Malware Analysis Report

2025-04-03 09:23

Sample ID 250305-cy46nswmz7
Target 37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe
SHA256 37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c
Tags
amadey redline svcstealer systembc vidar 092155 ir7am testproliv credential_access defense_evasion discovery downloader infostealer persistence pyinstaller spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c

Threat Level: Known bad

The file 37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe was found to be: Known bad.

Malicious Activity Summary

amadey redline svcstealer systembc vidar 092155 ir7am testproliv credential_access defense_evasion discovery downloader infostealer persistence pyinstaller spyware stealer trojan

RedLine

Detect Vidar Stealer

Vidar

Systembc family

SystemBC

SvcStealer, Diamotrix

RedLine payload

Amadey family

Detects SvcStealer Payload

Amadey

Svcstealer family

Redline family

Vidar family

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Uses browser remote debugging

Downloads MZ/PE file

Executes dropped EXE

Checks BIOS information in registry

Identifies Wine through registry keys

.NET Reactor proctector

Loads dropped DLL

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Checks computer location settings

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in Windows directory

Browser Information Discovery

Detects Pyinstaller

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Program crash

Unsigned PE

Checks processor information in registry

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of UnmapMainImage

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-05 02:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-05 02:30

Reported

2025-03-05 02:32

Platform

win10v2004-20250217-en

Max time kernel

149s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

Amadey

trojan amadey

Amadey family

amadey

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects SvcStealer Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Redline family

redline

SvcStealer, Diamotrix

stealer downloader svcstealer

Svcstealer family

svcstealer

SystemBC

trojan systembc

Systembc family

systembc

Vidar

stealer vidar

Vidar family

vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\agnjxs\potapg.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\agnjxs\potapg.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\agnjxs\potapg.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe N/A
N/A N/A C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe N/A
N/A N/A C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\ProgramData\agnjxs\potapg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097510101\zY9sqWs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\temp_31744.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\temp_31744.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\temp_31770.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097520101\JCFx2xj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097530101\4klgwMz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097540101\W6ySCZP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097560101\OEHBOHk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine C:\ProgramData\agnjxs\potapg.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ffbfdaafaedddac = "\"C:\\ProgramData\\ffbfdaafaedddac.exe\"" C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ffbfdaafaedddac = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\10089420101\\4klgwMz.exe\"" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ffbfdaafaedddac = "\"C:\\ProgramData\\ffbfdaafaedddac.exe\"" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemHandler = "C:\\Users\\Admin\\AppData\\Local\\Temp\\temp_31770.exe" C:\Users\Admin\AppData\Local\Temp\temp_31770.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemHandler = "C:\\ProgramData\\Winsrv\\winsvc.exe" C:\Users\Admin\AppData\Local\Temp\temp_31770.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe N/A

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\rapes.job C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe N/A
File created C:\Windows\Tasks\Gxtuum.job C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe N/A
File created C:\Windows\Tasks\Test Task17.job C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\temp_31770.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097520101\JCFx2xj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097510101\zY9sqWs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097540101\W6ySCZP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\agnjxs\potapg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133856155198799525" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\Explorer.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe N/A
N/A N/A C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
N/A N/A C:\ProgramData\agnjxs\potapg.exe N/A
N/A N/A C:\ProgramData\agnjxs\potapg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 688 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe
PID 688 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe
PID 688 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe
PID 4116 wrote to memory of 6036 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 4116 wrote to memory of 6036 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 4116 wrote to memory of 6036 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 688 wrote to memory of 6064 N/A C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe
PID 688 wrote to memory of 6064 N/A C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe
PID 688 wrote to memory of 6064 N/A C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe
PID 6036 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe
PID 6036 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe
PID 3452 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe C:\Windows\Explorer.EXE
PID 6036 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe
PID 6036 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe
PID 6036 wrote to memory of 4612 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe
PID 6064 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe
PID 6064 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe
PID 6064 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe
PID 6036 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe
PID 6036 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe
PID 6036 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe
PID 1912 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 1912 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 1912 wrote to memory of 3676 N/A C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 3676 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe
PID 3676 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe
PID 3676 wrote to memory of 2304 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe
PID 6036 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe
PID 6036 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe
PID 6036 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe
PID 6036 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe
PID 6036 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe
PID 6036 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe
PID 6036 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe
PID 6036 wrote to memory of 3008 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe
PID 3008 wrote to memory of 5276 N/A C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe
PID 3008 wrote to memory of 5276 N/A C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe
PID 3008 wrote to memory of 5276 N/A C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe
PID 5276 wrote to memory of 2436 N/A C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe
PID 5276 wrote to memory of 2436 N/A C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe
PID 5276 wrote to memory of 2436 N/A C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe
PID 2436 wrote to memory of 3248 N/A C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
PID 2436 wrote to memory of 3248 N/A C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
PID 2436 wrote to memory of 3248 N/A C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe
PID 3248 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe C:\Windows\SysWOW64\cmd.exe
PID 3248 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe C:\Windows\SysWOW64\cmd.exe
PID 3248 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe C:\Windows\SysWOW64\cmd.exe
PID 6036 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe
PID 6036 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe
PID 6036 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe
PID 3248 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe C:\Windows\SysWOW64\cmd.exe
PID 6036 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe
PID 6036 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe
PID 6036 wrote to memory of 5400 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 6036 wrote to memory of 5400 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 6036 wrote to memory of 5400 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 5400 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 5400 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 5400 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 5400 wrote to memory of 5756 N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 5400 wrote to memory of 5756 N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 5400 wrote to memory of 5756 N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 5400 wrote to memory of 5756 N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe
PID 5400 wrote to memory of 5756 N/A C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe

"C:\Users\Admin\AppData\Local\Temp\37ed815b936087889df2431acf87e6a85cee52ee5c876ac5f2df34ae5a64282c.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe

C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe

"C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe"

C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe

"C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe"

C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe

"C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe"

C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe

"C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe"

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

"C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe"

C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe

"C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe"

C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe

"C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe"

C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe

"C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe"

C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe

"C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe"

C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe

"C:\Windows\TEMP\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe" -burn.filehandle.attached=812 -burn.filehandle.self=816

C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe

C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5276 -ip 5276

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 844

C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe

C:\Users\Admin\AppData\Roaming\streamfirefox\WiseTurbo.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5276 -ip 5276

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 752

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\ProgramData\agnjxs\potapg.exe

C:\ProgramData\agnjxs\potapg.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe

"C:\Users\Admin\AppData\Local\Temp\10097480101\8jQumY5.exe"

C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe

"C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe"

C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe"

C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe"

C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5400 -ip 5400

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 968

C:\Users\Admin\AppData\Local\Temp\10097510101\zY9sqWs.exe

"C:\Users\Admin\AppData\Local\Temp\10097510101\zY9sqWs.exe"

C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe

C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe

C:\Users\Admin\AppData\Local\Temp\temp_31744.exe

"C:\Users\Admin\AppData\Local\Temp\temp_31744.exe"

C:\Users\Admin\AppData\Local\Temp\temp_31744.exe

"C:\Users\Admin\AppData\Local\Temp\temp_31744.exe"

C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe

C:\Users\Admin\AppData\Local\Temp\WatcherUpdate_test.exe

C:\Users\Admin\AppData\Local\Temp\temp_31770.exe

"C:\Users\Admin\AppData\Local\Temp\temp_31770.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffb9ba0cc40,0x7ffb9ba0cc4c,0x7ffb9ba0cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2232 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4200,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4184 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4860 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4504,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5040 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5264,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4972 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5360,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5412 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5396,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5392 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4900,i,3709068989238428455,7881076243612867936,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4912 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10097520101\JCFx2xj.exe

"C:\Users\Admin\AppData\Local\Temp\10097520101\JCFx2xj.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb9ba146f8,0x7ffb9ba14708,0x7ffb9ba14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2588 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3352 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3348 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2744 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3472 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3976 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8804676575339431812,8325261376594352516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2704 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10097530101\4klgwMz.exe

"C:\Users\Admin\AppData\Local\Temp\10097530101\4klgwMz.exe"

C:\Users\Admin\AppData\Local\Temp\10097540101\W6ySCZP.exe

"C:\Users\Admin\AppData\Local\Temp\10097540101\W6ySCZP.exe"

C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe

"C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb9ba146f8,0x7ffb9ba14708,0x7ffb9ba14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3472 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3476 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2700 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3540 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3796 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3808 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9491067365452128127,6735700556710049740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3884 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10097560101\OEHBOHk.exe

"C:\Users\Admin\AppData\Local\Temp\10097560101\OEHBOHk.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe

"C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe"

C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe

"C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4664 -ip 4664

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 960

C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe

C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe

C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe

C:\Users\Admin\AppData\Local\Temp\E084.tmp.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb9ba146f8,0x7ffb9ba14708,0x7ffb9ba14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2788 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2596 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3596 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4328 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3824 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,6197918015884475129,3606283955228552034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4736 /prefetch:2

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 circujitstorm.bet udp
US 104.21.28.84:443 circujitstorm.bet tcp
RU 176.113.115.6:80 176.113.115.6 tcp
US 104.21.28.84:443 circujitstorm.bet tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 104.21.28.84:443 circujitstorm.bet tcp
US 104.21.28.84:443 circujitstorm.bet tcp
US 104.21.28.84:443 circujitstorm.bet tcp
US 104.21.28.84:443 circujitstorm.bet tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 cobolrationumelawrtewarms.com udp
NL 107.189.27.66:80 cobolrationumelawrtewarms.com tcp
LU 45.59.120.8:80 45.59.120.8 tcp
FI 135.181.76.95:80 135.181.76.95 tcp
US 8.8.8.8:53 drunkeflavorz.pw udp
US 8.8.8.8:53 explorebieology.run udp
US 172.67.179.246:443 explorebieology.run tcp
US 172.67.179.246:443 explorebieology.run tcp
US 172.67.179.246:443 explorebieology.run tcp
US 172.67.179.246:443 explorebieology.run tcp
US 172.67.179.246:443 explorebieology.run tcp
US 172.67.179.246:443 explorebieology.run tcp
RU 176.113.115.7:80 tcp
DE 5.75.210.149:443 tcp
FR 45.155.103.183:1488 tcp
RU 185.81.68.156:80 185.81.68.156 tcp
US 8.8.8.8:53 joyfulhezart.tech udp
US 8.8.8.8:53 hardswarehub.today udp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 hardrwarehaven.run udp
US 8.8.8.8:53 techmindzs.live udp
US 8.8.8.8:53 codxefusion.top udp
US 172.67.212.102:443 codxefusion.top tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
RU 176.113.115.7:80 176.113.115.7 tcp
US 172.67.212.102:443 codxefusion.top tcp
RU 185.81.68.156:80 185.81.68.156 tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.212.102:443 codxefusion.top tcp
US 8.8.8.8:53 drunkeflavorz.pw udp
US 172.67.179.246:443 explorebieology.run tcp
US 172.67.179.246:443 explorebieology.run tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.179.246:443 explorebieology.run tcp
US 8.8.8.8:53 www.dropbox.com udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 172.67.179.246:443 explorebieology.run tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 su.t.goldenloafuae.com udp
FR 45.155.103.183:1488 tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 172.67.179.246:443 explorebieology.run tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 104.86.110.202:80 e5.o.lencr.org tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 172.67.179.246:443 explorebieology.run tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com tcp
US 150.171.28.10:443 tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.179.225:443 clients2.googleusercontent.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 150.171.28.10:443 tcp
US 150.171.28.10:443 tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 towerbingobongoboom.com udp
US 213.209.150.137:4000 towerbingobongoboom.com tcp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
FI 95.217.27.252:443 su.t.goldenloafuae.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 dryentaidne.run udp
US 8.8.8.8:53 uncertainyelemz.bet udp
US 8.8.8.8:53 hobbyedsmoker.live udp
US 8.8.8.8:53 dsfljsdfjewf.info udp
US 8.8.8.8:53 deaddereaste.today udp
US 8.8.8.8:53 subawhipnator.life udp
US 8.8.8.8:53 privileggoe.live udp
US 8.8.8.8:53 decreaserid.world udp
US 8.8.8.8:53 pastedeputten.life udp
FR 45.155.103.183:1488 tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 experimentalideas.today udp
US 172.67.150.33:443 experimentalideas.today tcp
US 8.8.8.8:53 piaktrip.online udp
US 104.21.40.182:443 piaktrip.online tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 biochextryhub.bet udp
US 104.21.68.89:443 biochextryhub.bet tcp
RU 185.81.68.156:80 185.81.68.156 tcp
US 104.21.68.89:443 biochextryhub.bet tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 40.69.147.202:443 nw-umwatson.events.data.microsoft.com tcp
US 104.21.68.89:443 biochextryhub.bet tcp
US 104.21.68.89:443 biochextryhub.bet tcp
US 104.21.68.89:443 biochextryhub.bet tcp
US 104.21.68.89:443 biochextryhub.bet tcp
US 8.8.8.8:53 udp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:52256 tcp
N/A 127.0.0.1:9223 tcp
US 104.21.28.84:443 circujitstorm.bet tcp
N/A 127.0.0.1:9223 tcp
US 104.21.28.84:443 circujitstorm.bet tcp
US 104.21.28.84:443 circujitstorm.bet tcp
US 104.21.28.84:443 circujitstorm.bet tcp
US 172.67.150.33:443 experimentalideas.today tcp
US 104.21.28.84:443 circujitstorm.bet tcp
US 172.67.150.33:443 experimentalideas.today tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 172.67.150.33:443 experimentalideas.today tcp
US 104.21.28.84:443 circujitstorm.bet tcp
US 172.67.150.33:443 experimentalideas.today tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1s89v4.exe

MD5 a92d6465d69430b38cbc16bf1c6a7210
SHA1 421fadebee484c9d19b9cb18faf3b0f5d9b7a554
SHA256 3cdb245eb031230d5652ea5a1160c0cbbb6be92fb3ea3cf2ee14b3d84677fc77
SHA512 0fc65c930a01db8cf306252402c47cf00b1222cd9d9736baf839488cdd6cf96ae8be479e08282ec7f34b665250580466a25cdfc699f4ecef6d5e4d543db8c345

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2X0520.exe

MD5 1e71f9a7f21fb7ab1e9b5df304fdbbc8
SHA1 604ddeeccf400b3e391a530324af4319d0390f67
SHA256 f10ad8b3012869d812613a7ce6877ebc6fea09fbe74a48410f14a51d8ff3049c
SHA512 423a6dd1cd808c456f14e5a9ebe38782363ef1ab851fe6a832718859054f9933590ee208d2e3e19cb655d856d443e51838fedfe6d307a2d9cbde63fd3a77f1c7

memory/6064-20-0x0000000000050000-0x0000000000365000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10089420101\4klgwMz.exe

MD5 19668940080169c70b830bed8c390783
SHA1 5e6b72e52abc7d221d512111e39cbdd3f2ad40c1
SHA256 cdbc641b8c23b5699f899b408394ecfc946af9ac7a38c5d44c78a4a938e7b02c
SHA512 c322eba01ff4544b8077ec400f15ecffd3b66f89e0e0e26946224771c1ffb9c687ff4adc2e0a5e6b119766b3c8300971cfc2c990ff48346d9d3d514ab5d4bed2

memory/3452-36-0x00007FF792DE0000-0x00007FF792E7F000-memory.dmp

memory/3556-37-0x0000000007A50000-0x0000000007AF5000-memory.dmp

memory/3556-38-0x0000000007A50000-0x0000000007AF5000-memory.dmp

memory/3452-41-0x00007FF792DE0000-0x00007FF792E7F000-memory.dmp

memory/6064-42-0x0000000000050000-0x0000000000365000-memory.dmp

memory/6064-43-0x0000000000050000-0x0000000000365000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10089720101\8jQumY5.exe

MD5 e82c4c3f7a2994eeecc1f81a5e4a4180
SHA1 660820f778073332dcd5ec446d2fcf00de887abd
SHA256 11eec5d71c7fadae9d7176448d8fff3de44ec8d3b4df86f0eca59e06adf202d3
SHA512 4d3e42e68b9fa6330edfee677ad55ae24964c33d6fd2d25ba6c2876d80f8d9cbc999c6e27192ce58a45559d00b3c0bc71ddbee1ad8d6fd7083b705ef5cf84d76

memory/6064-61-0x0000000000050000-0x0000000000365000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\M85ZU8FP1GZ6BI2PE6O6IKG5ZVC.exe

MD5 93da4bdbae52d91d32a34c140466e8cf
SHA1 2177f234160ef77058d2237a8f97c1d663647240
SHA256 878228e580cd27a72a847922f9b16b7d16d0797c68aa9e6642ae3da13518de7a
SHA512 14d14d6d8d436953ed43483b8b3ba30a4f1df73eb2eca055c047bb0b7e328150ae0c49122a657f5f8ab752872e5d40b791e793675110df5c90440077f446b91a

memory/6064-68-0x0000000000050000-0x0000000000365000-memory.dmp

memory/1592-65-0x0000000000580000-0x0000000000A42000-memory.dmp

memory/1592-70-0x0000000000580000-0x0000000000A42000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10090400101\W6ySCZP.exe

MD5 02579a797e919dcaf5758fbcbe34b093
SHA1 7668fff0888f4c7ad7a83b24f8c6d4009c10e534
SHA256 0a63a310dfc4ce680c96f72f5b9c9559f9e6d9c3d99f48c8782ee43c56a8728c
SHA512 2b99b620ca06f03a1924c0ab2feef96142df6ff16558d30c37e8b3e5602e5d5b2ecd4e7bd3b4499ef64a0eb32cb136821442e79b3aa66caf42467c749116e5f5

C:\Users\Admin\AppData\Roaming\10000710100\feedlablest.exe

MD5 f53198e8b444658cf7134f5ccb466a98
SHA1 0283e56ed7201eecfc7dad30cc6f3f30d677be66
SHA256 936004bbb9d3c4763c0e36cc887b21315ae6c2d55c366cb3b3390d480b827107
SHA512 ee40f63f7b75cc1b55d11c56c25086d2d66ae86a3f65326d5a75cf0f2fac94ebee622cd4844b4f6468b2bfd011ab80558f41e1b62d2a7864b0ce7f61d3bdcf09

memory/2304-110-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10092140101\Ps7WqSx.exe

MD5 dab2bc3868e73dd0aab2a5b4853d9583
SHA1 3dadfc676570fc26fc2406d948f7a6d4834a6e2c
SHA256 388bd0f4fe9fca2897b29caac38e869905fd7d43c1512ca3fb9b772fbf2584eb
SHA512 3aefebe985050dbbd196e20e7783ada4c74a57fb167040323390c35a5c7b0185cb865591bf77096ff2bb5269c4faa62c70f6c18fc633851efa3c7f8eefe1ceb8

memory/916-129-0x0000000000B40000-0x000000000122E000-memory.dmp

memory/2304-131-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10097460101\bPDDW9F.exe

MD5 cde0f4bf8c4605529175bbb5e86c6bad
SHA1 8194071706458c456a021e8e17b0a63ba3b54b44
SHA256 989ab0b506d60a468a8ab919dd973cae0f00072d60615d9b0243825e4b4a4e7e
SHA512 265a84c26b56abdd0548503eea7b1ce76b6661ce874e7ef0235dad6d424b568ac104adf5324ee164924b67d4865222e5bc4567ea4ce67b39f08215ad301697ea

memory/2304-147-0x0000000000400000-0x0000000000823000-memory.dmp

memory/4612-149-0x0000000000EE0000-0x0000000000F45000-memory.dmp

memory/916-153-0x0000000000B40000-0x000000000122E000-memory.dmp

memory/3240-155-0x00007FF7BEFF0000-0x00007FF7BF140000-memory.dmp

memory/2304-154-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10097470101\z3SJkC5.exe

MD5 001d7acad697c62d8a2bd742c4955c26
SHA1 840216756261f1369511b1fd112576b3543508f7
SHA256 de53f6f359af6ccc361faf2aa74690c9575b987a01f1250a6eb042cf9d4ea4af
SHA512 f06039d1d7ad28a04877e4eabb6fb7a5137a0040b8c316bee502bce6c68058bfe62db9480674bb69c9aeabae34304adeeff86dc3a8427929d00a842d2f2e80eb

C:\Windows\Temp\{C9A8B71D-EE33-415E-9941-7E2AADC0946A}\.cr\z3SJkC5.exe

MD5 eff9e9d84badf4b9d4c73155d743b756
SHA1 fd0ad0c927617a3f7b7e1df2f5726259034586af
SHA256 d61ef1bfa73bd5b013066d86f1c41e33bb396fc547cf5ab7191f56cc7b463aad
SHA512 0006273c86e8130e06e705a2be46c3433c0d1b34463123354c1857ebf88503d6e7e90602dc40960351baa03155074f8c5834b251be9da90fd95b10e498a98a19

C:\Windows\Temp\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\Quadrisyllable.dll

MD5 a1e561bc201a14277dfc3bf20d1a6cd7
SHA1 1895fd97fb75ad6b59fc6d2222cf36b7dc608b29
SHA256 7ae39cb5cd14a875af3e43df4a309d6a7a44c0339c413bf21b0300c84e35b66c
SHA512 aaa4e7350094dc7574e5f18ce619f48a45062674353f0f2a340a1fea0055c7961a9b257455d8ea877d739635e3444df08f049484f48fa9729d8fb1667374cf3c

C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\WiseTurbo.exe

MD5 1f166f5c76eb155d44dd1bf160f37a6a
SHA1 cd6f7aa931d3193023f2e23a1f2716516ca3708c
SHA256 2d13424b09ba004135a26ccd60b64cdd6917d80ce43070cbc114569eae608588
SHA512 38ad8f1308fe1aae3ddf7dbc3b1c5442663571137390b3e31e2527b8fec70e7266b06df295df0c411fcc500424022f274fd467d36040def2e1a4feff88c749b7

C:\Windows\Temp\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\phyllopod.html

MD5 7acd5f1bb75aef6681027e02232f3b7d
SHA1 caef0696cf3a2c86078fe068cf37a2a58ea495c5
SHA256 7501366637ca181f4f0c310d4020ace9d58cbf872f47abf82dd42ed98d2d6bef
SHA512 0887ba61cefb6e5010d276a4c9596e126dd782f672928e32d2126935fba487ea2ff729c8ab840f7db8babc31c00db981957f5d90249da0972082ce9d7062f533

C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\sqlite3.dll

MD5 1e24135c3930e1c81f3a0cd287fb0f26
SHA1 9d13bfe63ddb15743f7770387b21e15652f96267
SHA256 1ce645aa8d3e5ef2a57a0297121e54b31cc29b44b59a49b1330e3d0880ce5012
SHA512 04e3ffa4d71b2324fafcb856b9e686ffd3f7a24e1cb6531b3715aa3b0abd52709a9dcb79643384315ebc16cf8899bd9b218ca5c6d47dc97df278126d0836201f

C:\Windows\TEMP\{B37300C0-3020-48E4-AD3A-4E568F07085D}\.ba\blast.tar.gz

MD5 219fe0e290712a35fd4c648f681e2d25
SHA1 83658f481a6aeeea45da571cf5e406078f8993cb
SHA256 51964920f5d4ddc699d5e6259df554798a305b87dd1a38afd4ed56a5f7713571
SHA512 5e75a5b5c80f3ec76b78e3993f694d6d2fc747a3f04363ff1de36e25669dfc68bbbdd8a0559ad3754ae956faab4cd53d73fb32044d7d82aee0b2ca012f969fe8

memory/2436-195-0x0000000072D00000-0x0000000072E7B000-memory.dmp

memory/2436-196-0x00007FFBAAAB0000-0x00007FFBAACA5000-memory.dmp

memory/2436-202-0x0000000000400000-0x0000000000D48000-memory.dmp

memory/3248-209-0x0000000072D90000-0x0000000072F0B000-memory.dmp

memory/3248-210-0x00007FFBAAAB0000-0x00007FFBAACA5000-memory.dmp

memory/1596-219-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Windows\Tasks\Test Task17.job

MD5 a624fc80d66bb39aea86f6ab5134f9cd
SHA1 61f20420d6de406ec20cb8e36ce34b933d333dad
SHA256 11705e29beea7149a7a4e330c3e3b77626a960d67177ff02c3c69d01c60eaf1f
SHA512 d80df2c7f6fef32fcae8b3a27795f01d62bb77f379cc3b69ddc59a0dc6d4bdcf2add86409d1f43d20771960aecedc3684d1ca802fa4047b7368cc309512d8ca4

memory/3248-239-0x0000000072D90000-0x0000000072F0B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\83f696dc

MD5 ef0ab237c23c17c8b06b0e6bf2cf17b0
SHA1 0b202015a91dc00073ef8188c46f226534137adc
SHA256 f6d75136bcb41b98100e57693093a6986d5266938697a788eebc07a54072d4f3
SHA512 384a3765d9f1f86ec00666096c1ee64fc8252d5a02ccd46d4cc7c536016f6a09379129fafb3c7caac350d1cf098bff88f13ad9a6091c0c29347635099311e612

memory/3248-242-0x0000000000400000-0x0000000000D48000-memory.dmp

memory/2304-243-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10097490101\BXxKvLN.exe

MD5 971c0e70de5bb3de0c9911cf96d11743
SHA1 43badfc19a7e07671817cf05b39bc28a6c22e122
SHA256 67c9bb968cd0de2bfb2c24b00cfb2b98ac7403135ea47d98961652518584e45d
SHA512 a46523d8c71c0df25a043e2250ee1b6792e147314ec2097870a7972c892fd1a2022994f10823dadf54f161d11e808251b85a18efb9db9450d97af4b2f173f3c2

memory/2964-262-0x00007FFBAAAB0000-0x00007FFBAACA5000-memory.dmp

memory/1596-265-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10097500101\mAtJWNv.exe

MD5 b60779fb424958088a559fdfd6f535c2
SHA1 bcea427b20d2f55c6372772668c1d6818c7328c9
SHA256 098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221
SHA512 c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f

memory/5400-280-0x0000000000D90000-0x0000000000DF0000-memory.dmp

memory/5400-281-0x0000000005B70000-0x0000000006114000-memory.dmp

memory/5756-288-0x0000000000400000-0x0000000000429000-memory.dmp

memory/5756-286-0x0000000000400000-0x0000000000429000-memory.dmp

memory/5756-284-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2304-289-0x0000000000400000-0x0000000000823000-memory.dmp

memory/2792-291-0x000002914C730000-0x000002914C782000-memory.dmp

memory/2792-292-0x00000291655A0000-0x00000291656AA000-memory.dmp

memory/2792-294-0x0000029165450000-0x000002916548C000-memory.dmp

memory/2792-293-0x00000291653F0000-0x0000029165402000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10097510101\zY9sqWs.exe

MD5 2bb133c52b30e2b6b3608fdc5e7d7a22
SHA1 fcb19512b31d9ece1bbe637fe18f8caf257f0a00
SHA256 b8e02f2bc0ffb42e8cf28e37a26d8d825f639079bf6d948f8debab6440ee5630
SHA512 73229885f8bf4aace4671b819a8487f36acb7878cd309bdf80b998b0a63584f3063364d192b1fc26fa71b9664908fe290a00f6898350c30f40d5f2a2d2efe51f

memory/2792-306-0x00007FF7CDFF0000-0x00007FF7CE19E000-memory.dmp

memory/3556-310-0x0000000007A50000-0x0000000007AF5000-memory.dmp

memory/3556-311-0x0000000007A50000-0x0000000007AF5000-memory.dmp

memory/3556-316-0x0000000007A50000-0x0000000007AF5000-memory.dmp

memory/3556-312-0x0000000007A50000-0x0000000007AF5000-memory.dmp

memory/1596-322-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DA00.tmp.exe

MD5 a8d5951e44a77f82627bd0a98fde78d9
SHA1 423fd487ab2a50e1160a08bde17ae790dd556c16
SHA256 d278cc9dafdafb263a646c041f37118cdf835d397ec0a7c0c4d0cd0babfb5234
SHA512 0e71bf2dff31eae4d5870d3544536a6f2c9b09b547dfae62d0f1371184e82e731830a4a210e34af6a0bee06537a55e10b688059c474e364ca5c0e0d1d3647c68

memory/2304-363-0x0000000000400000-0x0000000000823000-memory.dmp

memory/2448-367-0x00000000013D0000-0x0000000001435000-memory.dmp

memory/1596-371-0x0000000000400000-0x0000000000823000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\temp_31744.exe

MD5 5f0b24ae3c62d53654aefb8ce7b3df42
SHA1 808074206c7d8253fe747648748241564f763443
SHA256 f6bb2348bfefb8f96e47f2195e42c3b49bbab0ebded99a1d030eb7ed1ed8c738
SHA512 e47b8d995cf2fea1ad930c40f75835fdcaa170f12bba95ab30cc59d53949878f86debd4a792ed6dba815faae63d5f6aa28dd6f85cfdc60de8cf2cfd46f8159dd

memory/2964-432-0x0000000072D90000-0x0000000072F0B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI52882\python38.dll

MD5 d2a8a5e7380d5f4716016777818a32c5
SHA1 fb12f31d1d0758fe3e056875461186056121ed0c
SHA256 59ab345c565304f638effa7c0236f26041fd06e35041a75988e13995cd28ace9
SHA512 ad1269d1367f587809e3fbe44af703c464a88fa3b2ae0bf2ad6544b8ed938e4265aab7e308d999e6c8297c0c85c608e3160796325286db3188a3edf040a02ab7

C:\Users\Admin\AppData\Local\Temp\_MEI52882\ucrtbase.dll

MD5 4e326feeb3ebf1e3eb21eeb224345727
SHA1 f156a272dbc6695cc170b6091ef8cd41db7ba040
SHA256 3c60056371f82e4744185b6f2fa0c69042b1e78804685944132974dd13f3b6d9
SHA512 be9420a85c82eeee685e18913a7ff152fcead72a90ddcc2bcc8ab53a4a1743ae98f49354023c0a32b3a1d919bda64b5d455f6c3a49d4842bbba4aa37c1d05d67

C:\Users\Admin\AppData\Local\Temp\temp_31770.exe

MD5 ce977569ace61fe7a3feca3ff6353754
SHA1 c31b8eddb5fef01f18589c92aebd56d9b1691384
SHA256 f4adcfcc3677778d9fa9e4e313f2fe60d08f1d5e69d1f4391c4f309ce6c6bf06
SHA512 4277ccff02f15acbcbd43efb4fbf7db7c21c53cb582f70cf885e29b42c47ddd367cbb6e49b78023b86dbe1e60258ae6907188a1b7f8384dce64c6eb51460805f

memory/4952-455-0x0000000000C40000-0x0000000000C45000-memory.dmp

memory/4952-454-0x0000000000C40000-0x0000000000C45000-memory.dmp

memory/2304-459-0x0000000000400000-0x0000000000823000-memory.dmp

memory/2304-461-0x0000000000400000-0x0000000000823000-memory.dmp

memory/244-467-0x00007FF7D4700000-0x00007FF7D4A26000-memory.dmp

memory/1596-468-0x0000000000400000-0x0000000000823000-memory.dmp

memory/244-469-0x00007FF7D4700000-0x00007FF7D4A26000-memory.dmp

C:\ProgramData\6p8gv\2vs26f

MD5 f310cf1ff562ae14449e0167a3e1fe46
SHA1 85c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256 e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA512 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir2044_1196385024\db841934-2e3e-417c-854a-8ce149169162.tmp

MD5 eae462c55eba847a1a8b58e58976b253
SHA1 4d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256 ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

C:\Users\Admin\AppData\Local\Temp\scoped_dir2044_1196385024\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 6870e386322ca40c9c6a27d47cf41171
SHA1 7770b455f9173e3c15fa5c96782f506ba2546a51
SHA256 7182616ba2a04694897d3a63c59618d776f16d1e8014ac3aeedd2e0379007dec
SHA512 2c1431b94ca5ca02ff145c7352d348bbaf073eb69e6c3b851f12ac981afb8c832dad08152ea9c793d9fc3a8494cec73ffe102b2ff3a7048385a9e0707526682b

C:\Users\Admin\AppData\Local\Temp\10097520101\JCFx2xj.exe

MD5 7ff72f21d83d3abdc706781fb3224111
SHA1 3bfbe059b8e491bde4919fb29afa84d4ea1c0fa8
SHA256 0c54843666a464f185c97a7693a91eb328827a900717e414357b897bd2630fea
SHA512 dbb3c7b618bc2c80dae90ff902100d3902ddffe5705cf0c648b8b3f702fd8814b9cf66490e3260e09d36c1ce57bfc05d3f9bb0fc089c5ec7c553eb8a94d3320d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 39e376ee2f541e6b1ed0bca701e8fb59
SHA1 bfe3cc2eed8721339d433533aef6e18e0a13a9a3
SHA256 80eda1e4d8c05e257ff17ef734d606e67d8ab70b3e351430b2b231631eed5e04
SHA512 a3f082c32857db0e3dec24394a259fff85e21b6a7b057ef55933504c23ec38cbb3237eb519d38385fc53cbc584c52aaf66291f44231245d9afee509a108a3350

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1377c48b-4b7a-474c-aefd-c4266771d011.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 39c51e5592e99966d676c729e840107b
SHA1 e2dd9be0ffe54508a904d314b3cf0782a9a508b7
SHA256 29f29a3495976b65de3df2d537628d260bc005da5956b262ff35e9f61d3d9ed3
SHA512 b20532d0131b12603410c3cb425cb5df0ddc740f34e688455eff757802ffc854be771b30c3ff196e56b396c6fe53928a1577c8330b00f3f7b849fcf625e51bf4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6826c72d5e0484ce8c97c0d0cd4aa68c
SHA1 abfdbe58edb6c3c3d1a5558672760ddd66444ddf
SHA256 1b7d2839e70123c3c87ee7abe08a978d76238c79b19a23033d56fa20a5c8d4b5
SHA512 a286dbfc4361eeafa99f98aa9dfdca7b1e6a5713b50d158c8a2ddecd64c3c39191ec978ba6608756c395954aaf71bc653a8e3c923f80e671be0d094f500d1e70

memory/4828-1025-0x00007FF68CC50000-0x00007FF68CCEF000-memory.dmp

memory/4828-1026-0x00007FF68CC50000-0x00007FF68CCEF000-memory.dmp

C:\ProgramData\D78784600CCB23B0.dat

MD5 a182561a527f929489bf4b8f74f65cd7
SHA1 8cd6866594759711ea1836e86a5b7ca64ee8911f
SHA256 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA512 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

C:\Users\Admin\AppData\Local\Temp\10097550101\v6Oqdnc.exe

MD5 6006ae409307acc35ca6d0926b0f8685
SHA1 abd6c5a44730270ae9f2fce698c0f5d2594eac2f
SHA256 a5fa1579a8c1a1d4e89221619d037b6f8275f34546ed44a020f5dfcee3710f0b
SHA512 b2c47b02c972f63915e2e45bb83814c7706b392f55ad6144edb354c7ee309768a38528af7fa7aeadb5b05638c0fd55faa734212d3a657cd08b7500838135e718

memory/1164-1074-0x0000000000490000-0x000000000092B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\49b313fc-3207-481c-976e-0658ff7f1202.dmp

MD5 73706ad5c1bb1896d1a3ca110b11c09d
SHA1 c297eac02ac7d27555db54d93fac4d2b02e6cdef
SHA256 a11d523587eafa65c4c9cbbca903c180ad0d9b639b64ed7961aaf404d00833ba
SHA512 460b76d7e253fb826cf5a44b45326ba37bb8d46b1ee9002b8b4c7d10c024ebb04c5a16e9eae6641b870fa6fcd43de549aac2a50b25962c130b1c910dadf0b90d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 885929851d2624da41e4b4d350bb8336
SHA1 498a05dd43f8a3d0efd3fd775073ca4ade9fa4fa
SHA256 3ff66d1dc39087b197c0c78bcb911e70fc6c110b3d996af09f6ef0515d2da1e0
SHA512 57009d109a04875b592904b8a27ad512c75779e0f949e4659d361cfbfc84afafd3426b5162812c161858c9092f60e4d9d0a0ac1c439aff95da639f04f1af4cb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0a5c3f1494656cb42310bd8f90245f75
SHA1 f69bfe000c6a2886aaf5541ee311130b4c977ea9
SHA256 543afb010b14cc5602d8bbcf76fd69a1a49bc7c0ae82a816ae9606f430369c96
SHA512 9ed8cdb8350ded1a0b788aa3f55ad0973233bd853729ea39d957d861ef348a7eb2e11204449a05f6f998dc23f3e1f5f310ba63396e00ca7ffee6fa1a18c69425

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 7fe8d1ebf7e8ab154d98408f67a429b8
SHA1 a8fc0daf4808a05c680ec5c17e5fb94230682045
SHA256 e394eaae59d6a92873b2a535ac9bad9555c30e9fb1d358574df1f0f385bb6127
SHA512 bdf68c33b012f51be6bc480326f904082d411bd80f947dfa87b70891dfb6cdaf03dfeec8fbd63dcd1ae60036be900b5589217a0af2d7c969ee1521d3a0ccf57a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a2bd9047-3f6b-48da-aa91-770c7f6b411b.dmp

MD5 14b223c47c63c28fb8b570e2f73fecbc
SHA1 bd44cbb871e6bb93f3156ccef0db38d3e56df765
SHA256 36741315bd7e87f4579dc23b26806b6de5ad6a20b11ce9c33f4d95fe251f09c9
SHA512 ed7f7ddaf13ccd49d8fa912f0404910d42fe51185b8a470f4d017058fe410bb1c89fbd86568a7ea0eb586a801b455f96b3ad0f3356170b635f855b1df1633124

C:\Users\Admin\AppData\Local\Temp\10097560101\OEHBOHk.exe

MD5 3babce4f85902c7bcfde22e222508c4e
SHA1 4898ae5c075322b47ab2f512b5463ee6116d98f7
SHA256 06b678b55cb81e6999b25903def2ac02336dc6c9ff3cd6afdaafffd55e2e5302
SHA512 f8687729c8931579f8120f6451f669726f115123c10a7c5ce6d9a24746940153efcf7e33b719e8f543f9b4316db485633272943f462bf948b4044f234795d629

memory/1164-1225-0x0000000000490000-0x000000000092B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10097570101\MCxU5Fj.exe

MD5 641525fe17d5e9d483988eff400ad129
SHA1 8104fa08cfcc9066df3d16bfa1ebe119668c9097
SHA256 7a87b801af709e8e510140f0f9523057793e7883ec2b6a4eab90fcf0ec20fd4a
SHA512 ee92bc34e21bb68aeda20b237e8b8e27f95e4cc44f5fd9743b52079c40f193cc342f8bb2690fd7ab3624e1690979118bd2e00a46bda3052cbd76bc379b87407e

memory/4664-1242-0x0000000000BF0000-0x0000000000C60000-memory.dmp

C:\ProgramData\B2784AC4CAB4766E.dat

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9be16ecdad7efd722ddd8d0bc4c4eed0
SHA1 a87c7dcdd46f65cff1543c4650d4d586c2a435c2
SHA256 59088b86558ee488d2723c67bc353b7028d1a05e7d762d36f5fdffab15602ce1
SHA512 6a24d6fd3940c8437d6a4a2266cbc0b8e2e46f74a949a614efac346ed06c6a341b0be2a829718bc49299fcddc406d88a38873695922986b149fb25f4d1e7da82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 787a74cd509e35441602c0386f5da74b
SHA1 8e550588a19172161035519b8132ccc8e783a873
SHA256 f076b00cfb27bbd9418b089a0bd9609b69155b3461fc9329a7148756aeedad0b
SHA512 7faf11ed55e80d922ac1accacc96623daf21fb37181bb5e8102cf7894afbe128ba5886f6b55e5032bd4c4b5828db6cd1d0ec9a9b22637f11ab580732ec298dce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\43e1011e-9881-48bd-a3b5-509383fce167.dmp

MD5 ab4ce82bceabcc283e4f9dcd1b54db39
SHA1 8d88d83c4e5e21fc0b7ec65eb8eb99d00dd4a4fa
SHA256 f5954fefc3705b09257d4afe38cba618b45570d1209c9bbbf7c3840e5d73a839
SHA512 55a18a49df59d8adb4fd6a52a7f020a0fef38bdeaf85b8595fa896304c37a161c336f6879375fb7dc50d219b0e6b2cd0f9534c2c7ed39b5dde5c548646ddb3c7