Analysis Overview
SHA256
37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c
Threat Level: Known bad
The file 37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe was found to be: Known bad.
Malicious Activity Summary
RedLine
Detect Vidar Stealer
Vidar
Systembc family
SystemBC
SvcStealer, Diamotrix
RedLine payload
Amadey family
Detects SvcStealer Payload
Amadey
Svcstealer family
Redline family
Vidar family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Uses browser remote debugging
Downloads MZ/PE file
Executes dropped EXE
Checks BIOS information in registry
Identifies Wine through registry keys
.NET Reactor proctector
Loads dropped DLL
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Checks computer location settings
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Drops file in Windows directory
Browser Information Discovery
Detects Pyinstaller
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Program crash
Unsigned PE
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of UnmapMainImage
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Modifies registry class
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-03-05 02:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-05 02:30
Reported
2025-03-05 02:32
Platform
win10v2004-20250217-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Amadey
Amadey family
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects SvcStealer Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Redline family
SvcStealer, Diamotrix
Svcstealer family
SystemBC
Systembc family
Vidar
Vidar family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\agnjxs\potapg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe | N/A |
Uses browser remote debugging
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\agnjxs\potapg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\agnjxs\potapg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine | C:\ProgramData\agnjxs\potapg.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe | N/A |
| N/A | N/A | C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\temp_31744.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\temp_31744.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\temp_31744.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\temp_31744.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\temp_31744.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ffbfdaafaedddac = "\"C:\\ProgramData\\ffbfdaafaedddac.exe\"" | C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ffbfdaafaedddac = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\10089420101\\4klgwMz.exe\"" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ffbfdaafaedddac = "\"C:\\ProgramData\\ffbfdaafaedddac.exe\"" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemHandler = "C:\\Users\\Admin\\AppData\\Local\\Temp\\temp_31770.exe" | C:\Users\Admin\AppData\Local\Temp\temp_31770.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemHandler = "C:\\ProgramData\\Winsrv\\winsvc.exe" | C:\Users\Admin\AppData\Local\Temp\temp_31770.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe | N/A |
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe | N/A |
| N/A | N/A | C:\ProgramData\agnjxs\potapg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3248 set thread context of 2964 | N/A | C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 5400 set thread context of 5756 | N/A | C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe | C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe |
| PID 4664 set thread context of 1264 | N/A | C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe | C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\rapes.job | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe | N/A |
| File created | C:\Windows\Tasks\Gxtuum.job | C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe | N/A |
| File created | C:\Windows\Tasks\Test Task17.job | C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe | N/A |
Browser Information Discovery
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\temp_31770.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097520101\JCFx2xj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097510101\zY9sqWs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097540101\W6ySCZP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\agnjxs\potapg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133856155198799525" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\Explorer.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe
"C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe
C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe
"C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe"
C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe
"C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe"
C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe
"C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe"
C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe
"C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe"
C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
"C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe"
C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe
"C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe"
C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe
"C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe"
C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe
"C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe"
C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe
"C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe"
C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe
"C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe" -burn.filehandle.attached=812 -burn.filehandle.self=816
C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe
C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5276 -ip 5276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 844
C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5276 -ip 5276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 752
C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
C:\ProgramData\agnjxs\potapg.exe
C:\ProgramData\agnjxs\potapg.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe
"C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe"
C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe
"C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe"
C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
"C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe"
C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
"C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe"
C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
"C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5400 -ip 5400
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 968
C:\Users\Admin\AppData\Local\Temp\10097510101\zY9sqWs.exe
"C:\Users\Admin\AppData\Local\Temp\10097510101\zY9sqWs.exe"
C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe
C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe
C:\Users\Admin\AppData\Local\Temp\temp_31744.exe
"C:\Users\Admin\AppData\Local\Temp\temp_31744.exe"
C:\Users\Admin\AppData\Local\Temp\temp_31744.exe
"C:\Users\Admin\AppData\Local\Temp\temp_31744.exe"
C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe
C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe
C:\Users\Admin\AppData\Local\Temp\temp_31770.exe
"C:\Users\Admin\AppData\Local\Temp\temp_31770.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffb9ba0cc40,0x7ffb9ba0cc4c,0x7ffb9ba0cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4200,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3656 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4184 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4504,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5040 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5264,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5360,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5412 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5396,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5392 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4900,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4912 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\10097520101\JCFx2xj.exe
"C:\Users\Admin\AppData\Local\Temp\10097520101\JCFx2xj.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb9ba146f8,0x7ffb9ba14708,0x7ffb9ba14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2588 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2884 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3352 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3348 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2744 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3472 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3976 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2704 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\10097530101\4klgwMz.exe
"C:\Users\Admin\AppData\Local\Temp\10097530101\4klgwMz.exe"
C:\Users\Admin\AppData\Local\Temp\10097540101\W6ySCZP.exe
"C:\Users\Admin\AppData\Local\Temp\10097540101\W6ySCZP.exe"
C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe
"C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb9ba146f8,0x7ffb9ba14708,0x7ffb9ba14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3472 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3476 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2700 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3540 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3796 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3808 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3884 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\10097560101\OEHBOHk.exe
"C:\Users\Admin\AppData\Local\Temp\10097560101\OEHBOHk.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe
"C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe"
C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe
"C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4664 -ip 4664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 960
C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe
C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe
C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe
C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb9ba146f8,0x7ffb9ba14708,0x7ffb9ba14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2788 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2596 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3596 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4328 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3824 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4736 /prefetch:2
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | circujitstorm.bet | udp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| RU | 176.113.115.6:80 | 176.113.115.6 | tcp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| RU | 176.113.115.7:80 | 176.113.115.7 | tcp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| RU | 176.113.115.7:80 | 176.113.115.7 | tcp |
| US | 8.8.8.8:53 | cobolrationumelawrtewarms.com | udp |
| NL | 107.189.27.66:80 | cobolrationumelawrtewarms.com | tcp |
| LU | 45.59.120.8:80 | 45.59.120.8 | tcp |
| FI | 135.181.76.95:80 | 135.181.76.95 | tcp |
| US | 8.8.8.8:53 | drunkeflavorz.pw | udp |
| US | 8.8.8.8:53 | explorebieology.run | udp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| RU | 176.113.115.7:80 | tcp | |
| DE | 5.75.210.149:443 | tcp | |
| FR | 45.155.103.183:1488 | tcp | |
| RU | 185.81.68.156:80 | 185.81.68.156 | tcp |
| US | 8.8.8.8:53 | joyfulhezart.tech | udp |
| US | 8.8.8.8:53 | hardswarehub.today | udp |
| US | 8.8.8.8:53 | gadgethgfub.icu | udp |
| US | 8.8.8.8:53 | hardrwarehaven.run | udp |
| US | 8.8.8.8:53 | techmindzs.live | udp |
| US | 8.8.8.8:53 | codxefusion.top | udp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| RU | 176.113.115.7:80 | 176.113.115.7 | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| RU | 185.81.68.156:80 | 185.81.68.156 | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 8.8.8.8:53 | drunkeflavorz.pw | udp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | su.t.goldenloafuae.com | udp |
| FR | 45.155.103.183:1488 | tcp | |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 104.86.110.202:80 | e5.o.lencr.org | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| US | 172.67.179.246:443 | explorebieology.run | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | tcp |
| US | 150.171.28.10:443 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.179.225:443 | clients2.googleusercontent.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 150.171.28.10:443 | tcp | |
| US | 150.171.28.10:443 | tcp | |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | towerbingobongoboom.com | udp |
| US | 213.209.150.137:4000 | towerbingobongoboom.com | tcp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| FI | 95.217.27.252:443 | su.t.goldenloafuae.com | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | dryentaidne.run | udp |
| US | 8.8.8.8:53 | uncertainyelemz.bet | udp |
| US | 8.8.8.8:53 | hobbyedsmoker.live | udp |
| US | 8.8.8.8:53 | dsfljsdfjewf.info | udp |
| US | 8.8.8.8:53 | deaddereaste.today | udp |
| US | 8.8.8.8:53 | subawhipnator.life | udp |
| US | 8.8.8.8:53 | privileggoe.live | udp |
| US | 8.8.8.8:53 | decreaserid.world | udp |
| US | 8.8.8.8:53 | pastedeputten.life | udp |
| FR | 45.155.103.183:1488 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.20:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | experimentalideas.today | udp |
| US | 172.67.150.33:443 | experimentalideas.today | tcp |
| US | 8.8.8.8:53 | piaktrip.online | udp |
| US | 104.21.40.182:443 | piaktrip.online | tcp |
| RU | 176.113.115.7:80 | 176.113.115.7 | tcp |
| US | 8.8.8.8:53 | biochextryhub.bet | udp |
| US | 104.21.68.89:443 | biochextryhub.bet | tcp |
| RU | 185.81.68.156:80 | 185.81.68.156 | tcp |
| US | 104.21.68.89:443 | biochextryhub.bet | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 40.69.147.202:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 104.21.68.89:443 | biochextryhub.bet | tcp |
| US | 104.21.68.89:443 | biochextryhub.bet | tcp |
| US | 104.21.68.89:443 | biochextryhub.bet | tcp |
| US | 104.21.68.89:443 | biochextryhub.bet | tcp |
| US | 8.8.8.8:53 | udp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:52256 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| US | 172.67.150.33:443 | experimentalideas.today | tcp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| US | 172.67.150.33:443 | experimentalideas.today | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 172.67.150.33:443 | experimentalideas.today | tcp |
| US | 104.21.28.84:443 | circujitstorm.bet | tcp |
| US | 172.67.150.33:443 | experimentalideas.today | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe
| MD5 | a92d6465d69430b38cbc16bf1c6a7210 |
| SHA1 | 421fadebee484c9d19b9cb18faf3b0f5d9b7a554 |
| SHA256 | 3cdb245eb031230d5652ea5a1160c0cbbb6be92fb3ea3cf2ee14b3d84677fc77 |
| SHA512 | 0fc65c930a01db8cf306252402c47cf00b1222cd9d9736baf839488cdd6cf96ae8be479e08282ec7f34b665250580466a25cdfc699f4ecef6d5e4d543db8c345 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe
| MD5 | 1e71f9a7f21fb7ab1e9b5df304fdbbc8 |
| SHA1 | 604ddeeccf400b3e391a530324af4319d0390f67 |
| SHA256 | f10ad8b3012869d812613a7ce6877ebc6fea09fbe74a48410f14a51d8ff3049c |
| SHA512 | 423a6dd1cd808c456f14e5a9ebe38782363ef1ab851fe6a832718859054f9933590ee208d2e3e19cb655d856d443e51838fedfe6d307a2d9cbde63fd3a77f1c7 |
memory/6064-20-0x0000000000050000-0x0000000000365000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe
| MD5 | 19668940080169c70b830bed8c390783 |
| SHA1 | 5e6b72e52abc7d221d512111e39cbdd3f2ad40c1 |
| SHA256 | cdbc641b8c23b5699f899b408394ecfc946af9ac7a38c5d44c78a4a938e7b02c |
| SHA512 | c322eba01ff4544b8077ec400f15ecffd3b66f89e0e0e26946224771c1ffb9c687ff4adc2e0a5e6b119766b3c8300971cfc2c990ff48346d9d3d514ab5d4bed2 |
memory/3452-36-0x00007FF792DE0000-0x00007FF792E7F000-memory.dmp
memory/3556-37-0x0000000007A50000-0x0000000007AF5000-memory.dmp
memory/3556-38-0x0000000007A50000-0x0000000007AF5000-memory.dmp
memory/3452-41-0x00007FF792DE0000-0x00007FF792E7F000-memory.dmp
memory/6064-42-0x0000000000050000-0x0000000000365000-memory.dmp
memory/6064-43-0x0000000000050000-0x0000000000365000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe
| MD5 | e82c4c3f7a2994eeecc1f81a5e4a4180 |
| SHA1 | 660820f778073332dcd5ec446d2fcf00de887abd |
| SHA256 | 11eec5d71c7fadae9d7176448d8fff3de44ec8d3b4df86f0eca59e06adf202d3 |
| SHA512 | 4d3e42e68b9fa6330edfee677ad55ae24964c33d6fd2d25ba6c2876d80f8d9cbc999c6e27192ce58a45559d00b3c0bc71ddbee1ad8d6fd7083b705ef5cf84d76 |
memory/6064-61-0x0000000000050000-0x0000000000365000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe
| MD5 | 93da4bdbae52d91d32a34c140466e8cf |
| SHA1 | 2177f234160ef77058d2237a8f97c1d663647240 |
| SHA256 | 878228e580cd27a72a847922f9b16b7d16d0797c68aa9e6642ae3da13518de7a |
| SHA512 | 14d14d6d8d436953ed43483b8b3ba30a4f1df73eb2eca055c047bb0b7e328150ae0c49122a657f5f8ab752872e5d40b791e793675110df5c90440077f446b91a |
memory/6064-68-0x0000000000050000-0x0000000000365000-memory.dmp
memory/1592-65-0x0000000000580000-0x0000000000A42000-memory.dmp
memory/1592-70-0x0000000000580000-0x0000000000A42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe
| MD5 | 02579a797e919dcaf5758fbcbe34b093 |
| SHA1 | 7668fff0888f4c7ad7a83b24f8c6d4009c10e534 |
| SHA256 | 0a63a310dfc4ce680c96f72f5b9c9559f9e6d9c3d99f48c8782ee43c56a8728c |
| SHA512 | 2b99b620ca06f03a1924c0ab2feef96142df6ff16558d30c37e8b3e5602e5d5b2ecd4e7bd3b4499ef64a0eb32cb136821442e79b3aa66caf42467c749116e5f5 |
C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe
| MD5 | f53198e8b444658cf7134f5ccb466a98 |
| SHA1 | 0283e56ed7201eecfc7dad30cc6f3f30d677be66 |
| SHA256 | 936004bbb9d3c4763c0e36cc887b21315ae6c2d55c366cb3b3390d480b827107 |
| SHA512 | ee40f63f7b75cc1b55d11c56c25086d2d66ae86a3f65326d5a75cf0f2fac94ebee622cd4844b4f6468b2bfd011ab80558f41e1b62d2a7864b0ce7f61d3bdcf09 |
memory/2304-110-0x0000000000400000-0x0000000000823000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe
| MD5 | dab2bc3868e73dd0aab2a5b4853d9583 |
| SHA1 | 3dadfc676570fc26fc2406d948f7a6d4834a6e2c |
| SHA256 | 388bd0f4fe9fca2897b29caac38e869905fd7d43c1512ca3fb9b772fbf2584eb |
| SHA512 | 3aefebe985050dbbd196e20e7783ada4c74a57fb167040323390c35a5c7b0185cb865591bf77096ff2bb5269c4faa62c70f6c18fc633851efa3c7f8eefe1ceb8 |
memory/916-129-0x0000000000B40000-0x000000000122E000-memory.dmp
memory/2304-131-0x0000000000400000-0x0000000000823000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe
| MD5 | cde0f4bf8c4605529175bbb5e86c6bad |
| SHA1 | 8194071706458c456a021e8e17b0a63ba3b54b44 |
| SHA256 | 989ab0b506d60a468a8ab919dd973cae0f00072d60615d9b0243825e4b4a4e7e |
| SHA512 | 265a84c26b56abdd0548503eea7b1ce76b6661ce874e7ef0235dad6d424b568ac104adf5324ee164924b67d4865222e5bc4567ea4ce67b39f08215ad301697ea |
memory/2304-147-0x0000000000400000-0x0000000000823000-memory.dmp
memory/4612-149-0x0000000000EE0000-0x0000000000F45000-memory.dmp
memory/916-153-0x0000000000B40000-0x000000000122E000-memory.dmp
memory/3240-155-0x00007FF7BEFF0000-0x00007FF7BF140000-memory.dmp
memory/2304-154-0x0000000000400000-0x0000000000823000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe
| MD5 | 001d7acad697c62d8a2bd742c4955c26 |
| SHA1 | 840216756261f1369511b1fd112576b3543508f7 |
| SHA256 | de53f6f359af6ccc361faf2aa74690c9575b987a01f1250a6eb042cf9d4ea4af |
| SHA512 | f06039d1d7ad28a04877e4eabb6fb7a5137a0040b8c316bee502bce6c68058bfe62db9480674bb69c9aeabae34304adeeff86dc3a8427929d00a842d2f2e80eb |
C:\Windows\Temp\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe
| MD5 | eff9e9d84badf4b9d4c73155d743b756 |
| SHA1 | fd0ad0c927617a3f7b7e1df2f5726259034586af |
| SHA256 | d61ef1bfa73bd5b013066d86f1c41e33bb396fc547cf5ab7191f56cc7b463aad |
| SHA512 | 0006273c86e8130e06e705a2be46c3433c0d1b34463123354c1857ebf88503d6e7e90602dc40960351baa03155074f8c5834b251be9da90fd95b10e498a98a19 |
C:\Windows\Temp\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\Quadrisyllable.dll
| MD5 | a1e561bc201a14277dfc3bf20d1a6cd7 |
| SHA1 | 1895fd97fb75ad6b59fc6d2222cf36b7dc608b29 |
| SHA256 | 7ae39cb5cd14a875af3e43df4a309d6a7a44c0339c413bf21b0300c84e35b66c |
| SHA512 | aaa4e7350094dc7574e5f18ce619f48a45062674353f0f2a340a1fea0055c7961a9b257455d8ea877d739635e3444df08f049484f48fa9729d8fb1667374cf3c |
C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe
| MD5 | 1f166f5c76eb155d44dd1bf160f37a6a |
| SHA1 | cd6f7aa931d3193023f2e23a1f2716516ca3708c |
| SHA256 | 2d13424b09ba004135a26ccd60b64cdd6917d80ce43070cbc114569eae608588 |
| SHA512 | 38ad8f1308fe1aae3ddf7dbc3b1c5442663571137390b3e31e2527b8fec70e7266b06df295df0c411fcc500424022f274fd467d36040def2e1a4feff88c749b7 |
C:\Windows\Temp\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\phyllopod.html
| MD5 | 7acd5f1bb75aef6681027e02232f3b7d |
| SHA1 | caef0696cf3a2c86078fe068cf37a2a58ea495c5 |
| SHA256 | 7501366637ca181f4f0c310d4020ace9d58cbf872f47abf82dd42ed98d2d6bef |
| SHA512 | 0887ba61cefb6e5010d276a4c9596e126dd782f672928e32d2126935fba487ea2ff729c8ab840f7db8babc31c00db981957f5d90249da0972082ce9d7062f533 |
C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\sqlite3.dll
| MD5 | 1e24135c3930e1c81f3a0cd287fb0f26 |
| SHA1 | 9d13bfe63ddb15743f7770387b21e15652f96267 |
| SHA256 | 1ce645aa8d3e5ef2a57a0297121e54b31cc29b44b59a49b1330e3d0880ce5012 |
| SHA512 | 04e3ffa4d71b2324fafcb856b9e686ffd3f7a24e1cb6531b3715aa3b0abd52709a9dcb79643384315ebc16cf8899bd9b218ca5c6d47dc97df278126d0836201f |
C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\blast.tar.gz
| MD5 | 219fe0e290712a35fd4c648f681e2d25 |
| SHA1 | 83658f481a6aeeea45da571cf5e406078f8993cb |
| SHA256 | 51964920f5d4ddc699d5e6259df554798a305b87dd1a38afd4ed56a5f7713571 |
| SHA512 | 5e75a5b5c80f3ec76b78e3993f694d6d2fc747a3f04363ff1de36e25669dfc68bbbdd8a0559ad3754ae956faab4cd53d73fb32044d7d82aee0b2ca012f969fe8 |
memory/2436-195-0x0000000072D00000-0x0000000072E7B000-memory.dmp
memory/2436-196-0x00007FFBAAAB0000-0x00007FFBAACA5000-memory.dmp
memory/2436-202-0x0000000000400000-0x0000000000D48000-memory.dmp
memory/3248-209-0x0000000072D90000-0x0000000072F0B000-memory.dmp
memory/3248-210-0x00007FFBAAAB0000-0x00007FFBAACA5000-memory.dmp
memory/1596-219-0x0000000000400000-0x0000000000823000-memory.dmp
C:\Windows\Tasks\Test Task17.job
| MD5 | a624fc80d66bb39aea86f6ab5134f9cd |
| SHA1 | 61f20420d6de406ec20cb8e36ce34b933d333dad |
| SHA256 | 11705e29beea7149a7a4e330c3e3b77626a960d67177ff02c3c69d01c60eaf1f |
| SHA512 | d80df2c7f6fef32fcae8b3a27795f01d62bb77f379cc3b69ddc59a0dc6d4bdcf2add86409d1f43d20771960aecedc3684d1ca802fa4047b7368cc309512d8ca4 |
memory/3248-239-0x0000000072D90000-0x0000000072F0B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\83f696dc
| MD5 | ef0ab237c23c17c8b06b0e6bf2cf17b0 |
| SHA1 | 0b202015a91dc00073ef8188c46f226534137adc |
| SHA256 | f6d75136bcb41b98100e57693093a6986d5266938697a788eebc07a54072d4f3 |
| SHA512 | 384a3765d9f1f86ec00666096c1ee64fc8252d5a02ccd46d4cc7c536016f6a09379129fafb3c7caac350d1cf098bff88f13ad9a6091c0c29347635099311e612 |
memory/3248-242-0x0000000000400000-0x0000000000D48000-memory.dmp
memory/2304-243-0x0000000000400000-0x0000000000823000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe
| MD5 | 971c0e70de5bb3de0c9911cf96d11743 |
| SHA1 | 43badfc19a7e07671817cf05b39bc28a6c22e122 |
| SHA256 | 67c9bb968cd0de2bfb2c24b00cfb2b98ac7403135ea47d98961652518584e45d |
| SHA512 | a46523d8c71c0df25a043e2250ee1b6792e147314ec2097870a7972c892fd1a2022994f10823dadf54f161d11e808251b85a18efb9db9450d97af4b2f173f3c2 |
memory/2964-262-0x00007FFBAAAB0000-0x00007FFBAACA5000-memory.dmp
memory/1596-265-0x0000000000400000-0x0000000000823000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
| MD5 | b60779fb424958088a559fdfd6f535c2 |
| SHA1 | bcea427b20d2f55c6372772668c1d6818c7328c9 |
| SHA256 | 098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221 |
| SHA512 | c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f |
memory/5400-280-0x0000000000D90000-0x0000000000DF0000-memory.dmp
memory/5400-281-0x0000000005B70000-0x0000000006114000-memory.dmp
memory/5756-288-0x0000000000400000-0x0000000000429000-memory.dmp
memory/5756-286-0x0000000000400000-0x0000000000429000-memory.dmp
memory/5756-284-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2304-289-0x0000000000400000-0x0000000000823000-memory.dmp
memory/2792-291-0x000002914C730000-0x000002914C782000-memory.dmp
memory/2792-292-0x00000291655A0000-0x00000291656AA000-memory.dmp
memory/2792-294-0x0000029165450000-0x000002916548C000-memory.dmp
memory/2792-293-0x00000291653F0000-0x0000029165402000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10097510101\zY9sqWs.exe
| MD5 | 2bb133c52b30e2b6b3608fdc5e7d7a22 |
| SHA1 | fcb19512b31d9ece1bbe637fe18f8caf257f0a00 |
| SHA256 | b8e02f2bc0ffb42e8cf28e37a26d8d825f639079bf6d948f8debab6440ee5630 |
| SHA512 | 73229885f8bf4aace4671b819a8487f36acb7878cd309bdf80b998b0a63584f3063364d192b1fc26fa71b9664908fe290a00f6898350c30f40d5f2a2d2efe51f |
memory/2792-306-0x00007FF7CDFF0000-0x00007FF7CE19E000-memory.dmp
memory/3556-310-0x0000000007A50000-0x0000000007AF5000-memory.dmp
memory/3556-311-0x0000000007A50000-0x0000000007AF5000-memory.dmp
memory/3556-316-0x0000000007A50000-0x0000000007AF5000-memory.dmp
memory/3556-312-0x0000000007A50000-0x0000000007AF5000-memory.dmp
memory/1596-322-0x0000000000400000-0x0000000000823000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe
| MD5 | a8d5951e44a77f82627bd0a98fde78d9 |
| SHA1 | 423fd487ab2a50e1160a08bde17ae790dd556c16 |
| SHA256 | d278cc9dafdafb263a646c041f37118cdf835d397ec0a7c0c4d0cd0babfb5234 |
| SHA512 | 0e71bf2dff31eae4d5870d3544536a6f2c9b09b547dfae62d0f1371184e82e731830a4a210e34af6a0bee06537a55e10b688059c474e364ca5c0e0d1d3647c68 |
memory/2304-363-0x0000000000400000-0x0000000000823000-memory.dmp
memory/2448-367-0x00000000013D0000-0x0000000001435000-memory.dmp
memory/1596-371-0x0000000000400000-0x0000000000823000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\temp_31744.exe
| MD5 | 5f0b24ae3c62d53654aefb8ce7b3df42 |
| SHA1 | 808074206c7d8253fe747648748241564f763443 |
| SHA256 | f6bb2348bfefb8f96e47f2195e42c3b49bbab0ebded99a1d030eb7ed1ed8c738 |
| SHA512 | e47b8d995cf2fea1ad930c40f75835fdcaa170f12bba95ab30cc59d53949878f86debd4a792ed6dba815faae63d5f6aa28dd6f85cfdc60de8cf2cfd46f8159dd |
memory/2964-432-0x0000000072D90000-0x0000000072F0B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI52882\python38.dll
| MD5 | d2a8a5e7380d5f4716016777818a32c5 |
| SHA1 | fb12f31d1d0758fe3e056875461186056121ed0c |
| SHA256 | 59ab345c565304f638effa7c0236f26041fd06e35041a75988e13995cd28ace9 |
| SHA512 | ad1269d1367f587809e3fbe44af703c464a88fa3b2ae0bf2ad6544b8ed938e4265aab7e308d999e6c8297c0c85c608e3160796325286db3188a3edf040a02ab7 |
C:\Users\Admin\AppData\Local\Temp\_MEI52882\ucrtbase.dll
| MD5 | 4e326feeb3ebf1e3eb21eeb224345727 |
| SHA1 | f156a272dbc6695cc170b6091ef8cd41db7ba040 |
| SHA256 | 3c60056371f82e4744185b6f2fa0c69042b1e78804685944132974dd13f3b6d9 |
| SHA512 | be9420a85c82eeee685e18913a7ff152fcead72a90ddcc2bcc8ab53a4a1743ae98f49354023c0a32b3a1d919bda64b5d455f6c3a49d4842bbba4aa37c1d05d67 |
C:\Users\Admin\AppData\Local\Temp\temp_31770.exe
| MD5 | ce977569ace61fe7a3feca3ff6353754 |
| SHA1 | c31b8eddb5fef01f18589c92aebd56d9b1691384 |
| SHA256 | f4adcfcc3677778d9fa9e4e313f2fe60d08f1d5e69d1f4391c4f309ce6c6bf06 |
| SHA512 | 4277ccff02f15acbcbd43efb4fbf7db7c21c53cb582f70cf885e29b42c47ddd367cbb6e49b78023b86dbe1e60258ae6907188a1b7f8384dce64c6eb51460805f |
memory/4952-455-0x0000000000C40000-0x0000000000C45000-memory.dmp
memory/4952-454-0x0000000000C40000-0x0000000000C45000-memory.dmp
memory/2304-459-0x0000000000400000-0x0000000000823000-memory.dmp
memory/2304-461-0x0000000000400000-0x0000000000823000-memory.dmp
memory/244-467-0x00007FF7D4700000-0x00007FF7D4A26000-memory.dmp
memory/1596-468-0x0000000000400000-0x0000000000823000-memory.dmp
memory/244-469-0x00007FF7D4700000-0x00007FF7D4A26000-memory.dmp
C:\ProgramData\6p8gv\2vs26f
| MD5 | f310cf1ff562ae14449e0167a3e1fe46 |
| SHA1 | 85c58afa9049467031c6c2b17f5c12ca73bb2788 |
| SHA256 | e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855 |
| SHA512 | 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2044_1196385024\db841934-2e3e-417c-854a-8ce149169162.tmp
| MD5 | eae462c55eba847a1a8b58e58976b253 |
| SHA1 | 4d7c9d59d6ae64eb852bd60b48c161125c820673 |
| SHA256 | ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad |
| SHA512 | 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2044_1196385024\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 6870e386322ca40c9c6a27d47cf41171 |
| SHA1 | 7770b455f9173e3c15fa5c96782f506ba2546a51 |
| SHA256 | 7182616ba2a04694897d3a63c59618d776f16d1e8014ac3aeedd2e0379007dec |
| SHA512 | 2c1431b94ca5ca02ff145c7352d348bbaf073eb69e6c3b851f12ac981afb8c832dad08152ea9c793d9fc3a8494cec73ffe102b2ff3a7048385a9e0707526682b |
C:\Users\Admin\AppData\Local\Temp\10097520101\JCFx2xj.exe
| MD5 | 7ff72f21d83d3abdc706781fb3224111 |
| SHA1 | 3bfbe059b8e491bde4919fb29afa84d4ea1c0fa8 |
| SHA256 | 0c54843666a464f185c97a7693a91eb328827a900717e414357b897bd2630fea |
| SHA512 | dbb3c7b618bc2c80dae90ff902100d3902ddffe5705cf0c648b8b3f702fd8814b9cf66490e3260e09d36c1ce57bfc05d3f9bb0fc089c5ec7c553eb8a94d3320d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 39e376ee2f541e6b1ed0bca701e8fb59 |
| SHA1 | bfe3cc2eed8721339d433533aef6e18e0a13a9a3 |
| SHA256 | 80eda1e4d8c05e257ff17ef734d606e67d8ab70b3e351430b2b231631eed5e04 |
| SHA512 | a3f082c32857db0e3dec24394a259fff85e21b6a7b057ef55933504c23ec38cbb3237eb519d38385fc53cbc584c52aaf66291f44231245d9afee509a108a3350 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1377c48b-4b7a-474c-aefd-c4266771d011.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 39c51e5592e99966d676c729e840107b |
| SHA1 | e2dd9be0ffe54508a904d314b3cf0782a9a508b7 |
| SHA256 | 29f29a3495976b65de3df2d537628d260bc005da5956b262ff35e9f61d3d9ed3 |
| SHA512 | b20532d0131b12603410c3cb425cb5df0ddc740f34e688455eff757802ffc854be771b30c3ff196e56b396c6fe53928a1577c8330b00f3f7b849fcf625e51bf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6826c72d5e0484ce8c97c0d0cd4aa68c |
| SHA1 | abfdbe58edb6c3c3d1a5558672760ddd66444ddf |
| SHA256 | 1b7d2839e70123c3c87ee7abe08a978d76238c79b19a23033d56fa20a5c8d4b5 |
| SHA512 | a286dbfc4361eeafa99f98aa9dfdca7b1e6a5713b50d158c8a2ddecd64c3c39191ec978ba6608756c395954aaf71bc653a8e3c923f80e671be0d094f500d1e70 |
memory/4828-1025-0x00007FF68CC50000-0x00007FF68CCEF000-memory.dmp
memory/4828-1026-0x00007FF68CC50000-0x00007FF68CCEF000-memory.dmp
C:\ProgramData\D78784600CCB23B0.dat
| MD5 | a182561a527f929489bf4b8f74f65cd7 |
| SHA1 | 8cd6866594759711ea1836e86a5b7ca64ee8911f |
| SHA256 | 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914 |
| SHA512 | 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558 |
C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe
| MD5 | 6006ae409307acc35ca6d0926b0f8685 |
| SHA1 | abd6c5a44730270ae9f2fce698c0f5d2594eac2f |
| SHA256 | a5fa1579a8c1a1d4e89221619d037b6f8275f34546ed44a020f5dfcee3710f0b |
| SHA512 | b2c47b02c972f63915e2e45bb83814c7706b392f55ad6144edb354c7ee309768a38528af7fa7aeadb5b05638c0fd55faa734212d3a657cd08b7500838135e718 |
memory/1164-1074-0x0000000000490000-0x000000000092B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\49b313fc-3207-481c-976e-0658ff7f1202.dmp
| MD5 | 73706ad5c1bb1896d1a3ca110b11c09d |
| SHA1 | c297eac02ac7d27555db54d93fac4d2b02e6cdef |
| SHA256 | a11d523587eafa65c4c9cbbca903c180ad0d9b639b64ed7961aaf404d00833ba |
| SHA512 | 460b76d7e253fb826cf5a44b45326ba37bb8d46b1ee9002b8b4c7d10c024ebb04c5a16e9eae6641b870fa6fcd43de549aac2a50b25962c130b1c910dadf0b90d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 885929851d2624da41e4b4d350bb8336 |
| SHA1 | 498a05dd43f8a3d0efd3fd775073ca4ade9fa4fa |
| SHA256 | 3ff66d1dc39087b197c0c78bcb911e70fc6c110b3d996af09f6ef0515d2da1e0 |
| SHA512 | 57009d109a04875b592904b8a27ad512c75779e0f949e4659d361cfbfc84afafd3426b5162812c161858c9092f60e4d9d0a0ac1c439aff95da639f04f1af4cb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a5c3f1494656cb42310bd8f90245f75 |
| SHA1 | f69bfe000c6a2886aaf5541ee311130b4c977ea9 |
| SHA256 | 543afb010b14cc5602d8bbcf76fd69a1a49bc7c0ae82a816ae9606f430369c96 |
| SHA512 | 9ed8cdb8350ded1a0b788aa3f55ad0973233bd853729ea39d957d861ef348a7eb2e11204449a05f6f998dc23f3e1f5f310ba63396e00ca7ffee6fa1a18c69425 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 7fe8d1ebf7e8ab154d98408f67a429b8 |
| SHA1 | a8fc0daf4808a05c680ec5c17e5fb94230682045 |
| SHA256 | e394eaae59d6a92873b2a535ac9bad9555c30e9fb1d358574df1f0f385bb6127 |
| SHA512 | bdf68c33b012f51be6bc480326f904082d411bd80f947dfa87b70891dfb6cdaf03dfeec8fbd63dcd1ae60036be900b5589217a0af2d7c969ee1521d3a0ccf57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a2bd9047-3f6b-48da-aa91-770c7f6b411b.dmp
| MD5 | 14b223c47c63c28fb8b570e2f73fecbc |
| SHA1 | bd44cbb871e6bb93f3156ccef0db38d3e56df765 |
| SHA256 | 36741315bd7e87f4579dc23b26806b6de5ad6a20b11ce9c33f4d95fe251f09c9 |
| SHA512 | ed7f7ddaf13ccd49d8fa912f0404910d42fe51185b8a470f4d017058fe410bb1c89fbd86568a7ea0eb586a801b455f96b3ad0f3356170b635f855b1df1633124 |
C:\Users\Admin\AppData\Local\Temp\10097560101\OEHBOHk.exe
| MD5 | 3babce4f85902c7bcfde22e222508c4e |
| SHA1 | 4898ae5c075322b47ab2f512b5463ee6116d98f7 |
| SHA256 | 06b678b55cb81e6999b25903def2ac02336dc6c9ff3cd6afdaafffd55e2e5302 |
| SHA512 | f8687729c8931579f8120f6451f669726f115123c10a7c5ce6d9a24746940153efcf7e33b719e8f543f9b4316db485633272943f462bf948b4044f234795d629 |
memory/1164-1225-0x0000000000490000-0x000000000092B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe
| MD5 | 641525fe17d5e9d483988eff400ad129 |
| SHA1 | 8104fa08cfcc9066df3d16bfa1ebe119668c9097 |
| SHA256 | 7a87b801af709e8e510140f0f9523057793e7883ec2b6a4eab90fcf0ec20fd4a |
| SHA512 | ee92bc34e21bb68aeda20b237e8b8e27f95e4cc44f5fd9743b52079c40f193cc342f8bb2690fd7ab3624e1690979118bd2e00a46bda3052cbd76bc379b87407e |
memory/4664-1242-0x0000000000BF0000-0x0000000000C60000-memory.dmp
C:\ProgramData\B2784AC4CAB4766E.dat
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9be16ecdad7efd722ddd8d0bc4c4eed0 |
| SHA1 | a87c7dcdd46f65cff1543c4650d4d586c2a435c2 |
| SHA256 | 59088b86558ee488d2723c67bc353b7028d1a05e7d762d36f5fdffab15602ce1 |
| SHA512 | 6a24d6fd3940c8437d6a4a2266cbc0b8e2e46f74a949a614efac346ed06c6a341b0be2a829718bc49299fcddc406d88a38873695922986b149fb25f4d1e7da82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 787a74cd509e35441602c0386f5da74b |
| SHA1 | 8e550588a19172161035519b8132ccc8e783a873 |
| SHA256 | f076b00cfb27bbd9418b089a0bd9609b69155b3461fc9329a7148756aeedad0b |
| SHA512 | 7faf11ed55e80d922ac1accacc96623daf21fb37181bb5e8102cf7894afbe128ba5886f6b55e5032bd4c4b5828db6cd1d0ec9a9b22637f11ab580732ec298dce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\43e1011e-9881-48bd-a3b5-509383fce167.dmp
| MD5 | ab4ce82bceabcc283e4f9dcd1b54db39 |
| SHA1 | 8d88d83c4e5e21fc0b7ec65eb8eb99d00dd4a4fa |
| SHA256 | f5954fefc3705b09257d4afe38cba618b45570d1209c9bbbf7c3840e5d73a839 |
| SHA512 | 55a18a49df59d8adb4fd6a52a7f020a0fef38bdeaf85b8595fa896304c37a161c336f6879375fb7dc50d219b0e6b2cd0f9534c2c7ed39b5dde5c548646ddb3c7 |