bef9e4ecbbba4910a
SHA512 cbda2778b058a0abdc67e306d50ac4ed5221e6292d9b1f0a7c18c8f056683572788e4fa02e1f43d5303df2294c654bbeab37a620ad7f2908d76de478caf1a35b

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\MenuOperaText1DK.html

MD5 560b9252575c317363bd4e95b297f7f8
SHA1 a6c7fb21b29395ab63c38ce0c7f7e0e92ad95ff4
SHA256 e2d05208ca70dc3339b25003f28aa72181de0ce59462bbf73875aedf21fda59a
SHA512 804fe0d8b6d308dae976f96d897358541047bc05f119d23fc8f9c8da76318b865c908a54f7daabf923b295023ad249eb19d7bc492c835324e0097a4c610a1ebf

memory/4248-4977-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4596-4996-0x00007FF8DD580000-0x00007FF8DD5AA000-memory.dmp

memory/2300-4998-0x0000000010000000-0x0000000010051000-memory.dmp

memory/2300-4997-0x0000000000AA0000-0x0000000000E89000-memory.dmp

memory/4248-5001-0x0000000010000000-0x0000000010051000-memory.dmp

memory/4248-5000-0x0000000000C40000-0x0000000001029000-memory.dmp

memory/4876-5018-0x0000000000F50000-0x0000000000F8E000-memory.dmp

memory/4876-5040-0x00000000058F0000-0x0000000005982000-memory.dmp

memory/4876-5064-0x0000000005FE0000-0x0000000006584000-memory.dmp

C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

MD5 b3a2c15833ed3013c1c8f09a3090613b
SHA1 89ad338ef38db8fceda43ef113abfc7ee3e748c4
SHA256 1e6364e1a33cce9395071c75f7d8df3759dc475baa6f677422f29c9bcf3e6869
SHA512 a14189f7236cda4574771269ab1e9da5c100eb5bc59c3dc77a77b5d85b97755f45bf9e28451183128f22aa01a70d63e2e1a54810b22dd57a5c639c9854de8342

memory/4876-5071-0x0000000005A10000-0x0000000005A1A000-memory.dmp

memory/4876-5072-0x0000000006E90000-0x0000000006E9A000-memory.dmp

memory/4876-5073-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5074-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5076-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5075-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5077-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5078-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5081-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5080-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5079-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5082-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5083-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5086-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5085-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5084-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5087-0x0000000008130000-0x0000000008140000-memory.dmp

C:\Users\Admin\AppData\Roaming\error.exe

MD5 415c03867cad0b216f84de46ae0573b6
SHA1 a3d468bd535670f49e9f21111acd221dcc270b0a
SHA256 e5677511a4cccf1d7bb03b6e1e86e7c7058604e2694979fe8a181597ceb747cd
SHA512 1cdb46e13cda2776144a3db764e7be116a27745baa927b22cb9d2bb5f63e39f28e18a64e8dfffaae7739a4a10de92404dbc7510097be07ea7f8742e215fd89e9

memory/4876-5100-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5101-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5099-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5098-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5097-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5102-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5105-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5104-0x0000000008130000-0x0000000008140000-memory.dmp

memory/4876-5103-0x0000000008130000-0x0000000008140000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133678797121354499.txt

MD5 61e58f0d403f4c6f4dfbb8e55268ff43
SHA1 733548bce4c4280a151dcd8bc0bc95cfe43fe59d
SHA256 12a3b7d9f0f6769e4316f924358d7b4e29afa215f5d2b2d3354a5cdddc552f9d
SHA512 19bcbdb0dfdacc4e210811779cfc3e8d0a524970a9656af1c64fbdcac2aff2d4027ac1639c8b913b1f565659f9dcd7a861cf90eb68fe0d105453ac06b7f2ec6b

memory/3396-5283-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Roaming\MusaLLaT.exe

MD5 55c38db4b199f52bd5fe466746852a6c
SHA1 e683a9fffd0f16cd4d4e1f32089ec3ac5fce2e96
SHA256 d98ca9de107c1f0c55d62a48d2af195269d3bf2a164595e2e33d57b4ff975a2b
SHA512 cf9b94213acfd49ce28973573717cc77d25b00eb22bba452d63466043776cab0e1b3ad4f6f851a0a5b53aadeb45c15a86decf90f6465c872e43440d8f79e03e7

memory/3396-5346-0x0000000000400000-0x000000000048D000-memory.dmp

memory/4500-5395-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\4ZLXTYAF\microsoft.windows[1].xml

MD5 561d428fca25aaeff220ca801100323c
SHA1 703808c3abb1172a6a05ea8a7bdc297eed3d01e6
SHA256 1fd2a6b24b2e481e24953b38587394eab230127867ca14b0f9ac3e365561a83c
SHA512 72f5711ee30b7d41a4bac8bb59ec4c9d488de5a138079ec897a407917b0c4199985077045cbf345654a06352310881c9baef5eaaeb75fb774faad5ee938e1d00

memory/3692-5583-0x0000000000400000-0x000000000048D000-memory.dmp

memory/2448-5766-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5724-5811-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI59002\_decimal.pyd

MD5 492c0c36d8ed1b6ca2117869a09214da
SHA1 b741cae3e2c9954e726890292fa35034509ef0f6
SHA256 b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1
SHA512 b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0

memory/5788-5865-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI59002\unicodedata.pyd

MD5 cc8142bedafdfaa50b26c6d07755c7a6
SHA1 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe
SHA256 bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268
SHA512 c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

C:\Users\Admin\AppData\Local\Temp\_MEI59002\select.pyd

MD5 d0cc9fc9a0650ba00bd206720223493b
SHA1 295bc204e489572b74cc11801ed8590f808e1618
SHA256 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019
SHA512 d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

C:\Users\Admin\AppData\Local\Temp\_MEI59002\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-utility-l1-1-0.dll

MD5 9f15a5d2f28cca5f4c2b51451fa2db7c
SHA1 cef982e7cb6b31787c462d21578c3c750d1f3edb
SHA256 33af8b4a4f1f9a76d5d59fdf634bb469ca9a830133a293a5eef1236b27e37e63
SHA512 7668d42fd8cce5daa7e0c8c276edd3bda0d4ee1c5450fa8d46cf7600f40b2f56e024f98157a86e9843d0b7d33cb281ebdca3a25275e08981f5d9cbaad1cfe371

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-time-l1-1-0.dll

MD5 a1002f4a501f4a8de33d63f561a9fbc6
SHA1 e1217b42c831ce595609cfde857cd1b6727c966d
SHA256 fe94985959fe310cafa1eb3e32f28001ef03afefd32497d0c099eb9393bf6f4b
SHA512 123a5ebca5d8a1292f238bab3bd8cc12ab3157672a904361a72f5f7177f4ce0dd4708fdfda34f2ed0b4973ad7d92bc69b85651687a4604def4bf7bdca5d49b17

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-string-l1-1-0.dll

MD5 06f29e2e2ebc8e3d8d0110a48aa7b289
SHA1 b9047a9aa94d25f331e85aa343729a7f3ff23773
SHA256 6c24d050afc07bc5d2ba5eb07840345569b52e97442bcc7c4413fccedc11e6c4
SHA512 9de0b3f3ab2c0ed61920d99e3a931bbc08015d848907bf4cd5cb2c81017de4d23f2f8977a3a7895b92208ae7e5753ab8c4b00c00e375da005b432b5534ea7838

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-stdio-l1-1-0.dll

MD5 374349666a3b260411281ab95c5405a2
SHA1 42a9a8f5d1933ec140bd89aa6c42c894285f14d1
SHA256 2a6f53be6e8b8fabbf8fcc2ac1224f70628f4ab35e0b36612a6728df7685d56a
SHA512 5c4a79503f83eb8e12a38605c1ab2cf6332f7ef845dc7ac5c34dc71cb86e903dc002c91a7142a56433fff97ff21ec926c9cc0be92a31ecffe2a7c5e042d6fc4a

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-runtime-l1-1-0.dll

MD5 6edcd747d5beb5d5b0550b9e8c84e3a3
SHA1 8b8baf8f112ac0a64ee79091b02a412d19497e69
SHA256 d5b5c4ee347678e60af236c5e6fd6b47ad5786e080d14fdb11af0aa5740e7760
SHA512 1bc72f7b6b13374dab05f8914dc96f194bfa86cad4549a3fca1dd79485cfdbe1d45053f197e2bdd280b8787edcbd96c4c74dffdf044c99520148d153bb0a438e

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-process-l1-1-0.dll

MD5 98bf2202e52b98a742f24724bb534166
SHA1 60a24df76b24aa6946bb16ead9575c7828d264b0
SHA256 fe005d1a7908e36d4fd6cb2711de251462c9bebf99e4060687df11bd0bbedc8a
SHA512 d346eaf8a966720e47099293d91f2856c816acb7e5f952e6700e007ba176147218798648a4a3e1b928e7a46622ef3603aa4d909113fb02d5551c40ed0e243441

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-math-l1-1-0.dll

MD5 e07a207d5d3cc852aa6d60325b68ed03
SHA1 64ba9a5c2ca4b6af03e369a7c2a2b3c79cac6c51
SHA256 b8fdf7893ff152a08fbc4d3f962905da3161b0b9fe71393ab68c56199277e322
SHA512 0dbafab60618ec0c815ae91994490c55878c904af625ba6931fe0ea80eb229c98e367623e472e3b4c0e27e0af6feeb4d2cdacd4c426e1a99a1291b41cc52f666

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-locale-l1-1-0.dll

MD5 c74e10b82c8e652efdec8e4d6ad6deaa
SHA1 bad903bb9f9ecfda83f0db58d4b281ea458a06bd
SHA256 d42b2d466a81e8e64d8132fad0f4df61d33875449ead8d4f76732b04f74bbce6
SHA512 5cc4b0d7e862fd32e8374501d1b8798e369b19dc483cdb568915b48a956e4f0a79b1d2c59322394128a330fea7c939161a7af1787b4dc5f250e74f8df8805f6e

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-heap-l1-1-0.dll

MD5 5d3da2f634470ab215345829c1518456
SHA1 fec712a88415e68925f63257d3a20ab496c2aac0
SHA256 d2ed53111a652fde26c08504803f76301fce2fba04f33a7f250b5b2569e4f240
SHA512 16079ce0bcc9816297f23c95573bd52da08b29b90da4855b4315b3fa98947b1b35ffd30760064144f3f5647c27e0c1bd3aba623d17364fff45c9b2fa598a2ba8

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 10a42548fcf16732d354a6ed24f53ec5
SHA1 b6b28307c0cc79e0abef15ed25758947c1ccab85
SHA256 ca3e5b21f83d87a958ba7934c5e4d8e7939b2e9013fe2deaeba1f9088b4277bb
SHA512 ecebb5973ecf8f34115985ae24061c29a9d943592389a4e8f215df7408c770a1f7c6c8927d30403d5c43814a4b64ac622ec018be02532f88dbbca6d6208266ab

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-environment-l1-1-0.dll

MD5 e9d4a1374a200a6e195e3c5ab42e6bbd
SHA1 c0c79309a6ab14592b91087bec0cc519979e5ebf
SHA256 612df2aaf3435c2be575581d1b2deddcef33f1b53179acff3e4ac24a0fcd3d50
SHA512 1de9d70036eb5211184b3b40f671608cf75b539f6fd36b812facdd9722927eb8e5c4c579db6a360003d06cc139f2ddbda8d19de17cb3a36fcfb53e462a9d7b27

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-convert-l1-1-0.dll

MD5 17680cd553168e9126ca9d7437caecc7
SHA1 8acafcb5f01d3b01a7c48a3b91bdeeb8bf1cf841
SHA256 6438c683e376583f6368c582ce3caab274cf3f7d7320e7f6cda427ba338847ca
SHA512 146ae3230c213ffab4b2c7805374ccb5f53155266ba9213d8f22e073deef0bd733b9488c2091c3db037c1d1dfaa4bbfb90e2afd041a447603c25690681239ae3

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-crt-conio-l1-1-0.dll

MD5 eeafb70f56cc0052435c2268021588e9
SHA1 89c89278c2ac4846ac7b8bd4177965e6f8f3a750
SHA256 b529fed3875c6f4eecf2d9c012bc0e27cb2d124c2dd1da155f8337b4cb002030
SHA512 ce211b79f4d0dc942dbe1544d7e26e8e6f2c116dce6bc678aede9cb2104771758c0bd670e1eca2d5a9a6728346d093f44459e9791317b215c6ff73e47d1203f8

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-util-l1-1-0.dll

MD5 0793ca01735f1d6a40dd6767e06dbb67
SHA1 6abea799a4a6e94d5a68fab51e79734751e940c5
SHA256 cdf7915f619a728fb64c257bfaa8257ee2353bf3c0b88214d5624931a1ac247b
SHA512 33f703cea3b6cef3fcbd973812635129ef204c2b1590ffe027dbd55ba35cbd481cf769de16634bd02acbdbd59e6af52cad0964d4d36327606c1948f38048703f

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-timezone-l1-1-0.dll

MD5 566232dabd645dcd37961d7ec8fde687
SHA1 88a7a8c777709ae4b6d47bed6678d0192eb3bc3f
SHA256 1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96
SHA512 e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 c1919eacf044d5c47cc2c83d3d9c9cd9
SHA1 0a80158c5999ea9f1c4ca11988456634d7491fcc
SHA256 9b82643497092524e0aed6cfbaf7467849cde82292313bbd745c61ed2fd32ea8
SHA512 ad2ccabbdc769cbeb3c0b4d8d647647c8f43d3c3f3c85ab638ce00665379f9a0f5bfc24fe25184003d180143c29da0c36c6d2c7ffeae68a81c27b90f69336cbe

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-synch-l1-2-0.dll

MD5 5da5938e0d3a9024f42d55e1fd4c0cd7
SHA1 7e83fec64b4c4a96cfcae26ced9a48d4447f12b7
SHA256 0ea1cf78c0be94554ff7cd17a9c863c951c1e1eaa54191d7f2b0e043697c8d00
SHA512 9a302c664bfddf509c0489af24a238b15612802c7d6dccbbfb57b39691b80af79ed35cab31e84424a34e0de32179054277ca09a0457b90c72af195f8328c82dd

C:\Users\Admin\AppData\Local\Temp\_MEI59002\api-ms-win-core-synch-l1-1-0.dll

MD5 445571331c2fc8a153952a6980c1950a
SHA1 bea310d6243f2b25f2de8d8d69abaeb117cf2b82
SHA256 1dda55027f7d215442e11c88a82c95f312673b7e7454569e5c969c1c24047915
SHA512 853797dd50d0ad6018e7e7d11aefbca61653baa8c60b22fdd34133fce6bf6f02ed0c747457c2783e699e8e7097f14429286904267c13521ee9cb255d3ea79806

C:\Users\Admin\AppData\Local\Temp\_MEI59002\_socket.pyd

MD5 dd8ff2a3946b8e77264e3f0011d27704
SHA1 a2d84cfc4d6410b80eea4b25e8efc08498f78990
SHA256 b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085
SHA512 958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

C:\Users\Admin\AppData\Local\Temp\_MEI59002\_hashlib.pyd

MD5 da02cefd8151ecb83f697e3bd5280775
SHA1 1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7
SHA256 fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354
SHA512 a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

C:\Windows\System32\drivers\etc\hosts

MD5 d62dbea82a3b61b280e9af18ff7a3e2b
SHA1 fabea61665d61e9d099e463e5a5f9fcb069af2bf
SHA256 dbaf01f64a24a2080a7ed8c37a50eb9b312c0c6410cfa636862da5d9c682c468
SHA512 fc162182e1e560906e011385a2dede3a043a4d80b3cc50bc149dd7dedbdfe08bf83e2c178e1a73dbc9263bcc76f6887716a27a4598d5577dfa24554b3a25f363

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

MD5 2398b8f71464a773ff35c0b19b61a0ee
SHA1 947c869566b9c751083018e78b94bcc8878a0c65
SHA256 ed02db729d8439272c961eb05f56601c6f294d214e915f0396ad0aaa75c8a05d
SHA512 935839f4086758ca32a48d3acca996ffcecb9e4d37c43d205a061fbee105c8eea88a8799b552ed38a6b777a70fe8144b2aa9f677326c699a0d3e72b1f22c9f7b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 bc52a28f018dfe7328c68e5202bae308
SHA1 69e4ecd5452d2e3580afd8ce1e99b02cfcf188f5
SHA256 a19634b3ddc6a0c921b811df691490fa74b41974a6671675250c0a505b4c4bdc
SHA512 bb8612c7d29e8128e9d207acc9901b60954231101dea37e6b32ad4449a9631a8a20a7f3a1e577c9213808195161478fa398dfb4cf872cb57b0db3c1267330148

memory/5476-6010-0x0000000000400000-0x000000000048D000-memory.dmp

memory/1524-6009-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 8c7e9168e2b6939f14ce88c95f2946c3
SHA1 8ca4dd016f9f499a5003bfe928f3f1e53d86f839
SHA256 ce8cfc1b0c5fde3ea130fd3bc7fed921cf599d21e2fd77dea6b63068c443c877
SHA512 93635bcb642137d68dc71eac8dd6b3c7bc202c399c0bd85b45e408d02af2dd2c3c4676bb87ea9de06d49024c0175d1ef23d8563fc0ab281e5aafdef7629d4927

memory/5412-6263-0x0000000000400000-0x000000000048D000-memory.dmp

memory/840-6262-0x0000000000400000-0x000000000048D000-memory.dmp

memory/1752-6346-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6068-6344-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\Desktop\certcli.dll

MD5 0e7e1990fa62caabd6633d119559cc8b
SHA1 f96c44da21772c2f4c5331ce33e0a5aad6193a60
SHA256 34996caf7b7ae47d4e4cf32d1c82c9859073f0fd33fd78870605744c6750e577
SHA512 32d24d055dddda4e70e583b308f6578bf9b6c5139a16900369625ebac48825250a6c3790605b83950c221bb879816dfaa93d303b7fe3e1e4b494abb075681786

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

MD5 2860a6add925f6ead1ec2e55da7f2205
SHA1 9804ceb5153e6fb2fa33f8561d8d237e1613382e
SHA256 643190d5f50e4d25436d1049e22fc457c41144b3812756cf0ba39e9563815633
SHA512 a745d11542d10f4a48acbfb020e30b083b91ea134e9fd3ff4e46429161fdfdfc2f3839e9258dab70831f05bb55b0d99c15ddfe158258203e0b6a5e39f0720c89

memory/6292-6531-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6728-6533-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6224-6598-0x0000000000400000-0x000000000048D000-memory.dmp

memory/7092-6600-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6640-6716-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6592-6714-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI53882\BSOD\bsodgif\frame_05_delay-0.05s.png

MD5 599ea2cf88c9bdc512bf69b16442f883
SHA1 9f5f5060275653b3e037f9960ecaaecaf37fde88
SHA256 3253bfefda6605db8f7fdb1cdf1044eac1202c92c33bba983160d0be498db049
SHA512 9f9fe7522489ab9961ffd2600646dbcf99b844053656e453d5af8ea30d77a7edd40d8e2e3049fa319c818d8de78cf820464df5f65dc942c91b98cff0e5e630b7

C:\Users\Admin\AppData\Local\Temp\_MEI53882\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\DefaultMod\bin\Release\DefaultMod.pdb

MD5 ea84a9650bc71ee622841e827e4b39e2
SHA1 7298af7d1a0742349b68f78d7a5b4dcd41d1b647
SHA256 4c97839956c209c0f2a734e26a7a2d23235befeb938384545fd85f691084de7f
SHA512 532ed6194c95fb36de8e385289464e11c034d0c41e0354629563ad69a41ee034c27e54f4de96985189e8e65b0dda6cd6f8a8cbc8374bc55f895cd7693207491b

C:\Users\Admin\AppData\Local\Temp\_MEI53882\desktopgoose\FOR MOD-MAKERS\GooseMod_DefaultSolution\DefaultMod\bin\Release\DefaultMod.dll

MD5 d9d3634150a96a3d15961599979db1a8
SHA1 ba4773062cac856ab60e35c29fb655dc82af9144
SHA256 feb32e09081e223ddaf453321abaebc12c3f18d533a393326142deec7c31394e
SHA512 a086f46c1c2743cd13b59c492c23b8b15972070c3555f50fbbfbf5eb40d187cbc179f473939b615cd32672fb6c6d952d5b11400e7172770f2d968347df39b29a

C:\Users\Admin\AppData\Local\Temp\_MEI53882\tcl\encoding\euc-cn.enc

MD5 c5aa0d11439e0f7682dae39445f5dab4
SHA1 73a6d55b894e89a7d4cb1cd3ccff82665c303d5c
SHA256 1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00
SHA512 eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

memory/8064-8013-0x0000000000400000-0x000000000048D000-memory.dmp

memory/6196-8011-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5852-8121-0x0000000000400000-0x000000000048D000-memory.dmp

memory/7300-8191-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5744-8204-0x0000000000400000-0x000000000048D000-memory.dmp

memory/7296-8334-0x0000000000400000-0x000000000048D000-memory.dmp

memory/5968-8331-0x0000000000400000-0x000000000048D000-memory.dmp

memory/8264-8518-0x0000000000400000-0x000000000048D000-memory.dmp

memory/3952-8517-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 cf29f00f538cd6e89543b075dbc630e1
SHA1 3215ebf4d0d73e1e29d4f1ccd3e0f986e214f201
SHA256 fd3a2d1bc760e571707a7fa2dd48130c3fce647f188c1ccd8cd69b802759d02f
SHA512 5d142501ed6afb0334d4f3b1355cf0423266120c1fd41813fdab8a49269a4b12a335c55550242d037cbcb1ab13092cb3e11c9ae173040f0424caf0477698c7a3

memory/8260-8767-0x0000000000400000-0x000000000048D000-memory.dmp

memory/4344-8765-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

MD5 e789877a444636429d71797a4a4ee052
SHA1 06771feb56ee499dd1221a2e3a45dd28b445aa4a
SHA256 ce4bf0cfd7ccc649c09daae02db389302681df9ef9f8079df952da90d6bc33db
SHA512 2cbde44875111f1ba6fc871b711164522d8071ee98aeb4e7c45254bcda106290c27b3f33763eaa44677cb99888ee5a40d30a39b8a68d5b013d404f8aad4be14b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 539781a2271acc76b0a5274a8b6cdccf
SHA1 07a966ed5096a4c71709c63a30efb2a2d1107834
SHA256 380757455a47058f982714e78cfe52583c1afd161d371d514b5b36fbfe844c99
SHA512 995f770a8add0016d41f99844f6802aa92429cddc86aaeec1c5349965581d81a3d4c0da019fd3a8aea22290c979bb20ba294961e3a154bc95142a1520bbd7a66

memory/164-8925-0x0000000000400000-0x000000000048D000-memory.dmp

memory/8972-8927-0x0000000000400000-0x000000000048D000-memory.dmp

memory/2768-9061-0x0000000000400000-0x000000000048D000-memory.dmp

memory/2420-9148-0x0000000000400000-0x000000000048D000-memory.dmp

memory/8500-9150-0x0000000000400000-0x000000000048D000-memory.dmp

memory/2236-9302-0x0000000000400000-0x000000000048D000-memory.dmp

memory/8512-9304-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\Desktop\wimgapi.dll

MD5 78b1247cffa609afba2f7bc22c0ac8e1
SHA1 58152a0a6602b1aac8950145997d45ffa397b804
SHA256 c0af808954ce4c93ea47d6dd567f34daf63d6571ebd7273beeb28d2ef9d86988
SHA512 502fbf0e1dbafa0598929b4ecb4513f7711f7281bb6f5ac72b9ff3bbdcbd4c695f7a6d9fc4717a6e1b5d53261c7819dff378e2c5d55b75b10b2bfd15cab631f9

C:\Users\Admin\Desktop\icu.dll

MD5 947d07fa32abb13db520016769eb901b
SHA1 0dd11fe5389efc3c098e3ac8d2a8261b9aa2d377
SHA256 097b810f0f8b4121907dafafb36e834a080d411fce25d78c0159303f07fb4012
SHA512 4772c26f693b1c62775eb759caba28ca3c1233c7143efd540641015ad5a3ee498726bea037c3b213936f3d9c52e33267c6ff6f96d2c40bfd2c86940f7bd889e7

memory/6688-9411-0x0000000000400000-0x000000000048D000-memory.dmp

memory/10072-9406-0x0000000000400000-0x000000000048D000-memory.dmp

memory/9680-9497-0x0000000000400000-0x000000000048D000-memory.dmp

memory/3288-9580-0x0000000000400000-0x000000000048D000-memory.dmp

memory/2420-9703-0x0000000000400000-0x000000000048D000-memory.dmp

memory/4316-9701-0x0000000000400000-0x000000000048D000-memory.dmp

C:\Users\Admin\Desktop\D3D12Core.dll

MD5 c0f92951f7fc055bd9da42cc10984342
SHA1 f30cbec52c69e064940d7cf9aa492573567c03b8
SHA256 c2e38fb88651c32fd3804ba59fafef6c49a4de7e2628a6089be2cc460b8ceafd
SHA512 261ff2fb63ea730f79a66c3c6acc6c7c2621cf751960a8f60fead394f026ca6a9995a8ec0979782801e649e07fdbdea71d6dd131ef960aa07e7599790848527c

memory/10496-9851-0x0000000000400000-0x000000000048D000-memory.dmp

memory/9420-9850-0x0000000000400000-0x000000000048D000-memory.dmp

memory/10600-9919-0x0000000000400000-0x000000000048D000-memory.dmp

memory/9112-10043-0x0000000000400000-0x000000000048D000-memory.dmp

memory/7372-10041-0x0000000000400000-0x000000000048D000-memory.dmp

memory/9812-10120-0x0000000000400000-0x000000000048D000-memory.dmp

memory/11196-10128-0x0000000000400000-0x000000000048D000-memory.dmp