Analysis Overview
SHA256
f85208dafa53821b234f115339f4c2dfd60a59bf51e3b60753e8790df688e19e
Threat Level: Known bad
The file fe5aa71a9083e8e8afe13394c10f01df.exe was found to be: Known bad.
Malicious Activity Summary
ZGRat
RisePro
xmrig
Stealc
Amadey
Detect ZGRat V1
RedLine payload
RedLine
XMRig Miner payload
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
UPX packed file
Executes dropped EXE
Adds Run key to start application
Looks up external IP address via web service
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
AutoIT Executable
Launches sc.exe
Program crash
Unsigned PE
Enumerates physical storage devices
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-30 18:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-30 18:49
Reported
2024-01-30 18:53
Platform
win11-20231215-en
Max time kernel
6s
Max time network
157s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
Stealc
ZGRat
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000751001\crypted.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Windows\CurrentVersion\Run\plata.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000674001\\plata.exe" | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Windows\CurrentVersion\Run\RageMP131 = "C:\\Users\\Admin\\AppData\\Local\\RageMP131\\RageMP131.exe" | C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1032 set thread context of 2500 | N/A | C:\Users\Admin\AppData\Local\Temp\1000751001\crypted.exe | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fe5aa71a9083e8e8afe13394c10f01df.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\fe5aa71a9083e8e8afe13394c10f01df.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\fe5aa71a9083e8e8afe13394c10f01df.exe
"C:\Users\Admin\AppData\Local\Temp\fe5aa71a9083e8e8afe13394c10f01df.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe
"C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe"
C:\Users\Admin\AppData\Local\Temp\1000751001\crypted.exe
"C:\Users\Admin\AppData\Local\Temp\1000751001\crypted.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000752001\1233213123213.exe
"C:\Users\Admin\AppData\Local\Temp\1000752001\1233213123213.exe"
C:\Users\Admin\AppData\Local\Temp\1000755001\1234pixxxx.exe
"C:\Users\Admin\AppData\Local\Temp\1000755001\1234pixxxx.exe"
C:\Users\Admin\AppData\Local\Temp\1000758001\fsdfsfsfs.exe
"C:\Users\Admin\AppData\Local\Temp\1000758001\fsdfsfsfs.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000759001\sadsadsadsa.exe
"C:\Users\Admin\AppData\Local\Temp\1000759001\sadsadsadsa.exe"
C:\Users\Admin\AppData\Local\Temp\1000761001\crypted.exe
"C:\Users\Admin\AppData\Local\Temp\1000761001\crypted.exe"
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\oJeaNTM_n2ZDdVmX4ltm.exe
"C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\oJeaNTM_n2ZDdVmX4ltm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000762001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000762001\leg221.exe"
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\HWoSMgCZ8ZcNyis6FarR.exe
"C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\HWoSMgCZ8ZcNyis6FarR.exe"
C:\Users\Admin\AppData\Local\Temp\1000763001\55555.exe
"C:\Users\Admin\AppData\Local\Temp\1000763001\55555.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\FO2zM_RCki8LeRpNxfjr.exe
"C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\FO2zM_RCki8LeRpNxfjr.exe"
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\sH8pZMC7SxnHfG5nk4ve.exe
"C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\sH8pZMC7SxnHfG5nk4ve.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
C:\Users\Admin\AppData\Local\Temp\1000765001\workforroc.exe
"C:\Users\Admin\AppData\Local\Temp\1000765001\workforroc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde9e83cb8,0x7ffde9e83cc8,0x7ffde9e83cd8
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3824 -ip 3824
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3824 -ip 3824
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 1152
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde9e83cb8,0x7ffde9e83cc8,0x7ffde9e83cd8
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\f1uVTIi51nzf9rNPNGx2.exe
"C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\f1uVTIi51nzf9rNPNGx2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde9e83cb8,0x7ffde9e83cc8,0x7ffde9e83cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,15715096583634795194,17006941436355839027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,15715096583634795194,17006941436355839027,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2104 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\1000770001\redline1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000770001\redline1234.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 384
C:\Users\Admin\AppData\Local\Temp\rty25.exe
"C:\Users\Admin\AppData\Local\Temp\rty25.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3124 -ip 3124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5668 -ip 5668
C:\Users\Admin\AppData\Local\Temp\1000772001\2024.exe
"C:\Users\Admin\AppData\Local\Temp\1000772001\2024.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 392
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "ACULXOBT"
C:\Users\Admin\AppData\Local\Temp\nsu378.tmp
C:\Users\Admin\AppData\Local\Temp\nsu378.tmp
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 396
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "ACULXOBT" binpath= "C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe" start= "auto"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5668 -ip 5668
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "ACULXOBT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 396
C:\Users\Admin\AppData\Local\Temp\1000773001\mrk1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000773001\mrk1234.exe"
C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe
C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 696
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 708
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5668 -ip 5668
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 708
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5668 -ip 5668
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,3376300211102032598,11899422622830138427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 764
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 772
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5308 -ip 5308
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 764
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 680
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 5668 -ip 5668
C:\Users\Admin\AppData\Local\Temp\1000774001\moto.exe
"C:\Users\Admin\AppData\Local\Temp\1000774001\moto.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 932
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "FLWCUERA"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "FLWCUERA" binpath= "C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe" start= "auto"
C:\Users\Admin\AppData\Local\Temp\1000775001\alex.exe
"C:\Users\Admin\AppData\Local\Temp\1000775001\alex.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\1000774001\moto.exe"
C:\Users\Admin\AppData\Local\Temp\1000776001\goldprimesupp.exe
"C:\Users\Admin\AppData\Local\Temp\1000776001\goldprimesupp.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 948
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 5668 -ip 5668
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "FLWCUERA"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde9e83cb8,0x7ffde9e83cc8,0x7ffde9e83cd8
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
conhost.exe
C:\Windows\system32\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\1000777001\rockrunn.exe
"C:\Users\Admin\AppData\Local\Temp\1000777001\rockrunn.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5668 -ip 5668
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 936
C:\Users\Admin\AppData\Local\Temp\1000778001\lada.exe
"C:\Users\Admin\AppData\Local\Temp\1000778001\lada.exe"
C:\Users\Admin\AppData\Local\Temp\1000779001\MONTHRDX.exe
"C:\Users\Admin\AppData\Local\Temp\1000779001\MONTHRDX.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 824
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 764
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 1016
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nsu378.tmp" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5832 -ip 5832
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5668 -ip 5668
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,9758316989915488163,12973821557449771859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9758316989915488163,12973821557449771859,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,9758316989915488163,12973821557449771859,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 2476
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9758316989915488163,12973821557449771859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 680
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9758316989915488163,12973821557449771859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 5832 -ip 5832
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9758316989915488163,12973821557449771859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 2500
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9758316989915488163,12973821557449771859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 5668 -ip 5668
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 984
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\a0b3b7d4a5\Dctooux.exe
C:\Users\Admin\AppData\Local\Temp\a0b3b7d4a5\Dctooux.exe
C:\Users\Admin\AppData\Local\Temp\1000001001\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\1000001001\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdec269758,0x7ffdec269768,0x7ffdec269778
C:\Users\Admin\AppData\Local\Temp\1000002001\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\1000002001\InstallSetup9.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdec269758,0x7ffdec269768,0x7ffdec269778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdec269758,0x7ffdec269768,0x7ffdec269778
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.0.1044463618\127805593" -parentBuildID 20221007134813 -prefsHandle 1800 -prefMapHandle 1796 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70793115-1b2d-4c5c-b26c-bca46809f806} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 1592 20bd55f3058 gpu
C:\Users\Admin\AppData\Local\Temp\1000003001\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\1000003001\toolspub1.exe"
C:\Users\Admin\AppData\Local\Temp\nsc166E.tmp
C:\Users\Admin\AppData\Local\Temp\nsc166E.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.1.1909334841\1173012819" -parentBuildID 20221007134813 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff1bb8a8-0df5-42ba-9fa1-d8e507c87843} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 2256 20bc9672858 socket
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1968,i,13406525124789058070,18013329981895213678,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1968,i,13406525124789058070,18013329981895213678,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1968,i,13406525124789058070,18013329981895213678,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1936,i,9992528687285097191,472477047119169017,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1888,i,5184953005639818513,729235784662964015,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1888,i,5184953005639818513,729235784662964015,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1936,i,9992528687285097191,472477047119169017,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1968,i,13406525124789058070,18013329981895213678,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.3.421711625\117853131" -childID 2 -isForBrowser -prefsHandle 3156 -prefMapHandle 3284 -prefsLen 21707 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbcbf57e-ccc7-42a2-a216-c5299ae19703} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 3132 20bdb69a458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.2.1211879933\1970790628" -childID 1 -isForBrowser -prefsHandle 3408 -prefMapHandle 3404 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7db1327-11ee-4d70-a9f8-46b73d68b62d} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 3380 20bdb35e858 tab
C:\Users\Admin\AppData\Local\Temp\1000004001\rty25.exe
"C:\Users\Admin\AppData\Local\Temp\1000004001\rty25.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1968,i,13406525124789058070,18013329981895213678,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.4.1142660866\858473118" -childID 3 -isForBrowser -prefsHandle 3504 -prefMapHandle 3152 -prefsLen 21707 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a390e621-9e61-4d9c-a811-0a69f4c9e21d} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 3512 20bdb89b258 tab
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3760 --field-trial-handle=1968,i,13406525124789058070,18013329981895213678,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3712 --field-trial-handle=1968,i,13406525124789058070,18013329981895213678,131072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 388 -ip 388
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4704 --field-trial-handle=1968,i,13406525124789058070,18013329981895213678,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.5.176246038\21611583" -childID 4 -isForBrowser -prefsHandle 4024 -prefMapHandle 4020 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c455d601-1b2b-48f5-a6a5-d9267907697e} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 4036 20bdde2ab58 tab
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5076 -ip 5076
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 1436
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 384
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3392 -ip 3392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 1120
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6804 -ip 6804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 360
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6804 -ip 6804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3392 -ip 3392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 1388
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 6804 -ip 6804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 388
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6804 -ip 6804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 640
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6804 -ip 6804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 648
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6804 -ip 6804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 712
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6804 -ip 6804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6804 -ip 6804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 736
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6804 -ip 6804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 772
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\1000001001\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\1000001001\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| US | 8.8.8.8:53 | 68.113.215.185.in-addr.arpa | udp |
| FI | 109.107.182.3:80 | 109.107.182.3 | tcp |
| RU | 193.233.132.62:50500 | tcp | |
| US | 8.8.8.8:53 | 85.1.76.144.in-addr.arpa | udp |
| DE | 144.76.1.85:25894 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| DE | 185.225.200.120:15666 | tcp | |
| US | 64.185.227.156:443 | tcp | |
| FI | 109.107.182.3:80 | 109.107.182.3 | tcp |
| DE | 20.79.30.95:33223 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| NL | 80.79.4.61:18236 | tcp | |
| US | 188.114.97.2:443 | modestessayevenmilwek.shop | tcp |
| NL | 94.156.67.230:13781 | tcp | |
| US | 104.21.16.152:443 | tcp | |
| US | 188.114.96.2:443 | modestessayevenmilwek.shop | tcp |
| US | 188.114.96.2:443 | modestessayevenmilwek.shop | tcp |
| US | 104.21.58.31:443 | tcp | |
| FR | 163.70.128.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | udp | |
| FR | 142.250.178.142:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 142.250.179.99:443 | tcp | |
| HK | 154.92.15.189:443 | ji.alie3ksgdd.com | tcp |
| FR | 216.58.215.35:443 | udp | |
| US | 188.114.96.2:443 | modestessayevenmilwek.shop | tcp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| NL | 94.156.67.230:13781 | tcp | |
| US | 172.67.149.126:443 | tcp | |
| US | 104.21.16.152:443 | tcp | |
| US | 104.21.58.31:443 | tcp | |
| US | 188.114.96.2:443 | modestessayevenmilwek.shop | tcp |
| DE | 20.79.30.95:33223 | tcp | |
| DE | 141.95.211.148:46011 | tcp | |
| RU | 5.42.65.31:48396 | tcp | |
| DE | 185.172.128.33:8924 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| NL | 94.156.67.230:13781 | tcp | |
| HK | 154.92.15.189:80 | ji.alie3ksgdd.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| AT | 5.42.64.33:80 | tcp | |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| DE | 185.172.128.90:80 | tcp | |
| RU | 5.42.64.4:80 | 5.42.64.4 | tcp |
| US | 172.67.155.208:443 | hiromcloud.com | tcp |
| RU | 185.215.113.68:80 | tcp | |
| US | 172.67.146.113:443 | ratmarket.com | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| NL | 94.156.67.230:13781 | tcp | |
| FI | 65.109.90.47:50500 | tcp | |
| RU | 158.160.118.17:80 | galandskiyher5.com | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksgdd.com | tcp |
| RU | 5.42.64.4:80 | tcp | |
| FR | 216.58.214.78:443 | youtube-ui.l.google.com | tcp |
| NL | 142.250.27.84:443 | tcp | |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | tcp |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | tcp |
| FR | 142.250.178.142:443 | youtube-ui.l.google.com | tcp |
| NL | 142.250.27.84:443 | udp | |
| NL | 142.250.27.84:443 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| FR | 163.70.128.35:443 | www.facebook.com | tcp |
| FR | 216.58.214.78:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| FR | 216.58.214.174:443 | clients2.google.com | tcp |
| US | 34.216.128.175:443 | shavar.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| NL | 142.250.27.84:443 | udp | |
| FR | 216.58.214.78:443 | youtube-ui.l.google.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| FR | 142.250.178.142:443 | youtube-ui.l.google.com | tcp |
| FR | 163.70.128.35:443 | www.facebook.com | udp |
| FR | 142.250.178.142:443 | youtube-ui.l.google.com | udp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| HK | 154.92.15.189:443 | ji.alie3ksgdd.com | tcp |
| NL | 94.156.67.230:13781 | tcp | |
| HK | 154.92.15.189:80 | ji.alie3ksgdd.com | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| GB | 23.214.133.66:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.180:443 | www.bing.com | tcp |
| SE | 192.229.221.95:80 | tcp | |
| GB | 173.222.13.40:80 | tcp | |
| GB | 96.17.179.201:80 | tcp |
Files
memory/1880-0-0x0000000000980000-0x0000000000D88000-memory.dmp
memory/1880-1-0x0000000000980000-0x0000000000D88000-memory.dmp
memory/1880-2-0x0000000000980000-0x0000000000D88000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | fe5aa71a9083e8e8afe13394c10f01df |
| SHA1 | 62111b0428acfc13dd5f8d6b23c14c56f7c20e06 |
| SHA256 | f85208dafa53821b234f115339f4c2dfd60a59bf51e3b60753e8790df688e19e |
| SHA512 | 6de7fef22f295e8d4548c4c60da98f129e8ad4e0d761dc5ba15c74fb18f8ffe9e5f3b9487a26917dc9e8d81d78a2bc17722781adb7b81e20ed1f0c1ee3de6617 |
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | 5b4d59d224e1afc96e7d1e04e30e7839 |
| SHA1 | a24db7b1b730c01a22f9bbc396049334e583b1c2 |
| SHA256 | a9636f7d58e59d6a576d5697b0487c1af8077a83f87a33bfa869a8027813d7f4 |
| SHA512 | e4750248f35e25855d8c19ffe31ababa9cd2de4f280c7f7a1fff630c63461febfa5dfab27a55b0f857def30a2b36dfbd1ebbe9e080e43e3723e52aa364b17fd0 |
memory/3008-15-0x00000000006C0000-0x0000000000AC8000-memory.dmp
memory/1880-16-0x0000000000980000-0x0000000000D88000-memory.dmp
memory/3008-17-0x00000000006C0000-0x0000000000AC8000-memory.dmp
\??\c:\users\admin\appdata\local\temp\F59E91F8
| MD5 | 3853abb35ab617a117144f119cdc9808 |
| SHA1 | 03d8fb3499ba7e77d9aa75cdd118b4e7a74fc4ae |
| SHA256 | f4a22e11f7d4a6ea0c60654edc821df260b093ce1ccb911f16b42bcfc96278ef |
| SHA512 | 0c79095134ef83f1eed98cdaff749fb557e6543789879fc09650726cc8c575ba18757975bb67e245846fad304ea3dd0abc0f489c810b8ef1b5f08d72e711e1b8 |
C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe
| MD5 | 262b8df8f636d73e9ef1a197f18ab031 |
| SHA1 | a149ae9c60913842ddd1fe7fbf35bb902429b574 |
| SHA256 | e5435cb79320590cb7fcba0472e974871905c005eb0d873fdecbc6cf264161ce |
| SHA512 | 2575dd7566f767f801cfc2359aa91ab96177cccb0f87e717fd58351532d0fd5a35f52547312d7710f425578d6f14dc7707cff3f5d83b5183a78360c94080b4be |
C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe
| MD5 | b081beebb74282f5f158959942dceab3 |
| SHA1 | 191ba0a210def11128201a2f4b5da71d7e355a25 |
| SHA256 | 17bd77ae627c9f9448ce117e592c4ec2d90a5fb4e3a411e96a1b028757692f80 |
| SHA512 | 193acca50cd045b644ed27247bb67b8baf93ccc742555aeb0c4e1dc05752a25c9fa7be3de9e1ddf0ac3d1ad1ef9b220cb7a574d0c5c30d4d1bdd6f1c8439baa9 |
memory/3060-36-0x0000000000B70000-0x0000000001050000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe
| MD5 | 2633e12f21cfb2f8fc1f845ec22b312b |
| SHA1 | 94f6bce5739c4d18b63f78a817d2cbaaf785715d |
| SHA256 | 110a72dcdcc2f29945d2dff3bc0bb6ebfce16f057975a798b327bf32a886ca2a |
| SHA512 | 6032aba72eb3c9f6644c2d56c2ba6087202ea973e253beed25904b0f47e8a955addc6a1b6236b440a2e87e29d1cbe7ee3685c8b84da1c42ac9ec581b89eaedc2 |
C:\Users\Admin\AppData\Local\Temp\1000751001\crypted.exe
| MD5 | 1956a3dfbfcc41c4669de6a821a84f61 |
| SHA1 | c1f5f14b0093d671863dbf5487f60b97cea28638 |
| SHA256 | c3ad7fdf3d933b7c813b661a11108a5fb791c1280ff3c63c4c248e5fac5c904d |
| SHA512 | 5cc3c7d93f70d5a8eacf3005a72f87be261b1dbd1837a8ce64b7553d4ce0285833cfdb5dc259441224391008dc46e02d0094f0086bf5aafe873f533d390cdeee |
C:\Users\Admin\AppData\Local\Temp\1000751001\crypted.exe
| MD5 | 1d5c1c340c4bf2023916ea6f296a81cd |
| SHA1 | c0b63a069f8b8e8b59e38a8327682e087a1f9285 |
| SHA256 | 2e9325eacfc57176c6dc4d7a900219aa9822b3aa1893a0efbc1a3b96af8f6da9 |
| SHA512 | 906b227fd975fb74822becc443b62c7befc37f7ced7f2b17c4c761148319a314022e02e2504f3ee09725d51d3d621ade62471b25e5377fbbc55347b0eb074b83 |
C:\Users\Admin\AppData\Local\Temp\1000751001\crypted.exe
| MD5 | a5a3bd33bbabc13e5e2c63911d6ef433 |
| SHA1 | e9ca05e6dd93f3501ee30b09a8b11638059cf638 |
| SHA256 | bdcd2970cecf4863df5bd359582cd0bba54f3f5d4d2ff1c399811abe53e1bee7 |
| SHA512 | 70ecdf26addb0864ad7ff7a55ad1172a312ff9edff80cda9dda34e7845f4addedc6eb016f533a0813d93dd0ec80bac42f94acb0ea47308e3757afc444a2f2372 |
memory/1032-60-0x0000000000B70000-0x0000000000BDC000-memory.dmp
memory/1032-61-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/1032-63-0x0000000005670000-0x0000000005680000-memory.dmp
memory/2500-66-0x0000000000400000-0x000000000045A000-memory.dmp
memory/1032-69-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/2500-72-0x0000000005950000-0x0000000005F68000-memory.dmp
memory/2500-73-0x0000000005390000-0x00000000053A2000-memory.dmp
memory/2500-74-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/2500-75-0x00000000054C0000-0x00000000055CA000-memory.dmp
memory/2500-71-0x0000000005320000-0x0000000005330000-memory.dmp
memory/1032-70-0x00000000030D0000-0x00000000050D0000-memory.dmp
memory/2500-76-0x00000000053F0000-0x000000000542C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000752001\1233213123213.exe
| MD5 | 45d09cc4ad578972fc2f06a414924fb2 |
| SHA1 | 95a5716aad91b64f51102e0116f7b44d4fdd81fd |
| SHA256 | 6c9fc0f82e7e509839dfa46149d0586e5bd44854b9c49305e76b98ed9149159a |
| SHA512 | 4b6222badf2461c1ba23ef017a21fa926106bf520132a3e4ebe7875e9819ead35031a7b691a224e3dec60a11a643c6362d91a6f0b927a6146524ad6c5d408682 |
memory/2500-86-0x0000000005450000-0x000000000549C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000752001\1233213123213.exe
| MD5 | 04e502c7f0156b7ccb324aca101a2b4c |
| SHA1 | 5c44b9671a9817a8862210cf528eb3956b382dab |
| SHA256 | b2a0221c654d6a7dedd4c456892887a73be1b0bf3d9c16e62a8029b9c542604e |
| SHA512 | 6ebd9176fee0c14fa2ebe599371baf184e9388ca39f09f772b18d3be742f8e786081c7e94d8153693023745463cd14d40b993c5a16a44cf25c9e0f58bcf8fced |
memory/3224-97-0x0000000002F60000-0x0000000002FBE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000752001\1233213123213.exe
| MD5 | 1c1d54dc46a9f78778b1dc34333fc129 |
| SHA1 | 0fddc05f4c81d3c51ac6cbb9123572447fbd8687 |
| SHA256 | 46e44c7e74aaeb63bbf5dd649e5be1ab6e25ab0733bd346d241efe0aa48ba3af |
| SHA512 | a362295256809b9febf8a77f16603987f870276ad179b5fe03af350c6748f22472c492ffa65781ef0b81abf836263eb6b7e8b1bc508905a463577ae0c6445668 |
C:\Users\Admin\AppData\Local\Temp\1000755001\1234pixxxx.exe
| MD5 | 76be56810039f1e84480512ba8664733 |
| SHA1 | 12abb21661f9c34ffec4897516ffe366c595b4bd |
| SHA256 | cd397bca69e0a04f985af8fdca3bf65b17679eec8f0f465d0477747fa4475e8a |
| SHA512 | 3a37b2314230f3b8322278bd64fcddfd9907482f1d0eaa6cbe8cd8893a400608435757cf48f6a8a81d12c7271504764e6335bd5880f64c1d83e6ac720c9d60bb |
memory/2500-98-0x00000000057C0000-0x0000000005826000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000755001\1234pixxxx.exe
| MD5 | c6765801fb18e3eec67063c9e4cf48d8 |
| SHA1 | cb32ec51fc4cdce3991e24dc54d164ea885aeaee |
| SHA256 | 96f4bcad556bd1221612dec275b80894c5d62dd8851914f1aea97ebbc9e7a3ee |
| SHA512 | f88d88b57c743d3ff65cc330741a0e39e972a5f70f139f5495e9561234a76d23891d8bb9f97b4f795fbf71f6f0ffc1b360cadc820265a74d564062efbe729e39 |
C:\Users\Admin\AppData\Local\Temp\1000755001\1234pixxxx.exe
| MD5 | f24aba8a58af2919549d3fd861180fa0 |
| SHA1 | 7fde15a2932fe3e664bb6f6a04cb5ab7593375d8 |
| SHA256 | 5be016eedf90d95d2a97822e3f9954802811d456e779bb4465b7cc91977496fe |
| SHA512 | a90e18783ffe0a57b9ba636703eedfe020865a04a4379a53cc6465adf3caeb03d4fdf49c08d6ffa2979aa7af990456f46a61921c2f25b4632b4838ca2fc48b14 |
memory/2500-118-0x0000000006270000-0x00000000062E6000-memory.dmp
memory/2500-119-0x0000000006390000-0x0000000006422000-memory.dmp
memory/2500-120-0x00000000069E0000-0x0000000006F86000-memory.dmp
memory/2500-121-0x0000000006470000-0x000000000648E000-memory.dmp
memory/2500-122-0x00000000074B0000-0x0000000007500000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000758001\fsdfsfsfs.exe
| MD5 | 99a53dac9029589e6cef523bae9062fb |
| SHA1 | 0fb7f9dc42e0a369ae3f0d1f286053ba17a0708c |
| SHA256 | 14559f3921e2d97eb8679cda8b563e11f1469975d53545b58cc042c89948dd93 |
| SHA512 | a3eb25f0d74b715c43be233628baa065f6d822bbb5b4ec8ebe53b69564a3912eac12d9314a6a5d644de50b8213f2335b898c66cbcbb6139c18be284b881dcd57 |
C:\Users\Admin\AppData\Local\Temp\1000758001\fsdfsfsfs.exe
| MD5 | e41dfde774b1f97cc589ee8f5e951d40 |
| SHA1 | 2d74b301ffa8ef1c685ea7bda712ab961f10da6a |
| SHA256 | ce497cdbf22f3739f7f6534dd20e4c4222404ed41c64a49b8f27489c9be97cd8 |
| SHA512 | 5d2cd10890c0199ca3503ada588a0b8a152b2bcc652ab5a5ecbba45eedf44614ae95dc97f80c0a5882f563fd72b8a4318a22da3797b9dce8177bd4c8f4d091da |
memory/3656-184-0x0000000000B80000-0x0000000000C02000-memory.dmp
memory/3656-197-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/2500-199-0x00000000079D0000-0x0000000007B92000-memory.dmp
memory/2500-203-0x00000000080D0000-0x00000000085FC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000759001\sadsadsadsa.exe
| MD5 | 55dceb72a36d59e54919fc749b12860d |
| SHA1 | c5c365423f1be25177dbc97a3c01e0e53d31101e |
| SHA256 | 96f410a1e000aba2d4480b0dc0a4b32f032707304cb01ddb6528e37cec40eb5e |
| SHA512 | 3c519be9cf9479b37cb7518dcd149cb3b6db6f2106bcce484c7dd0d9ea392c1e27abfbf0c954f6bfcc19888d73a0d58fcb6192cac704dc1ecc2e8875627f5a3b |
C:\Users\Admin\AppData\Local\Temp\jobA37ykFbUcjnZcfA\information.txt
| MD5 | de9466640b11771e16598be65bbaa7c3 |
| SHA1 | 57f273081ce30aebcb1e3cf5ed20c7edc3e8bdec |
| SHA256 | 184e80f5d3c874d6dba816657627e0f773ed96133e762f4e75ca325a02987872 |
| SHA512 | 3b4ae4bd6928c2af39d758581c4c93a0f6b3dc0ef63143fb5dbe61c54799496bfe3770e96ad326f6f3603d7efe63eb749000ae86de7f16232edc48b022884048 |
memory/3656-198-0x00000000055E0000-0x00000000055F0000-memory.dmp
memory/3096-225-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3008-226-0x00000000006C0000-0x0000000000AC8000-memory.dmp
memory/3008-228-0x00000000006C0000-0x0000000000AC8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\ZunTSaNJLBVfWeb Data
| MD5 | 87210e9e528a4ddb09c6b671937c79c6 |
| SHA1 | 3c75314714619f5b55e25769e0985d497f0062f2 |
| SHA256 | eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1 |
| SHA512 | f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0 |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\QdX9ITDLyCRBWeb Data
| MD5 | ff6ced677fe53db1e48b2fbf838c6d43 |
| SHA1 | 151155963216b07cbd33f87aff9d02e7311f5cde |
| SHA256 | 41735212fea4f03f4a39670d6091186230865b27637c53becb6951131e1e5072 |
| SHA512 | c792f761c287186189735b05c498796ac6b6eb8bb36a5b71b5e5b85ed77681dd016d6c31ed62e2d5776693ba672de5948ea1f7b918f9e81ceff5692707c47629 |
C:\Users\Admin\AppData\Local\Temp\1000758001\fsdfsfsfs.exe
| MD5 | 74b3039429f1c6227c0b0e5546da4f3a |
| SHA1 | 5753b84835e424f9b60cb641aa844664caa30792 |
| SHA256 | 373460540a4f40d5dc5732fd8259f0a9bd63c8107f398692f5c6f48bfdc1f521 |
| SHA512 | 0aeb7055897cbc258e43015a0bcb1c80b9d151bb3f3aec4c1c32dfb0309c4b7d87cc47ad18d6ec15ddb5eed54981319514ec46a4549ad3a6558ce19e4572b232 |
memory/3656-242-0x0000000002FB0000-0x0000000004FB0000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 1b7c22a214949975556626d7217e9a39 |
| SHA1 | d01c97e2944166ed23e47e4a62ff471ab8fa031f |
| SHA256 | 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87 |
| SHA512 | ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5 |
memory/3096-255-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/3656-269-0x0000000072BF0000-0x00000000733A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000759001\sadsadsadsa.exe
| MD5 | 7c3b9835cd7fabd42fd05a644d5cd8d7 |
| SHA1 | 9c9ed2cc0cbe1841b47fe18c470b494a76240e3f |
| SHA256 | 3d0771c51e2a15781c94799f8a1cfb9ca23b752cdbcb1e793448e015fa476832 |
| SHA512 | ff4c78e66b5c7c1cbdc57fc55aa4d4cb9120fbeec0cf7520e4a0bdd10e4d707d4e7e6d41517517197e4601e4019f8ef906ea81a41ab01c785f6e7f2c5894a076 |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\oJeaNTM_n2ZDdVmX4ltm.exe
| MD5 | e60d119f921466c4536da667751ce7ae |
| SHA1 | 629e2ee327fc3ae6fe2d5a50d806a1b1fa4109a0 |
| SHA256 | b1073461da9f893c789ce671a9c340f6f8929ff6ec67ac37fbe3c4b84f896c9a |
| SHA512 | cf6c66db1ccc00abaa861aafc5ea0d43031f18c310fb3035871e9cb05698a3ca6e07a0643573d2cca6175cffd92eaa290286ab6ce0b31cd08b2280e40fd42819 |
memory/3060-285-0x0000000000B70000-0x0000000001050000-memory.dmp
memory/3060-287-0x0000000000B70000-0x0000000001050000-memory.dmp
memory/1020-289-0x0000000072BF0000-0x00000000733A1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\crypted.exe.log
| MD5 | 84cfdb4b995b1dbf543b26b86c863adc |
| SHA1 | d2f47764908bf30036cf8248b9ff5541e2711fa2 |
| SHA256 | d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b |
| SHA512 | 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\oJeaNTM_n2ZDdVmX4ltm.exe
| MD5 | 0dc0efb68bd6bcf2df675bec8a6e6140 |
| SHA1 | 758ebf2668fd9d4f53fab4d266f80326b2ddf57a |
| SHA256 | bc3fb03fcc0eada7f421783243feb146f900e8cf545c09201588229dbd7217ef |
| SHA512 | 23e30d5ff3f5c3e615bc592b5c705416e9ebfc66579775415d9211af4e5a89619590678a4415a823d1856bc091675dc848dbf7a22e782dd9ad734ac9b64ee235 |
memory/4076-297-0x0000000072BF0000-0x00000000733A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000762001\leg221.exe
| MD5 | 8b44d0bbacb4ba2fc3930d415e20fda4 |
| SHA1 | e69964fa36a4ede658bc9dbfd596153d670114db |
| SHA256 | e0094c962f5c83923eeaf190fb18ed8a5fcfb98d3ce261ef8e444b42c10cdbbe |
| SHA512 | 05ddcdfa0c0795f1180d235f07cf6a7ff63421d787ea31fbaaa1895a20e456f9ec1ce2144ff7c6276c84de153cb1c55c342a160fbc3606b68883127f3e56bca0 |
memory/4076-294-0x0000000005460000-0x0000000005470000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000761001\crypted.exe
| MD5 | 2cb12b9f1b906f2d9fc81909c7b0dbef |
| SHA1 | b3283b284dd219080c367e08320489232d8f57a3 |
| SHA256 | cc75cfc14af2b75b3680315bf2d2e38cacdc98c015bc34563c839f5526dfb23e |
| SHA512 | 8107316423b0fc728e19e4f3e5484218291a07f36b8b0650f89d9f5323f8fd30d3845b23a3481fed2cd1da9134ed4e3e7363c7269fe96257065f826c76e46635 |
memory/3096-291-0x00000000058D0000-0x00000000058E0000-memory.dmp
memory/4076-311-0x0000000072BF0000-0x00000000733A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000761001\crypted.exe
| MD5 | baa747c9ee30b1bb239db35bf2589822 |
| SHA1 | f15f5988e20630da4a66bf0b7d3f616cc9cde1b4 |
| SHA256 | 1c8cdcd420a679a13c593c0f437a24bbea2d354a5f6d254b10114c816755e0d0 |
| SHA512 | 9d66d45583d5f29a9851ac4e701338e66e05bf3463831f8993cc586fdfe5f9ce42a4fddeb22e0c2074d6e69aa54c17be6251bba7b7266f7946609b1fd3ad59e1 |
memory/1020-286-0x0000000000810000-0x0000000000864000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000759001\sadsadsadsa.exe
| MD5 | 5a6358bb95f251ab50b99305958a4c98 |
| SHA1 | c7efa3847114e6fa410c5b2d3056c052a69cda01 |
| SHA256 | 54b5e43af21ab13e87ff59f80a62d1703f02f53db2b43ddca2bbd6b79eb953c5 |
| SHA512 | 4ba31d952bffbe877a9d0d5df647e695e16166d0efe7e05e00ddb48487ab703413351a49043965d5d67ed9faca52832ed01bf9fa24d5943fd591b2d263cf05c0 |
memory/4076-316-0x0000000002D50000-0x0000000004D50000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\HWoSMgCZ8ZcNyis6FarR.exe
| MD5 | 00a4a12fb7695c4c9d80091a938cbe54 |
| SHA1 | 8a4411edee87fad94e4b562f23c960c1353e7477 |
| SHA256 | 6ea1bd9d3ffc9daf9da8677f4a52c31f19b6dbd04d98a611d38037c62ee55958 |
| SHA512 | db40def454f15a99c89bb0e585ef9495460cb250bb46e1a019c98daf59dc53822a5cfbde15e536a19f1bfee7581742b3e3492d90be294ec0702f7dee3068d6bc |
memory/2500-330-0x0000000005320000-0x0000000005330000-memory.dmp
memory/1032-329-0x00000000030D0000-0x00000000050D0000-memory.dmp
memory/1020-333-0x00000000053B0000-0x00000000053C0000-memory.dmp
memory/2500-334-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/1564-332-0x0000000002AA0000-0x0000000002AB0000-memory.dmp
memory/1564-331-0x0000000072BF0000-0x00000000733A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000763001\55555.exe
| MD5 | 381e390b67a0d0a08fba8c72481e1770 |
| SHA1 | b5f8047af01b29046d1c96f744cf5e146ab65ca8 |
| SHA256 | f11ec66ce01755a4171c57b7ec27481ce1ce668e2542820c602102b8cc2be53c |
| SHA512 | 4d57209c87accfcb543c2d88bb94bdf901044c44e8e4dd5b2871f059a5269ed5412266f622a52846893454addc44d777728f87d01a5dc92130f446940282a7e5 |
memory/1020-350-0x0000000005390000-0x000000000539A000-memory.dmp
memory/2240-355-0x0000000000ED0000-0x0000000000EE6000-memory.dmp
memory/4952-354-0x00000000023D0000-0x0000000002412000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\oJeaNTM_n2ZDdVmX4ltm.exe
| MD5 | 0e5b26651eed73bddb5bfc40fea29f94 |
| SHA1 | bce0c0002cd6c85e5cb74142daf2a5c7782a1969 |
| SHA256 | 1c4283bab4c8babe8d2af5b24fae9fe3979bdb296d519ab566821fdaeedf2741 |
| SHA512 | abc6f2348db5611178c627aead160a884284917b92a07f35614160a4a80c6efe03aa7fb84d49d6e05bf7ee26d6e2d01ae6c234dd7af84e519504e295f81a96ca |
memory/2240-356-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/4952-359-0x0000000004D20000-0x0000000004D30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000762001\leg221.exe
| MD5 | d177caf6762f5eb7e63e33d19c854089 |
| SHA1 | f25cf817e3272302c2b319cedf075cb69e8c1670 |
| SHA256 | 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0 |
| SHA512 | 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25 |
memory/4952-360-0x0000000004D20000-0x0000000004D30000-memory.dmp
memory/4952-362-0x0000000002630000-0x000000000266E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000763001\55555.exe
| MD5 | fc8f3b75995c68d030d43e59769acd35 |
| SHA1 | 2ee6c57b0f88d39fc689626ec9b2736fb1247521 |
| SHA256 | 95d877297a91698b67e024c63acddd2c645522d959ebd0e76e8e2cf2f0091e35 |
| SHA512 | c750ad144bf9530842fedb481de439f6381d1a0248355ed23d89392769bd97208e79315b151639c3fecc48e936b6cac3f43d297c425be3c117cf14cc43f69b35 |
memory/4952-364-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/3096-366-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/4952-368-0x0000000004D20000-0x0000000004D30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000763001\55555.exe
| MD5 | 1e44d2e19619f46001257ebb57bb7a02 |
| SHA1 | 2ed24911b91a4c4ceea861ef909a86653486330d |
| SHA256 | b1bd86e568042ad07d8cd39813817d386848d50c3576910c22d61badbc09712a |
| SHA512 | a2521c8606af7e8054870a0745140fb7418cd9bc45dafc84f9b7c1c276547f1b0cd4c72d4debd95243de392807041e231d473d10ba1ee496d49e9b0871641ee1 |
memory/3824-370-0x00000000020B0000-0x0000000002139000-memory.dmp
memory/3824-375-0x0000000002180000-0x0000000002181000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
memory/3096-389-0x00000000058D0000-0x00000000058E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\FO2zM_RCki8LeRpNxfjr.exe
| MD5 | 1e81db35e1dc1eb7e18ba81efd950497 |
| SHA1 | 479e63a37319798701753be5f8016901fa41a1ed |
| SHA256 | 398868255597f605cad6cb47ae4ab727998d412f7e478bfc121f7b0a10bd053b |
| SHA512 | da86951e872841b91a24f835e3ce2aba89d007c732f21c417950fbe4c1e7b38b08601a32cca8efa6df6002a6e0e41f50889d4a40acedb9378cb97e85dd43b551 |
memory/2888-396-0x00007FFDEB5F0000-0x00007FFDEC0B2000-memory.dmp
memory/2888-395-0x0000000000960000-0x0000000000968000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\FO2zM_RCki8LeRpNxfjr.exe
| MD5 | 7231a12febacba0199d4a5b9177152c1 |
| SHA1 | e25a0b69e5c96523a8f5db5f58bd70ee0899b810 |
| SHA256 | c67ccdfedeead109ed20b374effd33bda0cdccf9a059860c48fd0d7928a556c8 |
| SHA512 | 8eb9cf621c1e421c10810968164338a8c412ade6874946a4a0eeace09f26b6654fb87c9e70e6e042208949c4e8ba49bcfefe367471aa58f571aee06f6af6e4ba |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\FO2zM_RCki8LeRpNxfjr.exe
| MD5 | e60c9866b4e45cc801e7b83f29fc9aca |
| SHA1 | f0402f0fd6cfe9af0cfbfd03a6e272b2f80b4a56 |
| SHA256 | f76914bd847198e44e167a4d778adaa34d3a2e91d09f78b31d4f5380fb809b0e |
| SHA512 | ca3e8e37abad002f191d2f9d472c20d7350ec4f6fdd4edad9b05616cc4c0cd479c3489640a8094c10651977baf2258f45e5bf2ce380b693a693efe249ae472f0 |
memory/2500-398-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/3568-399-0x0000000000740000-0x0000000000C20000-memory.dmp
memory/1020-402-0x0000000072BF0000-0x00000000733A1000-memory.dmp
memory/3008-403-0x00000000006C0000-0x0000000000AC8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000765001\workforroc.exe
| MD5 | 96047117f21e1e65e5c34dd2ac0d5a60 |
| SHA1 | 183c71e228812a2044014e9f2ea5f71cb9b61f2d |
| SHA256 | f82d123c5a69e254f885858b5ac0758925d0ea20207ca9125a2a8a1f40d28d59 |
| SHA512 | 2fe6745b626b9d7224b62ec99707a45d70ad14e5cc002b2f701a613561aa238e831170773c730597f73fe5b8cb2d301a83ff1443ac562e82254ef0d997332560 |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\sH8pZMC7SxnHfG5nk4ve.exe
| MD5 | 20555672c5cba9ddd9861dc3c4619e57 |
| SHA1 | dfa9d0df9fbcbed2d22e0800467d1937762d66fc |
| SHA256 | b0365fc900474400d3acd19e4593674f88fe7649264088972f8b0f7856fc5a12 |
| SHA512 | 8df0ac708bc2b447b34f3ff2bbd4e5d39d27a14bf28de89dab9d98c63f493eb17b130d7b33d90b39a62687ddc09e30e73d1b47ab2da08f882d9d356a971cbfd3 |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\sH8pZMC7SxnHfG5nk4ve.exe
| MD5 | 327e8fe137317fd103f31df629819e5d |
| SHA1 | 0fa89fbc6962c3535290c15e309043e306bafd04 |
| SHA256 | 8ec2f6198fa83f6e680ab64328083e0d6885b171e794955a93b26bd4691f67ac |
| SHA512 | d9e6a61fa6fc191042695e2e4f08a627e6a6e60828138478261231db6989128bbadb4852d198c716849f71ee8617ce3d8530b41f966b8cba175fd6399364ee17 |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\sH8pZMC7SxnHfG5nk4ve.exe
| MD5 | 4d16ff1233e22a39c92d350e31d69f37 |
| SHA1 | 6d3cdc8374e9e89c6f14e62409602717aac573d3 |
| SHA256 | 354eaec7968de5ed9d8a4565a972f77a45d4b68e3b30089b9eefc1acd44e03c2 |
| SHA512 | 44d55135485d5daa1da98573b765bdc200d17ea1933fa8a6d577ecef20edd58a65943a722ec89beed331593d88da0ca5e26b71d66255a009475e45a87a2599ae |
memory/3644-432-0x00000000009B0000-0x0000000000F4A000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 85af6c99d918757171d2d280e5ac61ef |
| SHA1 | ba1426d0ecf89825f690adad0a9f3c8c528ed48e |
| SHA256 | 150fb1285c252e2b79dea84efb28722cc22d370328ceb46fb9553de1479e001e |
| SHA512 | 12c061d8ff87cdd3b1f26b84748396e4f56fc1429152e418988e042bc5362df96a2f2c17bcf826d17a8bae9045ee3ba0c063fb565d75c604e47009ff442e8c8e |
C:\Users\Admin\AppData\Local\Temp\1000765001\workforroc.exe
| MD5 | 8b0653bcbbb54deac7005aedc499d792 |
| SHA1 | 0f2544c58b3d95d6d81c8ff579700e239f218973 |
| SHA256 | 41e3e7a76effab1d9c45e5e068a320eddeb8ca2f2f70551d77b38d1b29079bf5 |
| SHA512 | 0541ddbe87c5399d3e47eb9d6feb2bb9e6df6543a97ee0ebff6494faf3e20702d5b9871448d7e39a34b9ae3f051f3d162cc3cd7d9071e8f3117c6011d0f6e4c2 |
C:\Users\Admin\AppData\Local\Temp\1000765001\workforroc.exe
| MD5 | 723c9685e1929bcd2437c9d03bfd6b60 |
| SHA1 | 93768dee1517f7d3ca57ad56ccbd7b5583ddbc68 |
| SHA256 | dc805e23c575bd03a94bf05daa5300a1f91c55b9c36403bdb53c2a43dfbc048e |
| SHA512 | ad28b760ba097b28ae59503456df1994a30b89b77bb6effbf8bcdedf2484ff2438c76caa3981e44a436c9a811d09c52f43f152b87aaab162a42b8aefd9e090b8 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
| MD5 | 22a6e511307fa9422fc90ec6274e4876 |
| SHA1 | 0137d25bca586f4c083c8ea85a2d3ff6ced7fc5c |
| SHA256 | 5feaee955c9ae611f4ad92426ea4b3a1b18dc0219c79e8bb4485de0d9de4fb82 |
| SHA512 | adeafd1ab86968c479bf854ff12d75457f9ccb13e3982d767711a460193ee41eb19dcf9ba667253dac5f8acf6de00f979e808c3b0401687ef3e0cabb7982239e |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\f1uVTIi51nzf9rNPNGx2.exe
| MD5 | 9c739ea133aa29df548abed88a6d564d |
| SHA1 | 0e4f77acec61ff2ecce4b99d6e741e4eeb704b3f |
| SHA256 | 2867189c30b8c4aba7892ad698cf27f8484449d45bdb4443319d346e87c02f46 |
| SHA512 | 74731a5a200e40bcdacf1dcd708f533e1161a9d2347967f3dabdf4f83a26a647800e6456bea0d6f02472b5af49ae06258f34beab513f40bf165c2e523c40c657 |
memory/3060-458-0x0000000000B70000-0x0000000001050000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fba38883c4ea1c000dbd9c38d017e733 |
| SHA1 | 85e0906708a55073287ddfa21f757162b21c3573 |
| SHA256 | 9e233584c57cb57ff648be1beaa1fff2112600fd78a0be082476c9ec5cfc5972 |
| SHA512 | a832dbfc9ed009c686cbe003fe04a67898c37f6cd3e0c19ff8a6d4af7649a8c7e36eeb2e2e4c4206752da80fbde7c26c7241a472d4098b1edc5ab4057d54f1a2 |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\f1uVTIi51nzf9rNPNGx2.exe
| MD5 | d60da25fd781e623ca02243caf6be02a |
| SHA1 | 35299238e25795b9b4afe18b10d3b90853e3d98b |
| SHA256 | 6c61b5de747afec8a6f9a23cc5aaf4c7336c38e447fe65ea8de2ecf110ee3c64 |
| SHA512 | 6882cff6044cc95336de14aaa6032b1d0062ea3929c6d450794e37acd76eea000043da80f9a6f7d5ce8eef77a21d8ce783a738d735a655aa0b2b8ad0c477dee9 |
C:\Users\Admin\AppData\Local\Temp\jobA47ykFbUcjnZcfA\f1uVTIi51nzf9rNPNGx2.exe
| MD5 | 0e6e4668026d838028faec5a13e831e5 |
| SHA1 | 2bd2c007609101e905472cf5403fddaddde4a1ab |
| SHA256 | 6732f338dc7192c1724977dfa1ddc410d148203d4e2ed8768725b58180da4d02 |
| SHA512 | 6e52a5f9aa97f0695afc9a9f58582feb346d67bd6fae805a757a021a2dda8bd8c250d092ccda14444fb122ce47acaceda5ec89fc0dfe559189c5c8743b938846 |
memory/4164-475-0x0000000000150000-0x0000000000558000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | bab7721077f5acfea6657c23c7816fc4 |
| SHA1 | 3bad16360bf06ee9e6e0e0e954526deaff8c24bf |
| SHA256 | 4fa92e5c85790cb2ce0738d59752d877eafbbd26af5571735b83b54bb26a1e8a |
| SHA512 | 8f7142f3cea3a1b41a457feca98014d058174c4c5e9d2987fbe201b8487a69205452dacedb70e027526f527aee47361848713400c64f2daf6593843740d93ab8 |
memory/4164-484-0x0000000000150000-0x0000000000558000-memory.dmp
memory/3824-486-0x00000000020B0000-0x0000000002139000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | 4c569269a00b9430f88e065e40eba5e6 |
| SHA1 | 28bc61e5ba9066b0131f3d7e9da5ec2ff193e996 |
| SHA256 | 5df521e916b256a6b105c97a18104c29f6aa8538708c0d2cce5a9ea1daf9785a |
| SHA512 | 5a97c4733a2058e11a7c4e667b946cc7fddc5f3cd16963c6951baf8ca7ad155bc8e825bdc41edac924f02f78d82fc306da4857ced9e29c23d1a3f45e6234706d |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | 38ef60a5ddbbffa30316960a751e44ab |
| SHA1 | d08b172b82f815447166ffdcf3a21dc9013483e2 |
| SHA256 | 7076fa110fcae4cc1d28f4510fbb96bc30a54de4d10025f1f5058f3e564a9aee |
| SHA512 | 03d398ed91c332ec66a0094f38a2c2a3ca7dcfb010ff79b57de172a8c139a28f1bff8b0fcef8546083f30dc88633e8f1922e6d14c7f7017faf0bff4c499553f9 |
\??\pipe\LOCAL\crashpad_2808_YXTHCSDOUEXINLBU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | 5c9453f5bf5db15c262e08bc3deb3173 |
| SHA1 | 523dec24cc71f052fcaa19013222b7a47baa531f |
| SHA256 | 0081dc11254fdac2b004fac781121cb110c926614f396ce42f7e84b1f9d88704 |
| SHA512 | 75c0b7677d249c873b97a6b78b4a93f0e8d637c9a69216f801e74b7e961358b13023e68e985d52daa086c0ec5aca3458015fb788f3fdad5ab28e9a1d8d50091e |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | 0dc7cf89b9c16ef90c0d02af8a1cfe54 |
| SHA1 | 45598e4a84388518867d5b84aa1b0a4b1284d3b0 |
| SHA256 | 25fc1857c97785152af50b99c029326c5338c76a198eaa5a1f5b3c7281e1867e |
| SHA512 | 42db837dd05bdae3356a593eb7f8a554bf9a15d86b1f36879b734fc3b09c79aaa89a1d074366bf0712507a0ae6b4c1e7be1d39970ae311535b0d00dd8aca8035 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | 109b20f59e8f114937caaa73a24921b0 |
| SHA1 | 7811dc8d18e33419545b683e4e90d9dca4a96bed |
| SHA256 | 25a293a270aed5f606b79038aba082bc0b587580160ed1fd857760aa8028c54e |
| SHA512 | 04c70f044403e3ddee52360343f951bfd498696514989e7a23061f6ee01f0b9e6eca28648564bb73e932abac3402b2c8a117f11de7298a2a3739c8a6acfaf4ee |
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | c50c682816516f74ac3a9b35da1388a3 |
| SHA1 | 93e55da188a2d6346656c33398e0375d0f610fed |
| SHA256 | 6343610a9cddbae391d9c3e779e86f8e78addce8b2e95d33f2cfd7d9057d6bc7 |
| SHA512 | 64159bb30842b97e0a53a58aaa8ff66969ea5de0cf1b592667c3b58a7e64388e96d6c43876fbf709219e1da6f63905bda1b228427fd927c04c001a3e02c95c80 |
C:\Users\Admin\AppData\Local\Temp\1000770001\redline1234.exe
| MD5 | eeb66cd7903c45d451f3af377eedf140 |
| SHA1 | aa83fe559f3463d9d54c51cda65aea4e5e719ec2 |
| SHA256 | 78228af6f41e893705a2174277c712c7e85bf5992aabfc07229243b7a44b8565 |
| SHA512 | d4b8f673377383ddd03ce3f661d52ceabc82ad8e262dd7248e319e606ff878bea3d7e576ed6360d2395d519eea9e88a78b3ef6356675dfb240f1b300f62f4abd |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | a374b8e169241216639106f56320a7e5 |
| SHA1 | 58321154de2d332357bade3e9e2af5f8e2454053 |
| SHA256 | bd37f3d45832d070769de041bc07bfa3a1b3da52b9ed90c077e2a07a8800374b |
| SHA512 | 80dd40f9dac8978c649a8927102d42a69f887612133eccaaa00bae79dd377257cbc4b184815587b1d7d41de905fe1745c01b2d594fb2d7ca1068a820b188e80e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1800a9412b1ddb060f04bdfa99737d18 |
| SHA1 | 85f4689afbb422cdf21e665b3f37f105d23e2d4e |
| SHA256 | 437c96d014d09fb3ec31e6612fd03f892feea8e597b125f130e7aadc4a60d9f9 |
| SHA512 | 13c2e5f38ae2f37f27b49c9ae8d4fb638b80ac5aaed2d41e9df8cc248c398b8b4c60d6236ebf274580d522af96432a116b971cb51ac5f50be25e57618aea5bf8 |
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
| MD5 | 5a3ca3e310a4cae6334c058a0b2c319c |
| SHA1 | 88034718232cbdf2811f381926e7efac5a6d09a6 |
| SHA256 | fce874e763ad7067a1fbb28f36b3ac7276f7b671d4b62c1acfa33027628b46ea |
| SHA512 | 9633e54d760f511478a09b794989b31ad3d2a80dd1498eec05b9f2ac372c151d3187c5df1dfdb3b4e2183365aa96916729b4afaf67ee1a663f9fd961590f069e |
memory/3060-575-0x0000000000B70000-0x0000000001050000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | 012ef15a5b36e43734d02b29eb2a35c0 |
| SHA1 | 8f89745dae20f0e64b2079b586ec17161bd2a6da |
| SHA256 | 1d264d98da5000ef99ab4d7ad3a86da4ad6c33b6499404d059b4903dd8f8268e |
| SHA512 | d7ef64e6c2164c4c296b14bcbf133276715ba0618e5c0ac4bd4c32bbcb14af47c801d603a5c885198cb39173053cc0a17b36c0034f3f9a6c46125295fe6b518c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c843f41520608363ce8c282da3b5c909 |
| SHA1 | 612bbc6f73e3159edbbe832f4f7768544d78f8d0 |
| SHA256 | 6a083e7daa0ab05f0d06a0fd215ca8ace5f88fa811b31f85dbe630be55d0ca53 |
| SHA512 | 7880f79e9249fd9f8ec87e831a9040b1deeab018d0c0acb5c3628a92ee94cf71274e19b2427b90c8b31c2766397b41742346de63f181a383fa34b0f735a62ca0 |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | 04ffd17b271e1fce9758682960a363c0 |
| SHA1 | 31b6a7056ce7a2cf65689c7f5205ac02f9b0e6f9 |
| SHA256 | c7fe3e851bee449b8befbaca7ee19b1e2c7182846ae6fecab73fd94496aa1d66 |
| SHA512 | af101510c38aff7070e46c27b91cfddda019fd0b33c54ff8db8014831ab137dde66fcf360922bb26f948a55587cfef401fd9f54a21854eacdbb3fcadc9bafd9f |
C:\Users\Admin\AppData\Local\Temp\rty25.exe
| MD5 | b86a6ced8dd8db1443baa5154b8b6d62 |
| SHA1 | 00a672bd3fe3d591847562c9706e093f9a39f6c0 |
| SHA256 | 20b7fe1a08f48a314e81bc89e698ca345cce6c1c5bbbca6cd7bc7b92b41595f3 |
| SHA512 | 931a6cd186e4e1eba7582c5a783967bb1ad035c30984608e4c5af96860057fb210034ea4d2147e83b2995ab646a966abdc7bb5baa834e76cdc9e70f465e75251 |
C:\Users\Admin\AppData\Local\Temp\1000770001\redline1234.exe
| MD5 | 2ffcbb552cf9b59fe13a0e47c4a096f4 |
| SHA1 | 7047baf4eb1f8e0b1ce477b39e8d3f4cd7aa698f |
| SHA256 | 3b27367bd583704d60c0eaae1a6cdcbe8de1da7b71a2797a28fbbe8a9f32cd95 |
| SHA512 | 1b1650b1326aa975da5f3f225f14a1eb70ce8d2d99f91f3e25ec04c7ce0de98ba1c7b758b92215a06108b2858e90423a0a7935a39fe53fc0eff7c801223ea2bf |
C:\Users\Admin\AppData\Local\Temp\1000770001\redline1234.exe
| MD5 | ebb980346ec78291ddcee61ec83d74d5 |
| SHA1 | d668e103d5f3124f046c68636bdb5c70e934540c |
| SHA256 | 43c17d38268c6c79a601e29c544c5c4d57a12093709ad4b5b065becce6239059 |
| SHA512 | ff253741657cda1889e3f4998a9ab3613c4718078a53351da1e2f9ef05ccdf25cdf0932b8739b78b835d54b19137e7e8369731183fb27e0f3cbb5bef3af6f13f |
C:\Users\Admin\AppData\Local\Temp\nsdF4E0.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
memory/3568-624-0x0000000000740000-0x0000000000C20000-memory.dmp
memory/3008-647-0x00000000006C0000-0x0000000000AC8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000772001\2024.exe
| MD5 | 6b6105034bf4fa8fe10e826cfbccc131 |
| SHA1 | ccbe26e7f2036debc6b75f0315a8d9210438e590 |
| SHA256 | 4f31876cf56da48660aba9a978919481a524c6ddfa118a845c1d8f27c843ae9e |
| SHA512 | c34a22a0981cd23a1f2c04c364068115edc5922718cf062dd8b79bf7259341491981e6f3d9a0981fb831b7c4d7586930a06e220c7bdeae38b93cd8bfb4a39f16 |
memory/3644-689-0x00000000009B0000-0x0000000000F4A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000773001\mrk1234.exe
| MD5 | cac37f8078dbf0b03b7c9f4f639144b4 |
| SHA1 | 56225f2c1a070886303ab52f682e687a127f93ec |
| SHA256 | c98c33f6518882d541f18b46d37657806eba5705f99f053d3c64242b5a328389 |
| SHA512 | 7298f5f53d009fdfc919c61d0bb79ebcf1efa6ac34c0a535fb79a6a1b9a902b6f960568d792f5c76a8d3d18a7df82e04b3acf05649150a205417c74ec067ba37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 975d7b59a76a73b9dec0de2caa02deb0 |
| SHA1 | 9c67c228f1337e2c3def6b2f4eb062e8cdd2eeaf |
| SHA256 | 2a6b781503ab68b42c89e912d11cd0e0e548f8f08ec65ecfe7ebc871eee8434b |
| SHA512 | 353998709bda10b60c78760b353838b5870f35d6880ef427a4ef74366c24aacb9e466a1b7352241a952c87b3906b9078b39a8928f2dced7a1312f5721bbaae22 |
memory/5432-778-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5432-784-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5432-787-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5200-802-0x0000000000400000-0x00000000008E2000-memory.dmp
memory/5432-801-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5308-807-0x0000000000400000-0x000000000048A000-memory.dmp
memory/5432-805-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5308-811-0x0000000000400000-0x000000000048A000-memory.dmp
memory/5668-808-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/3644-812-0x00000000009B0000-0x0000000000F4A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 003b944991eb9007b8172479fd9c8e78 |
| SHA1 | c6e5903ed5f402333568bdbe4b76402417676ab6 |
| SHA256 | 05877651b87527cd6ab519e42337bda6c29aeabaffbe1bde9a9883ee999042b0 |
| SHA512 | 30746b610e7937f29950be626516dd2390ef8dd4fabd735422b45303e0722de04a54a04fce17ad975f5f96b0c1692999e1144cab53cfca63caec993e924311ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | de8827d93011d8af360f82cc1f8ce73e |
| SHA1 | 87774343c086d15d6da295268cbca6fed80b621f |
| SHA256 | 511050e65ef86e0692adf41262e7be695993b28b629ba66f3e174e27d78ba6c5 |
| SHA512 | fa0527111401d82e4e05a16d1908ff9e149d396ff088d970855755ca5a8589476b19a96746c445284b803f3589f1544a02b4d67e31bb56c596a3b79f49d7948f |
memory/5432-838-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5432-843-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5432-848-0x0000000000540000-0x0000000000560000-memory.dmp
memory/3568-846-0x0000000000740000-0x0000000000C20000-memory.dmp
memory/5432-851-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5432-852-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5432-853-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5432-854-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5432-869-0x0000000140000000-0x0000000140848000-memory.dmp
memory/3008-871-0x00000000006C0000-0x0000000000AC8000-memory.dmp
memory/5432-875-0x0000000140000000-0x0000000140848000-memory.dmp
memory/5432-876-0x0000000140000000-0x0000000140848000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000774001\moto.exe
| MD5 | 3b99d71d06c782306e19bce2828c84c8 |
| SHA1 | 42e566a142237247343a76d8bbc391df991a0933 |
| SHA256 | 54d8b15beed71e1222f38fa632dc0b8e00da135d81a03ceda60ff3db569477e3 |
| SHA512 | 9fc3edea3cf6607faaf16017db664ea300f1075a4a3c1dc9d8821059521597f2412d407039641e3cf7c690133fe498ee8c02d9bd73b7ef2a22c0745a0907a55b |
memory/5832-877-0x0000000000400000-0x0000000002B06000-memory.dmp
memory/5832-902-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000775001\alex.exe
| MD5 | f456a80dcbe8317cfca54bb43b2fe11e |
| SHA1 | e6f1b56e59eac746322626b0d292fa9953128546 |
| SHA256 | 11ac0dda77d1690c264a3161cea02769f88c3414dfb935ed9333fc98aae14fa2 |
| SHA512 | 5eb5fce189353fe7d1a28e8bd32b4661bf6bb7ebdc3fd8284a5e99e222086a61ad1ef4508bac32b5b0213d210870c8c295d826f7a534d41dbc9edc243566b918 |
C:\ProgramData\DGIJDAFCFHIEHJJKEHJK
| MD5 | 29861cfed59e18529d4fbcd585d9d50a |
| SHA1 | b45463406352ed260b16503c9fb1e765b9e3ec71 |
| SHA256 | 9e62b0b45fce91f76a47411c9a1c8e36ca0058a55e021dc381d93a900669ec30 |
| SHA512 | 2e08343f8659270c30f2c7d14b4e157cd0a65a9973b75ef4c1ca854b4b744ec2d659ba1856252757a24cb2000fc0e7f61cdaa20d7fa6935a118e2f500544828b |
C:\ProgramData\HDAKJDHIEBFIIDGDGDBAEGCGDA
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\1000776001\goldprimesupp.exe
| MD5 | 83cc20c84b87e86161f8970676cb7faa |
| SHA1 | 8374b6cb54779ef804671b4a0995b0c029e72e2d |
| SHA256 | 6ee240f2aca3f623c204ea564130b52952a09da888b065adfd925ff2dc82d06a |
| SHA512 | 12f9e304ac0474943e90606cd4af7bae0703b218fbee29a1f9a0d1168b6b80a4692979c263823380e08733f19fda8fb9a2c052e50d70c4a92d90fa556976bfe2 |
C:\Users\Admin\AppData\Local\Temp\1000777001\rockrunn.exe
| MD5 | 7fde9ea27a1fa4502e91580d28984f6f |
| SHA1 | 23d2365b9ab1521c5b8b06630aa54815808fb82e |
| SHA256 | a6675cfa71bb513444984baafb3dae7384f1d75c49f87da5122c46ef72efe39e |
| SHA512 | ed278a590449890d804c05c572a68bdbb92fc53b2d4a37f13e7fa3a01e9a5a4ab0312d370ebf1e466a25b25c98160a9d6f3955e34225e21362b3414490306b49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7ecf0766e37e6eedf86e427ab5b90713 |
| SHA1 | fc90cc7ca3462339c86cae57213ecd6082c1cebe |
| SHA256 | 4512a048d1dc570bb8410e160150b7ed8f2c97fd04e336d3ed56c3e02ac7ad97 |
| SHA512 | d73c882efa4c721b050c515a4ffeae43fc31c70c88d9cc5bc0f0ab8c8a9d52e43137d8331837d780f1a78511a1922c0f0d3c70245465d057a2dc8e1dc2f4a90d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fa378069c147bb613b9861e14606c6f0 |
| SHA1 | b75678164e302f076fe05a8c0dc686ad4dccd5c7 |
| SHA256 | 9c38f6bb18c4988eaf989f4f355a54e76ff2fa31ed518e479bb25a8b00e6865c |
| SHA512 | add05e6585477eb5dfb625a37f534f1ceff7155fe13f7ea481140479c24a13809bd9153d05a2b9bb9e50b15381571c221f6417755ace4af8e171031b128d2232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5854a3.TMP
| MD5 | 173c2e73ed9f355026a5adf47a5d0107 |
| SHA1 | 3fb91ddbd3b50958a227439adfea6aa8676d8bd3 |
| SHA256 | 832d490757a1cf0393e6528f706f79ecb2cf4b15e7d2d543d727ab1208ac72d2 |
| SHA512 | ae99762bff7ebef43288af86448873d179af021270d7ef43232921a22cb8e5422f335fb12b9a79557482d8ab8c12686246d22a46bcf62e7f89299e97087702ea |
C:\Users\Admin\AppData\Local\Temp\1000779001\MONTHRDX.exe
| MD5 | 075bd05fa223319f8b76c40b10d18827 |
| SHA1 | 5312508867c119740a120d87ddda5a784fa09868 |
| SHA256 | 5acdde638efd4cc990eb73f2980500511ab56cacc9082dddd7914aafd5f39803 |
| SHA512 | 9f6c74501a8a1041052c0ca7b829874fe1453261d80fd515965029ad277e20ef927528ecf9ed0c7a4327e70b511eea3ec36ac17e5365fec6334a3f5754de73bf |
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
| MD5 | aab60cf1f5770813917f2393faa86a2f |
| SHA1 | 268736e81bc64a00cb0b1d3a92470da0611d6104 |
| SHA256 | d7618424fe8236ef2b274b5b858d6725bdfe4dad823f59034539c60d3e35aac8 |
| SHA512 | fe1ab0dd3413e003922925cc1117cbdd5f2b569dc8c14bb21845b1c2390ba7e436a82c7f2d4beb0effb491912adac9ee387d54fe1079260b7d0a56f2f8f273ef |
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
| MD5 | 04e4314081712973985902d8a33ee67c |
| SHA1 | d9d37dacabce0a8e8ec74a97c88cb423fb8219f2 |
| SHA256 | a6145907c1bf10b8e53c4ae95346e42d17e919641bf33fba682e6a717fa53c85 |
| SHA512 | db9ce4c540e4154943035a78f3e5814707bc36b2b3210b060f702614c8c8f203984cf3a44e93ff7997554c355d698f6abaac9d45a70103cffd48eeb117b6a987 |
C:\ProgramData\DAAECAFHDBGIDGCAEHJEBAAFHJ
| MD5 | ad88121db6f394ba39f002cbb1d97ee1 |
| SHA1 | 1c309872adc0ca26cb215e67304b8a5f1effe768 |
| SHA256 | d52735743d0fda1bc78136144d4678d269c528aa894fd897f36c63d91733ace8 |
| SHA512 | f2444afc9f597d705cb851cfae3c4aab6f3b4d356ad0dae16a69095867a2b08fff75830a98b435bc915441d4a43b21c7286bb2515de140dc1a520f540f62aab3 |
C:\ProgramData\mozglue.dll
| MD5 | fd0ffeb76c74c24e3a01cfe4339ac7b0 |
| SHA1 | 93485e74beb5a19b0faf3ccc1695af877a89349c |
| SHA256 | fdb0954a9240773344ba96948b1b2a5ef8dbec77e2a2fe9fcb0792d2d7ff54a8 |
| SHA512 | 6b044fd6d95c03b8e25026298a4ac7c81ffec0e71aa924626ec4866b2ede3a956b7379adfc560fb521cc16d16009f3b2d0db49cc73221bad61952b9ecafdac7a |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 991bdd8a5ad30ce7ccfd42d8fc58a854 |
| SHA1 | e936834f690ebabfec7d3948439c14e4a9cc265b |
| SHA256 | 55a40a5b32ee2f1ed12f726d1f9cc30051a23c80d3ee06bfd8561d0eb3d5aa8a |
| SHA512 | 88b8bb24505ea4509c68904f146eb15ac9e502ce163d191ef4fd17e9bec4452a6baf256789e292b4bf27b870e3bdde458a261b52ab9b16813ba6e687056e31dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93ff15897c5ff30235528991b125e868 |
| SHA1 | 845983e54ef0b04e08475f569a24a3c135801a29 |
| SHA256 | 33e40aacbd87ee7a8dca629035418c1eb1271228a2c3a68591fecbac4b9be4b6 |
| SHA512 | 6e1d541c35de12200ccead40d4952efe765cff45d6f47496eb6cef97ce761552ed3d5433f0439e805beb942f64611497150cef461589a351a97ede192cfcdeb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4348a70c541c5c06a7dbefc5e7d9b574 |
| SHA1 | 75c7e64d6f390a472b09ca688efa114e996c75fe |
| SHA256 | 3f6b524fea36ec156fd268a3b5b115cf076ad8598d682dbb59fd6e7694243dc3 |
| SHA512 | 8c10a1ff9759139fe2416dd20c2f4232d887a7ae3fc6aca3ea7806a517a0ecfd5f8169cf78cfa1deaf927a9e34aa1d43eb384474c1ed43b9c73fe61394009016 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f51bdbdaad6de6eba66efb490fda7d8c |
| SHA1 | 8b1193a1956ec651f781a9b905f103f25336c37b |
| SHA256 | 6795232e0802616c43d76fe28e82d5c70e3a7c001b1e25ca3cb66b2818724d0a |
| SHA512 | 1171c88167a8473dde7d7dfb1e0e93000685da6ae957987a9ab31443e3c307ca7af86377818a490641d1601c3188ee320123578704ff40c5053346215b3efda0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afd53529d0aedffa16deff71c72eb223 |
| SHA1 | b4fe0d3fd5a9b8dfb71c8503fba3a097f744c99e |
| SHA256 | 691706ac2426010f4daafa1923d82871fefd20ae5beb79a08cf1ae280f45c9d6 |
| SHA512 | 42eae2819dfba142c6b299ba62ceb89bc537146e0c1cf0c622427a74f777bc0faed9a86ae5a3044cbb42eb581d57b43d423f8b878b2f7ca8244f3f4f89012106 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_csav4od4.fuz.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\1000001001\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | ba7aeea7fc518dc59b0fa66d07143461 |
| SHA1 | 1d17b6fc6628bcc9055ee4a1db27e7f134c23742 |
| SHA256 | c385955b84deaaff0b557bd00ae4409fa83060ffbe0b1a89239e8b097606c965 |
| SHA512 | a850fc47de641c84161e05cf341527a10ec6cc9bada0c651ecbc0e9c941a8c69c52ac368797f6f12d4291f3b49eb69799bba683afedcffd0fc213c41dad58257 |
C:\Users\Admin\AppData\Local\Temp\1000003001\toolspub1.exe
| MD5 | 3459e4e3b8c2023cb721b547fda205f6 |
| SHA1 | c4cc7eb4d2e016b762e685a87b16144fda258f9c |
| SHA256 | 9e5c6920cc755310726ff3ba27373a487206238dd24667a58c0c67219db79cbd |
| SHA512 | eba48ac97ca9d2ca6626cd7fbcdb17f5a7173e03f6d8164c9b0c91902741e38043800d8815e0385ee3e57690fcc5a77d71f2c811b859e3e5d8a886b96a0070bc |
C:\Users\Admin\AppData\Local\Temp\nsc166E.tmp
| MD5 | 69ccfb535cfa2b3d0fb557c7fe723460 |
| SHA1 | 3b5f39d0d2f5c2ec3608fdf92cf62debea22b353 |
| SHA256 | 6cbbeeec9edcc60aacefe3d37be88dc610955bf5ae8dd93fff99d2b18c799dbc |
| SHA512 | 9708e0d9e48569aec0bf14803bbcc8a923e73a646e214128d658916862b50c761065cbdbc41ebc7e0c4e97cde1ae67ba77486d5fdc8c52a2903283152f263af6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | eb7510adcc2ca9505aa5a076e5a7f976 |
| SHA1 | 6c7751b42eed7cb8cfce0a23832c3255b5d40181 |
| SHA256 | a2c187583943c31c26a9f0013dfda7addad985cb7461f408d8f9c9f57b15a9c8 |
| SHA512 | 4967301b1c4c6d8f7036021867155c0bfe1f253b0db33d9cec44eed879e372d5515070c42b8f3b6857371e595d0da3cff79f3ce4fa96a665ecf91020120d032b |
C:\Users\Admin\AppData\Local\Temp\1000004001\rty25.exe
| MD5 | 5fd7aff48d27771ca0aec6776afefb93 |
| SHA1 | 5d57e1e85a836b736d3b3c2056d500d1d2b92dd2 |
| SHA256 | a9498e18f267a568b57d3a281d14118c70ffd1aae42411ee9a7661092beee97b |
| SHA512 | aea36265cf13aa252ee06086b22002165401fed256d1bdfd26aee61f4b26e7c29b430237a6941a5a09f923b246cf84cf75b110aad9f01c694e992c6b076bc293 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\86a665b0-2ccb-461a-9aaa-8b516f0b5cd3.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\jobA4wrJW4gAW58PhU\KvHrxJ77cmUgLogin Data
| MD5 | 14ccc9293153deacbb9a20ee8f6ff1b7 |
| SHA1 | 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3 |
| SHA256 | 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511 |
| SHA512 | 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765 |
C:\Users\Admin\AppData\Local\Temp\jobA4wrJW4gAW58PhU\02zdBXl47cvzHistory
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Local\Temp\jobA4wrJW4gAW58PhU\l6w3NVXsgpmDCookies
| MD5 | 22be08f683bcc01d7a9799bbd2c10041 |
| SHA1 | 2efb6041cf3d6e67970135e592569c76fc4c41de |
| SHA256 | 451c2c0cf3b7cb412a05347c6e75ed8680f0d2e5f2ab0f64cc2436db9309a457 |
| SHA512 | 0eef192b3d5abe5d2435acf54b42c729c3979e4ad0b73d36666521458043ee7df1e10386bef266d7df9c31db94fb2833152bb2798936cb2082715318ef05d936 |
C:\Users\Admin\AppData\Local\Temp\jobA4wrJW4gAW58PhU\02zdBXl47cvzcookies.sqlite
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d0d20e6291358ab62a03b6abdf7e2846 |
| SHA1 | 64cce9c880b90bbf7eec2da08f6145fc7678de02 |
| SHA256 | d76e13bb1f07577055b4ab18da19ca136de7704f23bb7a1df3ee4750b1bb6127 |
| SHA512 | 03e0e0bcd85eb679ec6ca5ea2db92c2033726f4b08dc7f5ed6498448cfb08b4469faf39e561ef21003a546376825b79af75279fd838dd559f8b39be73284cd4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e0202ab8d00b2684dd84abf3aba59e0b |
| SHA1 | 6f28ee0b943cad28f0713135b933f457f4281492 |
| SHA256 | ff4423429b60fa8e39ff4bde79ddf18373d74379920ddf2ac5fc071fbf4e2a0f |
| SHA512 | 7b2f350da80e27d07b2165477f7e3f1cee38cdfb7023e6f529d8652d49a8345e7f47375740fa7338fe15e83e1631db86fa4b24d5af544a121eaacf8a64b7c13a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ba88b3e919d06d670bdeac0921f44d45 |
| SHA1 | 17b7fdc39e16522c9ac8c30a16baa93fad582125 |
| SHA256 | 988e1ca2bd91e9a4509bb603e27abea7fa8fdf42c3ccb39a948b34eefecff9fe |
| SHA512 | e6bf89886aea00c304810c3c08947d1ab0c09dd1a6f879d09ba61934a4d262d8d4a24866795c78f696e9a4da1cca41d5ef561e0df476c37048b0f29cd8c06c15 |
C:\Users\Admin\AppData\Local\Temp\jobA3wrJW4gAW58PhU\passwords.txt
| MD5 | b3e9d0e1b8207aa74cb8812baaf52eae |
| SHA1 | a2dce0fb6b0bbc955a1e72ef3d87cadcc6e3cc6b |
| SHA256 | 4993311fc913771acb526bb5ef73682eda69cd31ac14d25502e7bda578ffa37c |
| SHA512 | b17adf4aa80cadc581a09c72800da22f62e5fb32953123f2c513d2e88753c430cc996e82aae7190c8cb3340fcf2d9e0d759d99d909d2461369275fbe5c68c27a |
C:\Users\Admin\AppData\Local\Temp\jobA3wrJW4gAW58PhU\information.txt
| MD5 | 1732fa68dc4e0c4909abe7d01e66e440 |
| SHA1 | f9306c85105cc3cffeefbcc51e68573c04a23197 |
| SHA256 | 14757e4a9a4b5f120871c41acc409970e3a4b1ce051f29ab1ec192c4745281d3 |
| SHA512 | 4e3be26d8dfa863de17b75a4147ce9c0d52fcbe6ce6a786523da6baf8fc8709eed963db648cb5a8eb0decc230ca0af9c2d0d8039e1e28b77ecff893dafa435c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a75945d1-c472-4b1e-b86c-d2d127f7ddd6.tmp
| MD5 | 7f42e0c3082779fdf422bdbfbc8fa4e4 |
| SHA1 | bd9783db3b4af9d1d4b19e0d86f5633e91e54a2a |
| SHA256 | 9d37c1c057f417a4ee648220aecb99371b6bf8ce174d73d2ff8bfd8e3ab4f1c7 |
| SHA512 | f4c0203c7e5a4d85a9f1372aeb2812bf05f65c46dcb27958db5b535833c7e2516e2984425733769750062aef3f1333222e08d1531841f07ba5c7edc3e24cd50f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\datareporting\glean\db\data.safe.bin
| MD5 | ed5bd175385eb85e9097485ca0980dd4 |
| SHA1 | 2c16901c6ec4e5664661ab4272ac91bf3c4c3774 |
| SHA256 | 32aae3922a7be5d856366b0b275b983cf8881469167b5f19c2086a4cde0c0469 |
| SHA512 | 3482df3cd5775c512c096326b6054c415f35c9818700165da6ec4ad18dee42bc37b0d39a07a90d283f1c4ce3d8b70ef85ee32774941beca5b99a7e3955b66d7c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\datareporting\glean\pending_pings\38dc80eb-4385-454c-bb7d-f6de811b8d27
| MD5 | e9be6e441fec1ad1b5ac7160eaf6ea7b |
| SHA1 | 247ff6bc3e651c51630347a3d04862689846c8de |
| SHA256 | f191f1168ed5b7be8d913a614f3334e639b7e9aab4c0ac94a827030911fc7024 |
| SHA512 | aad5dc40d283158f2d98853365af53d0886eb48ce38123c61ea1b8600bd34f2f6b96ccb96cefef604c67effb895a764b85a1bbeb521d26b53ee7b973e7997617 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4b5778989b11ef8dc79941a58d1c9fc2 |
| SHA1 | 7e27585cdf22ef96009a3b5d9b536bd8c0b14048 |
| SHA256 | 14c9023af4f1417579c28c0a878677f97b031db3b0f6debac5cdc7ade8f676e0 |
| SHA512 | 7abec3538a7cdbf1881397f3dbeb512c1a7e95d2bd3bad1ad8e4b7175f75e99e00c135c72652ac3ca1bfdd6a96416069e7fe9a4422d8b722cb4ac82f42af5d74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\datareporting\glean\pending_pings\40d57261-a1a9-4f40-9f7d-2e0a11ab7427
| MD5 | 269d2cec23db5a789622fe9906a482ad |
| SHA1 | bc0b6d928103627d110a9820f62bd537ee8400c2 |
| SHA256 | 493d59f8bf1fdb6431545e77ec63972622f638552aadf7f766f2650b6c300ac5 |
| SHA512 | e754d0ac27090b0e3a57c4fd1b3cd30fa08e47d153d329cb941570ed8e8d03fb952484ffdb1594c0d73907c3557c4fd2f7088c3171b854be5e9ee84f8383dc95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\prefs.js
| MD5 | d0cb569a65c2817716d7d04d18a32c8f |
| SHA1 | f281ddafd6e648d54b0ec360f4498175a22010ea |
| SHA256 | c6445cb87a501b2a7e64143e95206d265796e5527e16841a48519fdb0b1c6c6b |
| SHA512 | 1511556860e3e0b5f5f361e0ed66ff0ce2dd86c13d86964546525db4fc2cc4b87cd38b385f8a4dcc03f969e43b026f5bc1cc0f0db03a1e8857e2ae218f85a69f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 1a05f502db2134404023d23a2c7ca57c |
| SHA1 | ddece80383f29e216ac875c1acc2814f787f20a6 |
| SHA256 | 250f974f38dac695572a88a005d4a080467a9e65c273fc548a9b4e0cee723869 |
| SHA512 | 7f2046928f434a76609831536b6b14cb31070b51f90cca0546f6091283f779c3df0e79b0d901d9395a47ea96d450ffc019298ad819c810ab8d840ea253d65aca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\prefs-1.js
| MD5 | 0d5616d61afdb0e9e681a63810be1716 |
| SHA1 | 916da2d8d45416a2e2db032e97a15b0c136b47ca |
| SHA256 | 095acbfc86ccc1d3bcfbcff4da7c4bafb2449ef57748d10fa8f6539d9053d55a |
| SHA512 | 1f39e052d997ec853204452a170296e71213d11a6a2b4cd92b6e884e7cc1d988bb476d06c2cca3ad003bc5ac842f88019f0464d389d5221412f957fa328e538d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07981d20bfc4120dd6642fbe3c65f9e3 |
| SHA1 | fd934cdb5a78e9428c4659bac55aed623f3dbf74 |
| SHA256 | 49b73cdeac449670b3980c0786acaab9aba34ad33b1ee721c2716ccb1719c526 |
| SHA512 | b93f46d2bc6f2e343046d7792bdaaa70c1bc593299da3f4bbb7c0cdb4e1082c5f0d38e7e90e23597fdbdb1c13157309311ec8e78be6e611eeea38907803d32d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore.jsonlz4
| MD5 | 50efce6e28bb4d9df5d277ac6102883b |
| SHA1 | c6c28eb495be107915e02fc62443ab19bc69ee5a |
| SHA256 | a1b5502f0463d061356a896bcc7d4b359b029c5eb0d7251f46f6eebef0c1bf2b |
| SHA512 | d41d3d762d457ac2eabd8a1f89d573be0c1d19d22e810b62a78be32873439388966f23347a8bc4ec22a9e7edac77cc19a52d4637741e7a41485ab37d55bfe965 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fcc7d9202587617eb51806fa0bc06897 |
| SHA1 | 5b142dbf43e4d0da164bb74d672b8e5148b95b93 |
| SHA256 | bd255811c8f688650f6507674e916b7793dab8938522cff16f5cea745ac8d60e |
| SHA512 | 11802a3de1d2dad1c529b41f870319512bc74150989c680db99c4533fea6973fbc0caa2f6e632fab26e8052ddbd75940079111063d66dcc02000fb46a098fbff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\prefs-1.js
| MD5 | e460bfd13bdcf1477dd66364c4b263df |
| SHA1 | a7a5acd30a1c52b468711022438d208954af4ae2 |
| SHA256 | 9d6d315e0102d22a9f545ade42d0db75eb49da772072ecb51a400694ec617301 |
| SHA512 | 1c0973f6b6ee333cedc0e8e1747db0a555e07687c7d94eb92907c9603a62659b50212ad0c4b89d18803cca795040db7854cadb351fe8e95dade9c074dae9743d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dace484a9cd1427b66f140f71c21345e |
| SHA1 | 791b5cd1586aa753cdc675008fc7c2e0937729f0 |
| SHA256 | 697036ad9770723bbf4cf2079c473346ed697cffa43895898fedb733122c8329 |
| SHA512 | ad5746969324aa4fd82b74f9a0143fc6612e25f1462f1c42d0ab4343c0eaa765eeb418f8df2dd75e14adf3d64252d7da826d9002cf92fc65b6dd09a4af1690d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0d9c78a4116c5678f71aec62853e4419 |
| SHA1 | 2e9a73cd6ced4ffcaba3306497fa3fec5b80c0a6 |
| SHA256 | 2427c3edd0399707774e479bbea699781e5017965b52f879471fca8643d10f49 |
| SHA512 | 7cb3e772301b8c44c4655e125891827ff9d32869ac694580a3dd36dbdec5f35b35f130e47c5cd1f0ba5ed4bc22047f26ee78322f06dbf7998403f50f2dabe588 |