Malware Analysis Report

2025-01-22 10:25

Sample ID 240206-bcztdsbgf6
Target 05aef2221ea6cc47def254618a61d437.bin
SHA256 d437d473d31d266737ef5c7240cc94e3df6d71defde59fd3262d06722de55c84
Tags
amadey trojan redline risepro smokeloader zgrat livetraffic backdoor evasion infostealer persistence rat stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d437d473d31d266737ef5c7240cc94e3df6d71defde59fd3262d06722de55c84

Threat Level: Known bad

The file 05aef2221ea6cc47def254618a61d437.bin was found to be: Known bad.

Malicious Activity Summary

amadey trojan redline risepro smokeloader zgrat livetraffic backdoor evasion infostealer persistence rat stealer upx

Detect ZGRat V1

RedLine payload

SmokeLoader

RedLine

Amadey

RisePro

ZGRat

Creates new service(s)

Stops running service(s)

Downloads MZ/PE file

UPX packed file

.NET Reactor proctector

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Launches sc.exe

Drops file in Windows directory

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Creates scheduled task(s)

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-06 01:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-06 01:00

Reported

2024-02-06 01:03

Platform

win7-20231215-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe"

Signatures

Amadey

trojan amadey

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorgu.job C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe N/A

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe

"C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe"

Network

N/A

Files

memory/624-0-0x0000000001000000-0x0000000001A1B000-memory.dmp

memory/624-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

memory/624-2-0x0000000077130000-0x0000000077131000-memory.dmp

memory/624-4-0x0000000000D00000-0x0000000000D01000-memory.dmp

memory/624-8-0x0000000001000000-0x0000000001A1B000-memory.dmp

memory/624-9-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-06 01:00

Reported

2024-02-06 01:03

Platform

win10v2004-20231222-en

Max time kernel

1s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe"

Signatures

Amadey

trojan amadey

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RisePro

stealer risepro

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Creates new service(s)

persistence

Downloads MZ/PE file

Stops running service(s)

evasion

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorgu.job C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe

"C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe"

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1"

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

"C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.3.1117242860\160585025" -childID 2 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd5af992-0353-4e9d-89e0-b118a9b255e3} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 3784 2d90745d958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1896,i,13973590826635939218,3306650475486823200,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1896,i,13973590826635939218,3306650475486823200,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4624 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.4.586954681\186170950" -childID 3 -isForBrowser -prefsHandle 4300 -prefMapHandle 4640 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {633202c1-b824-4e41-83b9-81bb2b036468} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 4752 2d907468158 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4636 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4988 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.linkedin.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3836 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe

"C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1984,i,12473809990671549228,2425935381141632353,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1984,i,12473809990671549228,2425935381141632353,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5344 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.linkedin.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe

"C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.7.1509189032\331175334" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5588 -prefsLen 26206 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e33fc74c-e50c-426e-84b9-b50e77368faa} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 5604 2d90742e458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe

"C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe

"C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7384 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.8.1691611412\611410421" -childID 7 -isForBrowser -prefsHandle 5856 -prefMapHandle 5860 -prefsLen 26490 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c410899-20d8-4970-85bf-b2d8f03d9992} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 5868 2d919cf8a58 tab

C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "ACULXOBT"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe"

C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe

"C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.9.1773139626\1344457787" -childID 8 -isForBrowser -prefsHandle 6044 -prefMapHandle 5876 -prefsLen 27337 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70800333-4929-433c-9fa1-1340b8128d0e} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 6172 2d91ac63a58 tab

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe

"C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "ACULXOBT" binpath= "C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe" start= "auto"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1720 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\u7xk.1.exe

"C:\Users\Admin\AppData\Local\Temp\u7xk.1.exe"

C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe

"C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "ACULXOBT"

C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe

C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10316 -ip 10316

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10316 -ip 10316

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 1176

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 1224

C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe"

C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe

"C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe"

C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe

C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 10572 -ip 10572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10572 -ip 10572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 1088

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 336

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6632 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\u7xk.0.exe

"C:\Users\Admin\AppData\Local\Temp\u7xk.0.exe"

C:\Users\Admin\AppData\Local\Temp\rty25.exe

"C:\Users\Admin\AppData\Local\Temp\rty25.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5852 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8820 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x320 0x494

C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe

"C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\168293393341_Desktop.zip' -CompressionLevel Optimal

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\8DF3.exe

C:\Users\Admin\AppData\Local\Temp\8DF3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4928 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5320 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.6.1543322583\291857977" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8c240e5-aa58-46c0-b28f-6a44ee499e29} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 5224 2d918ceb258 tab

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6132 -ip 6132

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 352

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe

"C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.5.508278504\1347918097" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4888 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e6f2769-8941-4912-af42-e35b6fdf6b99} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 4776 2d91947c858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1784,i,17781962333011325246,12341143174394173020,131072 /prefetch:8

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1784,i,17781962333011325246,12341143174394173020,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe

"C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.2.1230019342\911170048" -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3040 -prefsLen 21525 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32d0864a-9413-4b95-b616-15c0df50e94f} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 3120 2d913762858 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.1.844085204\981196768" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 21487 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aa74f0c-a5fd-4724-a02c-df066a7bff04} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 2360 2d912f30158 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe

"C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.0.492972789\1526157839" -parentBuildID 20221007134813 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0847328c-41d2-4397-bffd-b048167418e3} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 1888 2d9137d7758 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6144924718442087704,12299002801638321534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1463021959927124328,8634639345586080321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14949324305986686653,15768167953382488290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14949324305986686653,15768167953382488290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\168293393341_Desktop.zip' -CompressionLevel Optimal

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1672 -ip 1672

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 2372

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
RU 185.215.113.32:80 185.215.113.32 tcp
RU 193.233.132.167:80 193.233.132.167 tcp
US 8.8.8.8:53 32.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 167.132.233.193.in-addr.arpa udp
US 13.107.42.14:443 tcp
GB 142.250.178.14:443 tcp
US 13.107.42.16:443 tcp
GB 163.70.147.35:443 tcp
NL 142.250.27.84:443 tcp
GB 142.250.178.14:443 udp
NL 142.250.27.84:443 udp
GB 142.250.180.3:443 tcp
GB 142.250.180.3:443 udp
GB 142.250.180.3:443 udp
GB 142.250.178.4:443 tcp
US 34.120.158.37:443 tcp
GB 216.58.212.227:443 udp
US 34.160.144.191:443 tcp
GB 142.250.178.14:443 udp
DE 185.172.128.19:80 tcp
NL 142.250.27.84:443 udp
GB 216.58.212.227:443 tcp
US 8.8.8.8:53 www.linkedin.com udp
US 173.194.24.40:443 tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net udp
GB 163.70.147.23:443 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 173.194.24.40:443 tcp
US 173.194.24.40:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 ponf.linkedin.com udp
US 8.8.8.8:53 ponf.linkedin.com udp
US 8.8.8.8:53 ponf.linkedin.com udp
US 144.2.9.1:443 ponf.linkedin.com tcp
RU 185.215.113.32:80 tcp
US 173.194.24.40:443 tcp
GB 142.250.180.3:443 udp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 8.8.8.8:53 40.24.194.173.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.9.2.144.in-addr.arpa udp
GB 88.221.134.155:80 tcp
US 13.107.42.14:443 tcp
FI 109.107.182.3:80 tcp
CH 74.125.173.169:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.180.3:443 udp
GB 216.58.212.227:443 udp
GB 163.70.147.23:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.144.127:19302 udp
GB 142.250.144.127:19302 udp
GB 216.58.212.214:443 udp
NL 45.15.156.209:40481 tcp
US 20.242.39.171:443 tcp
GB 142.250.178.10:443 tcp
NL 142.250.27.84:443 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 142.250.180.3:443 tcp
GB 142.250.178.14:443 tcp
GB 163.70.147.23:443 tcp
US 13.107.42.14:443 tcp
GB 216.58.212.214:443 tcp
GB 142.250.180.10:443 tcp
GB 216.58.204.67:443 tcp
DE 185.172.128.109:80 tcp
GB 216.58.212.227:443 udp
GB 142.250.180.3:443 udp
GB 216.58.201.110:443 tcp
GB 216.58.201.110:443 udp
HK 154.92.15.189:443 tcp
US 172.67.152.52:443 tcp
GB 216.58.201.110:443 tcp
DE 185.172.128.79:80 tcp
DE 20.79.30.95:33223 tcp
RU 5.42.65.31:48396 tcp
US 172.67.152.52:443 tcp
DE 185.225.200.120:15666 tcp
US 172.67.213.168:443 tcp
HK 154.92.15.189:80 app.alie3ksgaa.com tcp
US 8.8.8.8:53 31.65.42.5.in-addr.arpa udp
NL 94.156.67.230:13781 tcp
RU 185.12.126.182:80 trad-einmyus.com tcp
US 8.8.8.8:53 182.126.12.185.in-addr.arpa udp
RU 185.12.126.182:80 tcp
RU 193.233.132.167:80 193.233.132.167 tcp
RU 193.233.132.167:80 193.233.132.167 tcp
GB 163.70.147.35:443 fbcdn.net tcp
GB 172.217.169.74:443 tcp
US 13.107.42.14:443 tcp
DE 95.179.241.203:80 tcp
NL 94.156.67.230:13781 tcp
NL 94.156.67.230:13781 tcp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

memory/1652-0-0x0000000000CC0000-0x00000000016DB000-memory.dmp

memory/1652-1-0x000000007EDF0000-0x000000007F1C1000-memory.dmp

memory/1652-2-0x00000000776D2000-0x00000000776D3000-memory.dmp

memory/1652-7-0x0000000000CC0000-0x00000000016DB000-memory.dmp

memory/1652-8-0x000000007EDF0000-0x000000007F1C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 ec587dd5f8265242b825f850d144f0e6
SHA1 1ddb3e2e26af865b17fd70da9e503df721e692d7
SHA256 da3b421aa1989d94d0b7482ffb6d3c034b922248e05983619197d223b206b42f
SHA512 21fed4eac5805223038ef41d976e69889a55e98466818b010cd5f79dd6df04080c756800fe04a0cd8b851c6bab65ab741887cb0baee62ff695eb4bf1b219c589

memory/1420-11-0x0000000000610000-0x000000000102B000-memory.dmp

memory/1420-12-0x000000007F180000-0x000000007F551000-memory.dmp

memory/1420-13-0x00000000776D2000-0x00000000776D3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 1ebf0c1cc5a1999da0d0cfcda6bcb021
SHA1 08802f77c197721569b8d6dcaaab4fc82df1c2e8
SHA256 dbde513996ac5ef0df5f3dc6c7a4ce7b885373162f86db83d667b20bff086a50
SHA512 b5f83400a9a5fd80a6e2ce29052ebd5bafd44e42633ffa51140b60be26190fafeb2ba7c72a77ca2b4b3ebc4619321cc1d2a583d56d83c831d0398fad0c22a654

C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1

MD5 d769ca0816a72bacb8b3205b4c652b4b
SHA1 4072df351635eb621feb19cc0f47f2953d761c59
SHA256 f4cc3a4606856fd811ecbcdf3fc89fa6418a1b3c8f56ca7ff5717713e8f806a2
SHA512 cf13fd667e71707d63d394391b508f5a1ee5ffa7ac27fe35906e15059e9fccc8ad61e91ce3ffd537e8daa0f6306d130997e9b448a4466407fa0c894917850b64

memory/1280-23-0x0000000073250000-0x0000000073A00000-memory.dmp

memory/1280-25-0x0000000002B00000-0x0000000002B10000-memory.dmp

memory/1280-26-0x0000000005560000-0x0000000005B88000-memory.dmp

memory/1280-24-0x0000000002B00000-0x0000000002B10000-memory.dmp

memory/1280-28-0x0000000005C80000-0x0000000005CE6000-memory.dmp

memory/1280-34-0x0000000005CF0000-0x0000000005D56000-memory.dmp

memory/1280-39-0x0000000005E60000-0x00000000061B4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_io2zmw0c.4w1.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1280-27-0x00000000054B0000-0x00000000054D2000-memory.dmp

memory/1280-40-0x0000000006350000-0x000000000636E000-memory.dmp

memory/1280-41-0x0000000006400000-0x000000000644C000-memory.dmp

memory/1280-22-0x0000000002A50000-0x0000000002A86000-memory.dmp

memory/1280-45-0x0000000007540000-0x0000000007562000-memory.dmp

memory/1280-44-0x0000000006870000-0x000000000688A000-memory.dmp

memory/1280-46-0x0000000007B20000-0x00000000080C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

MD5 9c9fc434de16897bda59837a70e8013a
SHA1 304c240c0fc9df3b1e63dcaa6e63b241f28758b1
SHA256 c4d7d159db777fe91f8cf11100e7be00f50b749e22b6ea5b2d85efbca35da365
SHA512 85c29c495a306d020bac3223b8c849a2a508ebe211dbe2f03341a47be020c6c47cdf2656e5159ca8c56b5795eacd87d0b577936343a29a780460945141234472

memory/1280-43-0x00000000068E0000-0x0000000006976000-memory.dmp

memory/1280-69-0x0000000002B00000-0x0000000002B10000-memory.dmp

memory/1280-70-0x00000000076D0000-0x0000000007773000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

MD5 40e2b17dd5a60e51c80f5ea3995f82b2
SHA1 e11e3c44d232c0d49c8d7b743d1f2ca73d7c0817
SHA256 791b730f0fe20018eff42e243bc2e961d82c4cb20d633efa92c5d91c1ee71237
SHA512 78253ac30ce70b188cc401583b8197f96fadff16c5237b96207199aaf502659da6ea42074bcb9186fb15f039d6a336bb642d828e69464c5cb1248321f55d2e02

memory/1280-81-0x0000000008750000-0x0000000008DCA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

MD5 ec9857112b0f18c0e3aa2f5ee2af4205
SHA1 9fb9bdd3bc09313c5776225974b2e9387bd6b5b1
SHA256 5a0b015ea6abb0845b510beb4c1df893e0f700160667fca1d08bfe3da3883836
SHA512 467c90482486f4e9378fef80ded947e8acd308df81d81ad53f7bcbdabcc961c0eab7cd46bdd353d64ed827241361f90263ce6d5a5440795c3689c0439112f1b5

memory/1280-82-0x0000000007890000-0x000000000789A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e71d66ce903fcba6050e4b99b624fa7
SHA1 139d274762405b422eab698da8cc85f405922de5
SHA256 53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3
SHA512 17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3df3163f5ea67ed4b2ddace7565c03cc
SHA1 08422b60d455162bcef1f7219a6ee74a9c594ccf
SHA256 1be3dc01f2dcbaef2e2ec057ff87732dc55758276f8e74162851eae69eee1aa8
SHA512 eb931bd525d9c7b383141066de0b02d6683653b85e97c6bee835c8ebc5505ea79bbec56f4a18df6c17c2fffcf75f3a50a4b963ca4eb87a4d6fb163edfadcb744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 759c24e81f559828bee794349c23341b
SHA1 8a546155b14aeda515f8d2d57d090e0f2112af7a
SHA256 1e7de381473ab78f8bf6b2afce0827bb66b1a737ce68b177ff7002a825bb29c1
SHA512 128a1bc58fffadd8d764bf2ec2f23cb4a3fe9aa3aa0e0dec94c75ef0ff98d6b2e7946aecabd5704d9920921ab39c1e12075ae8e7f22439dbac271dd131ae2a38

C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe

MD5 382773d80bed8c745c92be22975c0ef3
SHA1 53110ba716197e2197a9c005e78f2e02cf162911
SHA256 6a4d510bf57132248221d15a162d9e11e742dc381b6219f9802a881dcb877430
SHA512 e195e5cff19baaf83d5da7232d78f049faa54d18af7a389612866465142577212e4afed554b3592b8e9dae2f8001db0de1b61377bfd75e7810f7a61dd00b5ea1

C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe

MD5 115a0883f5b107eb3d9363b849e9e2ab
SHA1 755e34e4e4cc2ec31e880369f5909682e9921a3b
SHA256 93a06b07e11821930c5682ea8deeda855594f964cd5ef9ae6261c6414dd68bdb
SHA512 f427b6014c085d867847a5023670af938d1ded87c3e4a41b00e311fb17ebd175f0a04654bca19473443f78b0e1033d992ca640744389ae4df24d155e8144619a

memory/6856-241-0x00000000009D0000-0x0000000000F5E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bb2cdf82802bf69b297c9fae3fa48e85
SHA1 f26dbf7984929197238377b2b3e37f974447448d
SHA256 29998264d3f24068d6705e32cb6306f042797a0025aaebda57b3c581a49be0c7
SHA512 00535865805747cb5fe10f4f67872b52e94fd0ce51937f94a7662254027919b13df4af538557116cd4a8002afbeb295c601a79d5e64c8d2d2de9cf377eba1db7

memory/1420-247-0x000000007F180000-0x000000007F551000-memory.dmp

memory/6856-242-0x00000000776D4000-0x00000000776D6000-memory.dmp

memory/6856-248-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 e9e365607374115b92e4abe4b9628101
SHA1 d5054ea9b22317dca83801eb3586017bfcc0e2a8
SHA256 5cd2c4d9f13524923046198c92213691539407e04fa520cdae9eade1bad3d91d
SHA512 a84d65ed53e43883e5ecb7848fbd48f5305a63e6975e6af480cf85532879720061106be54f2a5888ebc3569f7123081a0e6eb48ccb8d7dba3e1da1c8a3c50401

memory/6856-252-0x0000000004D30000-0x0000000004D31000-memory.dmp

memory/6856-253-0x00000000009D0000-0x0000000000F5E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe

MD5 c8445a38a03b043e732b04e86d745665
SHA1 1855c33a4854941576b8573383803e5a00cfeecc
SHA256 a2688bd7d84a1144536af54753e29f92c210e1c3e65d059d044684de343ae998
SHA512 c5468ceed4cc1f6eb5c5366b390b31000775a8eca5c0c543dd5fd69684b39ae185bdd0ac7102c2a8cd8868b821ebadda9c3c060e36b1c62ea813bb9a298a572c

memory/6856-266-0x0000000004D50000-0x0000000004D51000-memory.dmp

memory/6856-267-0x0000000004CE0000-0x0000000004CE1000-memory.dmp

memory/6856-275-0x0000000004D40000-0x0000000004D41000-memory.dmp

\??\pipe\crashpad_1616_VFFAXVSUTOSNVTIU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js

MD5 0cbceae9a528c8e54d0629f4ea13055f
SHA1 147e55335a00bd2e5e84a0cee58e644fc2576680
SHA256 007383a4e9c17af1b16b7de4483cbda8a08e0b38b3000d21bb01b51fa0d6a207
SHA512 631d8979c60b4a758d82afc91fd9960c73ed2d9e6f9dbc544942b7ce2a892b1c9399442557208b4899acfd49559972b1b414d619a40fbb903eaf3aab339af577

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 265db1c9337422f9af69ef2b4e1c7205
SHA1 3e38976bb5cf035c75c9bc185f72a80e70f41c2e
SHA256 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc
SHA512 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 9fc66e22f871f9d50fe085395090593e
SHA1 9b8e470ba95c3e859e3c182bc79111b5f2b97a1f
SHA256 80f8eff362716ddf94713e7761b5bdb2f6e5a7f414e36f15c6f497e90e2dc3dc
SHA512 2f0912f696bbc73dbe2128102cd1d3a56b9232fd37f74cacd248716f3f6316f4426856301667e1388af9b03e87d4672f71028534260820816008ec8961d480c7

C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe

MD5 8ec2a8366213164fcd0e41e9d00c29cd
SHA1 9d3f8a2d7d100433f88d61659c977eac49c876b5
SHA256 4b25d9df9f9ef4f0de7ac9cac4451d19b14a7784f0bf1bcec9a3e731a442a032
SHA512 520f26ac6f4b21c6a219e91abe94a639dd89767e78020aca52c0652cd8d706b6b594565818549322b87c34969884dbab8c989261ebf86f7060afe116c2a26a37

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4b8418a0818d596510a805c0a771c7df
SHA1 dd6444167697c5e4d249daa6cfeff81b7cb5060e
SHA256 900b425551113afd7642079209f46e573ef0c06ab59dd1d589e052863ea6632f
SHA512 2223cbe7c1ac54a31f879084433aec569b99b7b44670082fb021a93491b193035100cb4a28bcafbbfdaa1443187c13ae2a29896ba5173d60d7c7491d22b7c578

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 687ff3092330bacadc52091fd45c265c
SHA1 6206151b55d6a56ac2e31eef8eebddc410b36ccc
SHA256 c1eb0fbddcbc53bedab9edeb3a0d63955d5209734911fdb33b5e13498c08a5a9
SHA512 0a2175ede6f22d1f9205b0f6f9b6df87da5807ab9bedd56987e2a2ec3aa9e62b3027758836117ff09a51bab9839a6ae662fd651b1f8f3aa10b3c709d12b971fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9f66e6bf4c1fde0b69061ea48a641f1c
SHA1 8694e54a0be75062290e164666d56e3febf1f3f7
SHA256 9b9d887e0b62fc6b991cba09c1230a6112c6846807cfcbbda86eeacc1be90f6d
SHA512 8d5bbf6c44d5670adf9fe324a1be7fa9ba31558777275d517c00205873bc24fc9010c5af8ce762ee2238564992556faaddbe85d717f34dc20a36cf1c8ce65651

memory/8516-643-0x0000000073250000-0x0000000073A00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe

MD5 f01733b9b11312768665edbf39443ab8
SHA1 e5a878ef597e05287b651b9d0f1c983c761f5d1a
SHA256 a0617cdbc32c9068aa2d265a48323f403d7a273762e8da0fc1c79d2044f35744
SHA512 c869f7132ebb8d2384f6671876a1ea919f0b541dcbd77ab92d41f1785f1f8d1a70d5074a8e4b9629959d23db6385ca4f2abd92f6194de7c7751292f6c535302d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0c2c4d4f4359e572e4f6e2f348e9e5ce
SHA1 add5e0d9ee289438cde40b39212ed52691e7ea0c
SHA256 a54b33ef4d797bb662a0f22977949250ef033f034ed1acac49f31119706e9e32
SHA512 d83f779da902cb7dd70366116b7e2afb369de1f72a03646ced14994bed4d5fe349b6ac6014cb7e092e86c6e8bea918b696e4a357382d8f01e284d1c071eb9e62

memory/8516-695-0x0000000004C40000-0x0000000004C50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1b1b142e24215f033793d1311e24f6e6
SHA1 74e23cffbf03f3f0c430e6f4481e740c55a48587
SHA256 3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1
SHA512 a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 429c5368cac1585f084403d81df89015
SHA1 8ba41e1941d71e768343752e38e7b78f8e7f18a9
SHA256 74408d0eddb049c4c583e7fed6d45120fa25fc84c45c9383aa7e14e77e63f435
SHA512 eaa227d234e24229c4c93bf78930b9200db0b2803f3e571ba906816dbfb7a65c227d01c378c2e942e5278b4e9cfef01c170d7309abd470b35e0c1e298f6e34f0

memory/1280-605-0x0000000002B00000-0x0000000002B10000-memory.dmp

memory/8516-603-0x0000000000280000-0x00000000002DA000-memory.dmp

memory/9620-601-0x0000000000EA0000-0x0000000001380000-memory.dmp

memory/1280-590-0x0000000073250000-0x0000000073A00000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 765e861b23a27dcd906fa63b309eed77
SHA1 d7dd27f61b7a4d16322952837a60bdbb2343cef9
SHA256 5549717d63a8ceed73b4575ed7d59eb1ba76954135e3e007459034fbb52c5292
SHA512 ba99d89462f4131304bd3dcdb7cf8e851a855151deb4fe882e48b453937d86109b78c4b3ab93ab37c37fd4d5ce089e3ff2c00ab96ad65bdd96d2a295ec3dfb47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js

MD5 35ac7b0666b43acd17533e71d346653a
SHA1 f595978c3192e1c762e3af477f1f6907610fc551
SHA256 aa09313e35fff13b1ce257831331ba2113c65a081c48e74dcb4978a876257670
SHA512 482f934418038b916b62c21a3f1eaf6aec2ed974ed84983f39e4dc307ad44100764c102d31729bdb440fae8537597b07c237fcbc78295974479f2e3d76b22836

memory/1420-772-0x0000000000610000-0x000000000102B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 e010578c153ca8e73e0ac5c7242396ac
SHA1 22c26967aaf645c029c068a724ba5f08b2e6b347
SHA256 2579b31085f6d2f1fa61db73d9f387b2d5b17952323028fd048ff5bd71e96bb3
SHA512 5918c5faefb1d14663e55f0429d2d11adedb1445e409f01d587e08613b13961eb0b4cc7fb179bcb9ea7233e18c45f8d481a297573db0959f8bc818224c8cbf26

C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe

MD5 58524249c5f5dfd80f2c45eb9ff4bf8d
SHA1 ed88f5f41c55bbca3c606aa39c5c2bde9033bc56
SHA256 cb8be6821588264da1776d5c3667c5a930e40a700b9ae25ed37dc1a3f67e7fa4
SHA512 5c21f010c8440888a036388e26f36bda5364c6d46a8f81a1d0c6843e35b19c1f75b6d7ac55aa0732771908ce1556469ce1ef6698ee8e1ab1f2cfccadd301b1f8

memory/1668-859-0x0000000006510000-0x0000000006B28000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 2afdbe3b99a4736083066a13e4b5d11a
SHA1 4d4856cf02b3123ac16e63d4a448cdbcb1633546
SHA256 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee
SHA512 d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f

memory/9420-838-0x0000000004FF0000-0x0000000005042000-memory.dmp

memory/1668-822-0x0000000005540000-0x000000000554A000-memory.dmp

memory/8516-810-0x0000000002570000-0x0000000004570000-memory.dmp

memory/6856-947-0x00000000009D0000-0x0000000000F5E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 83da1995b96a328a4b48c3abbd8dd6a5
SHA1 0979e3feb13ecc5b5c4ec66051996033a4c3fd4d
SHA256 ad63aa4fc47952b01d585293005ba90ea0ae30d25a8ab5866ddddbcd28a1519a
SHA512 3fe0dbb5d592c1d71b59915cb019235e0c12cc8ce5c0c78fccfb1e9a892e02c4097ee231628b1e05b5055d313a3eea7f70604bbd5837f1b2c41f5f641271d9de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

memory/10368-1095-0x0000000000400000-0x0000000000442000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rty25.exe

MD5 4368ddcd80e9a18ab5571a081e72f0d9
SHA1 38e78ea560a1c65779f31027ef752801031e7bb5
SHA256 e2538e6a058a5bd1978adb5e4c1c20245d4016ec8de5a842a03b050df262f38c
SHA512 197e88b53140e8e2177a1ad489d34eb8a661b2f8e035539be47f992837b0d0f3eb2419159452b73cf9542115d12974ed40e00622c3934dc5a0af286796425b03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b818b73aca5e3d0ae760d73c93a26758
SHA1 cb691cf89a79ca20b03fc1eade79c3285b236b1c
SHA256 79516fc2296b313dffa11694e319f6b7c3809c41483c9073301b73610b435fba
SHA512 32bcc556ba36d86a09197226a56cab770d740488c50432a6e15428300d1c0019364cb9e78845ee892431e387d397a85c51be894f6e9cf67c07c5e5ac13d89966

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 2b02b1d46a29845b82e1902c7a98ffa4
SHA1 c52b1ab088c8de38754daac3bac7fde3ce7dd308
SHA256 2f5f653289527a60861c3f81544311a90e1578b2bce5cd2cf161af364d0954fc
SHA512 0f88e56d520cd13b29d12469ec3ff6f352139e42b49dc4cfe75e6f72ad43616329531e8082dec8bb0e4c9f3719af8c7c77718c0cb5fa4406992b8e4eae1c2d65

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe

MD5 192c2ccd064a1c74db17a251c2841cce
SHA1 417d5787efaa221f27b928227bdf6558657ab855
SHA256 8f68ff3f9bfefdab852bb4eb274a2c176cacdabcd1ca289c12ff37f55fa7d0b8
SHA512 b369dd401d34d0de5d02579f1bd047038da7dcd97f43fde96d003a22ca9852f859c8bf491bc5a3b081e32b3d2760214bb8141df1e532f18d42b31803a492974c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 3d517ae9713e5a87128ada8225dda336
SHA1 e9c891a7066705ec24d544b41a02d3105e14e0e6
SHA256 f25a716e4ff4353a4d505ae3ed2754f124c36ccece2e837286d067f8a70406be
SHA512 319003fb58b74b4da20f4ffbaf2460f6c25ca3563907a8add0ec57b63ed3afdec5387941693ebccb9f0d32187545377bb8d485c05619001e0432ebabb7e9e3be

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 3cdc91542aa602794469deedf298c789
SHA1 88e136efe467998d73bbaa2854ac2ac0210c4b97
SHA256 b4d1a78e5eee35d6baad9c71928eb147c52986211df6cfa143c541bbb6218c4e
SHA512 83888a98668c4a4b803ff245a2f4afee614cd5b784ebff8a693d3c2d6bdda2a2a20193c3a7f48daff7d845b5046223e45b1bc888f0d4a1a24e056cffec050d6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

memory/6856-1400-0x00000000009D0000-0x0000000000F5E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 1e9c2b20415332ccbfa0b040c631e10a
SHA1 7d4747294610674fdc2cf846096dbe38d3efb566
SHA256 df0fa79e63bda8994209c97a82c3205fe58d158ed43cea86f9fb857635ef9c59
SHA512 d6cb04cfd5061e02d7791e26cac7babff69580a6e8bae42854cb0c04fd72819a28396a2cb983173017db23206f63026966221bd9b6c36d76c8a4f536b05d32f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\27130428AA9673FE224F99BCAF97A6009AE4D837

MD5 ffdd25d2a241683ed87cf5b9098a7814
SHA1 61c43f3e7b08d4f8889d22713811197a661aa8d3
SHA256 3bf4903836446a2b3a5f4949851b2e39b32961a98e416d185feccf6504dc8f2a
SHA512 6a2b65909c5042604a38d0d6f29e17729bbfd87867aa54100281caaaf9da48cc824d7a7294a4bbd23eb4cc7c955c653fd2caf3fc3bc86f737be99254abb3829a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 3af0f3f6faf9b86676aee59b463f5db9
SHA1 176955541d509d8d069e41f14756f807b82ba31b
SHA256 3d9a9ac27ba9fe088b17f4760dc2884c2708211a23bbdb51e67525786710c77d
SHA512 9aac1c2609ee268d1c31cdf84e13e9341986ee9384de16413b5441df6479e9637141a144e3f486bbf18d7f5bbc2f242512d4ccb1996f579cd03ca89a85518f58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.linkedin.com\idb\301792106ttes.sqlite

MD5 e2c172f499dbac650955f3dc34717ebd
SHA1 a541a44812c8260183b729bb8173a515f977a5a6
SHA256 7cdc4bed933156490488e2ca2ea713862f49b66b4a6da1977214b08e66a2bcb8
SHA512 aecec37f57e2e31e275a689164db099505a3db39f1d801ac1fdb64110c2ff009accaf7dde46c520fd3d9ce0045ec6067545bd403f8f7bfe7001f541dd87fbe2c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\169D382E6ECEFB0B4DC415049A9EE59A0E33C50C

MD5 da5dc1d02c1d588895aeb42a30a76509
SHA1 81542d32e87c3c2ff58e21459afd9972a4ef2158
SHA256 7a74cc93f1ab0c37a51d8d9d57b6b459c1db138da713bb3a4826cb51cb749d4a
SHA512 95d38404190a863f3e9af0f92382a08e051908bdae7e4ca77d980d669d01c6cec9d9816839aee7d08ddbc8e7f2870e9cb9b86abc79bc049f8916e87ec8fc6f71

C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe

MD5 7a3e33624ef7d3acdc43f5123e93a47c
SHA1 2625eb7aaa116560997b4d54410902a818f40c5b
SHA256 d6fe6884a6bd7206d4677788e0b299ad225a3c42fcae65386a7a58a8ffdd5c1d
SHA512 93716e8485cd0df8259d5e10d25a67ba57e97238185270b0cde0e44b9a3aa818ecc433048952674fa42960352ead28c2659891883dbec41e7894d0c9d259d55d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\0206971B56AA72A685F9515133D05C879FC04909

MD5 09b3c3887fd85e88e9d368332660d882
SHA1 8a7cf2ac1be08de7fc48a2b257472af5a44b9fcb
SHA256 1521a693d75b7d910a80ae0eeb8dfea3d24cffda8fe4b09f510b109d6e04a457
SHA512 a3719ba2307a2e013e290ef66122c23bdb69a9e08a11c2f234951a4d208375b0d6d464c9a061eb05e68f4604bc439ab8447fae25a4786d5a5d17285fcf2ceb73

memory/1420-1459-0x0000000000610000-0x000000000102B000-memory.dmp

memory/10316-1543-0x0000000000400000-0x000000000048A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

memory/10316-1576-0x0000000000400000-0x000000000048A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5314dcd61103939f8b2cd3391f372cdd
SHA1 da0252c17cb0a304528b97333a82540d3a45a541
SHA256 0a1c7dc665b263b16781e2095c4afa6d13ef3d3eeabc13fc8d6b4de993e151f8
SHA512 a236e040bbf1f9c4a0aa567c3436e189676e0c0ff6bcddcc676bf382ca947bfe01d45bd904fb9c98a2f1dd89f23020460b475310e71d54347ae7e7d750ee1582

memory/1536-1692-0x0000000004F30000-0x00000000050D5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 03a6a060558ed4030aa232b7135b76d9
SHA1 d047026d303d7517194d1769a95bbef05e8f5c48
SHA256 25adc5de5800c8b09ac01dd5a965d381d2dc1847ff301aa00290f81d746dbf13
SHA512 2c488609f032044bd49978fb0c0f05c34d61a9a6f33ca0302d9a0c8df404b6c7a653fa02765ec3a193f1d6746df1efa3dde6879f0bc0c4879260bed567fc1219

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fbf24d7df053f0930f81ee7ae2ddecb3
SHA1 d77d80a158bab9f15fd40bd4277dc61a723ce412
SHA256 38d0fb01a3c600cf6b159b93b8cc5aff6a21180d33d0c3797b9b8beed5f8663a
SHA512 be043fbdbeb9a2937fb601924c082c5ba3110b3522a93fa27ce08d242bd88d6f7c81abe50998d41b0b0cb731e44cc2943e7c1db6f5012b640924848b22bee62c

memory/10280-1760-0x0000000000400000-0x0000000000478000-memory.dmp

memory/1536-1759-0x0000000004F30000-0x00000000050D5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 06967f647f3de50dbeef43b2918604ed
SHA1 bb3e5cc61b8593563b4f3b0ee70eb0ca20883cc0
SHA256 7bd377fbbd5e94c64c201423cf29ba12f35539a1dd000be6c5a9cb62b2077ad5
SHA512 e1d7d87b2ce5613006ed7ac1073cf165119f4b249d12ef04e5c1f9b1a8cf8c896f33823187606154f20c5d2b107d12fd35f4d830270561782f1bb0a25b439127

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe583767.TMP

MD5 0d6891e244f1f3d755d6c9d740675c8a
SHA1 5d5281ce907e6aff5e69d8efb5e655926a72a0bc
SHA256 b670e59f95432d1ea9fa0bfe2dfb0e5493a7983e3a93fd109262f91a9add5cca
SHA512 8dbc9f33d91756ab5e57bcf5df5405f5afaa55afa3616e07473ac137e53e8bef0842381423ebc0a9308be78438bba7c0c1b7c7cda68f01d13b2851a77ecffb86

C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe

MD5 f3a452901b7de386457d5f09d2dd5a4b
SHA1 b5c6460aff0723f3bf1a5088570fc2bc74f8acd5
SHA256 57dd4d3d67da701353fbd78cdda376e2dbbe680c46778605afa8db8c090f31cd
SHA512 e6005cb82fb176ae0738603ea66a2211736a9eea7916088dcaa1956dd47fbd4b667c1cd64984a6cd832a723220eda8225d36b7bbd5acf30a76092c62b700c0af

memory/6856-1791-0x00000000009D0000-0x0000000000F5E000-memory.dmp

memory/1536-1812-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1536-1888-0x0000000004F30000-0x00000000050D5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 14b060676a33c32f1321c2b0743782e8
SHA1 71f4b7db22890b1c392a572d9a9ef545e20f7d7b
SHA256 2ff55eb07e1eae2c2221871211a786e327c48eee94f4650f353d1413149cbb76
SHA512 6206d096b4838bb6d8b2725998df787ad8c6ccd181e06aca6171c158d8b382b3d9579aea06bd8b564765cad9e5a30ec6244e340012dc211a11766eea7237600f

memory/1536-1920-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1536-1927-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1420-1923-0x0000000000610000-0x000000000102B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe

MD5 a7a6cedc486c833ee4e5692b2a71df54
SHA1 30640072738d6cdf6ffa94a96d4bffe02dd6dc99
SHA256 e0d7f4ebaed84592e99e3545e24199be955c04372762e74027bd2e80a695ced5
SHA512 41aa0d9534e64a0f64998aabed9c2d028df5fc2d0cc1abd0b3e17c45c440c255c4fce5c15c83dc94b949f5e84159c0fc7e1fad77a7b99b6dfa019402df2e7f82

memory/1536-1969-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1536-1972-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1536-1995-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/10572-1991-0x0000000000750000-0x00000000007D9000-memory.dmp

memory/7860-2000-0x0000000140000000-0x0000000140848000-memory.dmp

memory/7860-1997-0x0000000140000000-0x0000000140848000-memory.dmp

memory/7860-1993-0x0000000140000000-0x0000000140848000-memory.dmp

memory/1536-1987-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1536-1974-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1536-1958-0x0000000004F30000-0x00000000050D5000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

MD5 a5ce3aba68bdb438e98b1d0c70a3d95c
SHA1 013f5aa9057bf0b3c0c24824de9d075434501354
SHA256 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a
SHA512 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79

C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe

MD5 53bde46c600286b424a9b8dfff5fc83f
SHA1 d1aa787275e5da9850ccbd7de5a02b43c879c50f
SHA256 b122a71ec2b0d0dd0fc3326567cb5e74a6b98b8736cca7186dc700a53f93bfb7
SHA512 222b6e4a471d67a35c0fed78a6fc86f75d17a26c1c959eec3f50410e60df885752e1f33397c5710f303f7a3589fa508ca0be58fa7a5fd3157b4aa25a23fbc0e2

C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe

MD5 54b24d158dc38220b2be92a883211ce3
SHA1 7d9501947544b1a39dee35f3d59a3b98894055c7
SHA256 9d8c1888d2e65df90ec0b856fbd30c9b7789209277994b8cdd764790511ac5a9
SHA512 3b867aac4de737f8547257bd491bb9fea4c37e2d9943e5ffcb3cc7ec088dfcd39c7cc7c3e8f2b7c00b08ca16efa86d2b5a69f925489ad2e004b2c558c761c767

memory/1536-1942-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/3512-1924-0x0000000003370000-0x00000000033CE000-memory.dmp

memory/1536-1861-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1536-1790-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1536-1765-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/1536-1736-0x0000000004F30000-0x00000000050D5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\u7xk.1.exe

MD5 1036f5df13b9807a53a109abd405952d
SHA1 d1d70097a10867378ecdf89c66fd032e8556c958
SHA256 e1b6fce84f76d2adca62cb6b890e6ee3672bce0a311700d98e215eb7718a8f29
SHA512 9489f719aa261986976b9de65873bfd1c501b458fa7f8c82fc3fbf4c0eaa9b6164ee01b587908aac71726bdb37e37947a78eb7c990e22a79da866200b5762841

memory/1536-1718-0x0000000004F30000-0x00000000050D5000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 eae2525bc30fa5a4e253f2a94553fda3
SHA1 a289173d5b1f2988a43683ff11d5bb1a952da7f6
SHA256 36a3ceaf7c80d066f443a18b70295ae2931dcd55f1a3f33981d396fcf4e5a3b4
SHA512 4566144f8f656bbe5b371add9da6efb2bc47e227065db7a7b67d341ce02cf0f4aad56c20ad26061f80684dc594d92f7e7a22f06f3b6f2979f197156c71d685f4

memory/8548-1679-0x0000000000400000-0x000000000044A000-memory.dmp

memory/1536-1674-0x0000000004F30000-0x00000000050D5000-memory.dmp

memory/3512-1668-0x0000000002B90000-0x0000000002BA6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 e404d7406b6b25ff193fc7269b92fd52
SHA1 6a02136cb3de07b970e1ba64df0b148f0df31dd6
SHA256 b40c483b6cdc7f83f646ebbf9ac45699285f8b68096f6451b99a9ea0a51ae59b
SHA512 046c1b06607619a7354391d9152d8a9b5ce990ee0b5e0587c088ea611856836d187ead6ff1289bbe663df191702e34bd7954194ce5950a6126b6f808bfd42bdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\doomed\2644

MD5 491879184a778369539820e8a33022a7
SHA1 a5a48e59f5b8504977d6eaf0dedabd5a68559c4c
SHA256 e2fc2f89f577060644b0df3cb5c115fd17b93cb0ac4d809490e393725b1e32c8
SHA512 a994cb56bf0c2c13ec133a9e63707b19c506325438753ce71f5b75d549f59ef63e5a539175c6114fa7db893a4c2517f51759fd9d726f2deecdde5a885415d045

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\D3886D483BFF9B004AA331EF257C3770172BC48A

MD5 bcccf3d606a780255203e990bb0275d6
SHA1 87697a52d97d7ba31d82e2868c28b5bcae6fb820
SHA256 1f123056056916a159992293bac806bcb5c7fdc4285a6b265a9ba1968cc45c73
SHA512 8bb91b954bc83c05ed6c5a622f7e6f2258d69ec1dbe95cc9faec34f8536b5b68c48f820b24f5f173a5058330b51dc6a0c17f8ab5ef2c6eac94c7ce63d2e1861f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\4FBF04A3C9F4324AFD2987052CBF8504453061F7

MD5 b7b209d3f0c8861b452f1dc3f58e1890
SHA1 23ed01a4daa628491b533b749d7c61f2618d99cd
SHA256 c2d8f1f681beceef4e75d7c48b1d121959bb2e196e36ba7792778e79c0dc9851
SHA512 5bb16b051338ef8c6b726106659e84e632fe15f4a35f827b933179d9efdacc99e9c4607837f67f7463afa9c1527d367b1018efd18718db70a48e7d524260de78

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

MD5 1185c6b3e8fe4c35911cf727078f59ec
SHA1 5d0027cec1aafc647197503a8ad459dfe776ec44
SHA256 7bbb24c3088c738404092656483effc5d434e030aa7e7cacb677267147733163
SHA512 00146cc7d6ef3308bde002bd5e1e82a81622d7acec910322f2274bce93297656f1ce4d489b3a1b3f951d23551dba4406c4cee575401c42d96eaec5819b8023db

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\24FCC1FE10B5907E89DD2B7D6CE6B2D40A935AAF

MD5 1cc34ff1d87b7d438689f8fd178dfe52
SHA1 7571362d13f64ec054f07ec3dd26d7c995fdc245
SHA256 631ea459540e6c81ca5a47386dc09601d71e5eee880a2156093d55ae91a69dde
SHA512 f6e14794815ac274fe3173a2f32fc223a706818471b012270d3eb7ae6e22bfe575f7fa3854522b49eefe6f8da77c86213f3cfaad6d2af7f000fbbed8740ffb41

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\A4EAA756C522664D9CEE8A7AEF94BA0D5D323F4A

MD5 7e9b70faa24f68062064defc28b16cf5
SHA1 cdc24ef963d58375603e21b3f2627f068aa49cdb
SHA256 6767a0246cc7e160f70ec75d08308b933868aac12c5a771fb11589e2ccf7cdb7
SHA512 9d66aef728c65f3bf7dd2c71e859d0d1b4d46be421489226873559bb3c87b1ec27056903e76482071590481c83a3bd5fc96f056cadce90b989c5dd1e4cce05e2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\B367EE5B548D0683FAB204AE7A360BBB1364F50D

MD5 618fa07e99121192bb38b93bf7660f0a
SHA1 deb08fced75893b657f84fed806f4ed4cafa092e
SHA256 dd7653fe720ec12a9ce5cdfad195016e23fb5d7e0aeaf4010a39532e3b1055fe
SHA512 90557008b6a026de4eb80f0b022b223df751ca883edb2e266716d64073c938e728ba1b342d11bccccc02c86f7872e04e819d6158617009a50deafb2a82bd8ced

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

MD5 8c20d9745afb54a1b59131314c15d61c
SHA1 1975f997e2db1e487c1caf570263a6a3ba135958
SHA256 a613b6598e0d4c2e52e6ff91538aca8d92c66ef7c13a9baadcba0039570a69d1
SHA512 580021850dfc90647854dd9f8124418abffbe261e3d7f2e1d355dd3a40f31be24f1b9df77ad52f7fa63503a5ee857e270c156e5575e3a32387335018296128d7

C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe

MD5 18d9a5482ff42810415072f95fe5fad5
SHA1 5526e1b76189f08fd279bfaaef076b3f7335e2b4
SHA256 bb626a8b614591272a2d60ff692d887298d08b39c50e34970c6ef3f386497c0d
SHA512 9161106cbdbe4f4932a0abfcb03ed6f3dda3ff72ff0e829c8de183cccdc9bde26a8b3362ae2aad41ee34e4030b09e4c11c1a3ada6702c7229028eaf26b1e2045

C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe

MD5 38a2f1b404d10f0ceb5b66de06296238
SHA1 0979e856ad064f6c3dfb3aa10eac8f0c7797047c
SHA256 e3498a4bffc7c02f7230dc54859d1e49c7b2099564aabdc60c8a0ff59ef40e56
SHA512 585e7db52461606f61fcc9e71e3169579689cb45b24703e295595243b887e7ded69cc0cd1c25c8148716056dc6a221d04cfa27ff4fc7b606fa6d73300c94ae08

memory/1420-1105-0x0000000000610000-0x000000000102B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7dc43188e3f2c66c556e24a622f5da4b
SHA1 c0d73e66616ffa24cba6a3957303dbf2d00b278f
SHA256 54287c4072972c41157822dbb9b0f584c73362d8258fe2acafdc5ff1150d04f8
SHA512 f53aa2d43e2640c0f3f3b64b61eed2688442cda1266031a4cc9220805cf1cc002d6ba2ca2cd83b0379c780fb30e347cc9537d63a59cb7f3dfbda6ab8265a95ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d2acb468f629db682f77269aae751c5c
SHA1 5c2144a35a7dc265f300a5b97acf1f89f4e3e973
SHA256 b7d5bdc93131bb51c931ea70013e559081802e96e3415cd523a7f4d5e9e7bc12
SHA512 c23fef319d9f3b0fd10205aed6f7b419820cce324a0741f6965b4e6f5b8da097e904ab48cdebdd3e3477b26137a1041386335eb5c959d5e2555f72ad3f6a4824

C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe

MD5 654abe1db0f972272b5b012914d9e5d6
SHA1 1ac7b42167369dcfa528837f13a2c80de7bcc161
SHA256 5f2bdf7f83ab075f7dafaf7493cbf4ab08d2e79b95cd3382621acfe73ba96094
SHA512 18823ab8a9a160ac169052ec210e6adb356190dc0644c8b5fd6f5ccbc8de2666c5e9d44ef90c954d5b6e948c81ef2666900c0fe40b7d5e4b644a39e8b93c1a12

memory/6856-1046-0x00000000009D0000-0x0000000000F5E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe

MD5 f733785f9d088490b784d4dc5584ebfb
SHA1 6c073d4208fee7cc88a235a3759b586889b91adf
SHA256 e7216d8b7084c0c36d90aefaf30bb7b6d10ae2ecae700889d459ed5ab1b26a59
SHA512 43589b18333b0edcd6e300577f86de685058df5533bcbfdd3e30497aa76176008125fbd28deecaca5e6132c42cc5c0a583c34497f40dbe4ea577333eaebab899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6b39023e9c3164add64f52e7cf2dd035
SHA1 62df9c1a92d29cf3163afd77ccb4db5f90777666
SHA256 acdf73844e128312a01602d2f3feef7db13507aa0d5dc345ca4aa7d4e61a76c5
SHA512 9bf0c5efd8ec44982977f0536b9a9eaee21edefa0eb2c81d5a0472ab499d1d8560a8d7e5651341814a17cc38a638d06b8d9e985e3eb469df79846c2ec2ded211

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e4fe9c40b3c92045a461fc5d505eba1b
SHA1 f39f8943f0965e336c69c96fab9eaabaa2baa9ce
SHA256 1a646397bb427cf167bb052326ab3410efc47b030d6be6d5f1aa355ff60934be
SHA512 fc37f77f7c6e3b2acf1786418b9c1af850236add0d2cf715202e8ed45ccd484a63b766a312fd7ce142e0b33f914f93164fc6006ac4ce04103f24646b66d61b6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57e222.TMP

MD5 1b7f0ce5c517b1cc169b3826461bb05e
SHA1 17241249db2d553e179a65d87f9ce7b5ecaeecdf
SHA256 dd32fa3f1a207234288f1c9cac314915ab5899a41bede25051591e3c9af6fcd3
SHA512 b82af67a867e9552c0177255260263743c9c8ef32c4b09ede79f79bdba3abb3b158717a3cd971f417dc3d998dbd1c618b8fb493d127d8634f2dc89ea271cb12b

memory/8516-801-0x0000000073250000-0x0000000073A00000-memory.dmp

memory/1668-800-0x0000000005480000-0x0000000005512000-memory.dmp

memory/9420-793-0x0000000002420000-0x0000000002474000-memory.dmp

memory/1668-773-0x0000000000400000-0x0000000000454000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 92fbdfccf6a63acef2743631d16652a7
SHA1 971968b1378dd89d59d7f84bf92f16fc68664506
SHA256 b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72
SHA512 b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117

C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll

MD5 e6eaaf14065f1ac77cd2a9f22148d422
SHA1 b3de8d96ad8e52240b1db738187e3f2aa9241564
SHA256 2438f4fbea174cd9152cdb4afa6b4c01d0b9b882f0d6384c23e223af632002f5
SHA512 88d7be2f13dd613d45cfa60e120131da66c22f14e6dc37e656413a71ad6c4070b34525c7615f733067aa45a77c500039b376abe1654b05ecb10d72d1d136e4bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0803d7199ccab22591b3e19c7654a8e5
SHA1 e84e3a8eb35653e5459a7f024e138a1a0bce8a43
SHA256 11ebb601cdd6616e3af741b4ea20a8ca24d408ed0512206f47b3e8843de31b49
SHA512 19cf11f42bb7dd517132ae031d56bfa7c956b2fbd856bca083a5eb80f36fab28dd46e33bb745af3990f1f3a6aea39f444053b5981de005737e4a0877ae3adc47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2eb45e9688b8e135e6e4c738cbe0ac53
SHA1 c95882325d1f2dceb92d6ff1b28066dc13b3f147
SHA256 79f2629b69a3fb95af067f90b43591be2413db1fba3036ea1a277b4aff87a1a5
SHA512 73cab41f77aac4b5698677106e27306c95245a55e025cf9beb0f267c2b4ecddb5d6cc498ee5edb2b2a80a0aa4dd6e7fdb3615ad150dd1e7f0a3354aa146050ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 12073af823007ae20c7b3a14b70da94e
SHA1 6f38b90eb5ecd0ce2f3ecdbe9f18d7412e5298ce
SHA256 d00f5c773ce637e3514f0c74ef1d1ff11a371cc5be323fbef17acd3835e3c6e6
SHA512 91df4bf86a99a79e9e60f2db6a1107af73fafa273c9910adca1e804f63ee81970f5683b460e85c56fbab8230cd8d44e55c294b2cdd17f5ec61a31e900c3b9c38

C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe

MD5 6e401ff8d2152ee1f93cdf7a48072207
SHA1 5b6945cde50036da4f96c3ad4d8151e4edfa0eb7
SHA256 f7c9102387ff2be3466578767db90e8208f9edbfbeb048d08b3aa47b042a05a8
SHA512 66ae5caabd19090229449dede7840770c6b3bf8a5d875fa75df3621119b3798a0a5b60e19c4bba9cfb8a39172bde6b5a45ec1d8cff865ca8a8f152f335c68b96

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\85c5e205-fc73-4b78-abca-a6cfeca1ab4e

MD5 2148b76bb3e35201ca6c12c7149c31d1
SHA1 4895c05cd6cb7144238fc087581883432c524403
SHA256 58ca73eb6e255ec67fa60dd8e6bed72642f2ae49379ac85e7059e6aab7425c87
SHA512 be159dc188812d5c54e932ff8f400c2223d51e346eda41af6ef787f7f9b0e93b4bf1ab3e45d8c9220af0e692b5955f1a48ec2b05748d75660b193bfbc115454e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\db\data.safe.bin

MD5 e87b484309866ee5a52c4776606af173
SHA1 fdb1759bfb55d1ee479afd9bc584db03b8fe4d18
SHA256 77906db1e42aa50b0e6de98fa229a8eb17f53a90c5a7c88709a1969bd36a256d
SHA512 910d215c7726b87faebd7ec6c5d17da09e631293667b9520592e60a56b4f3fe49609a3d8ba851684bcca332d3795251db8b77d013d6592d62b311a60858a3c0b

memory/6856-309-0x0000000004D70000-0x0000000004D72000-memory.dmp

memory/6856-301-0x0000000004C90000-0x0000000004C91000-memory.dmp

memory/1420-278-0x0000000000610000-0x000000000102B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe

MD5 d467222c3bd563cb72fa49302f80b079
SHA1 9335e2a36abb8309d8a2075faf78d66b968b2a91
SHA256 fedb08b3ec7034a15e9dee7ed4dec1a854fb78e74285e1ee05c90f9e9e4f8b3e
SHA512 484b6c427e28193ddb73dd7062e2bfbd132ddc72ce4811bfe08784669de30e4b92bc27140373f62a4ce651401000a3c505188620c43da410bf6b0799a0791fa7

memory/6856-272-0x0000000004D10000-0x0000000004D11000-memory.dmp

memory/6856-265-0x0000000004D00000-0x0000000004D01000-memory.dmp

memory/6856-255-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

memory/6856-249-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

memory/1420-239-0x0000000000610000-0x000000000102B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4da8a55423aeeb16444215d63280bd15
SHA1 aaba533f6aaf1f78fc3d84591b0f16ed8248b55e
SHA256 c4abacdd6ef905dca3ee7c70f3cfd4eccce9f2b01ca72c53ae26fe68f88a2706
SHA512 dda7b94e608777145b701246979ef40d7339f752e84facfc3a7b2ed233a2fab9aed0966be574bfc191451e958b8b67f7d544a1330a83b1c0e8a431952281f799

C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe

MD5 02515428ef6c93543dcc4cfc528acd37
SHA1 01f102981617fece98a5ada0fed4647f6a12971c
SHA256 45df693db85845b1c76dc4588868c47db54d0637db10d871b1e28efd75616b19
SHA512 dd10c48f4feb16ea9ef4bc61ca7228b516fb6ca09370ac79ed4a4dfd57842997c214dc1fa60f478727fa3f866fd8555476813df9be386f2056b99b675466528f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2dd4fdc9ff1afe4cd90f18685ebe66ba
SHA1 63e50c6cc927b3e41e307426518d4417f4d8fcd0
SHA256 3b00e83c7a4a0bc770361a453550c7e7a0212db0ade53f7dba5480bf2eb0258c
SHA512 7e6276c87bf691d6e38b46399a543fb836921b9fe7ece1a58a20ad4865870c1fe5019a4b85dc9ece15011949d74aa193bfcb0e525ca0de351bc0485344977823

memory/1280-151-0x0000000007A60000-0x0000000007A68000-memory.dmp

memory/1280-141-0x0000000007A90000-0x0000000007AAA000-memory.dmp

memory/1280-108-0x0000000007A30000-0x0000000007A44000-memory.dmp

memory/1280-106-0x0000000007A20000-0x0000000007A2E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 12f5ea17522d20f57cfc7ed287507d1c
SHA1 683a34647d67a7f0db4b48c8e5ab2bd96b1ae58b
SHA256 25fe9a74a26f05364d78e4fef7962b5509f562c825da977bf6ee46a31e2392cb
SHA512 6ba3e8a3b7eb2fbd8edf13571a7a430b334dc86527eb4368ba3b8c2e7bcd24073cca99677ddffa633643046536bf7c7516076a9018f7b3c7c63a9f2a26de67c1

memory/1280-83-0x00000000079F0000-0x0000000007A01000-memory.dmp

memory/1280-68-0x0000000007670000-0x000000000768E000-memory.dmp

memory/1280-58-0x000000006FAE0000-0x000000006FB2C000-memory.dmp

C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll

MD5 a81a828672216bb4f6cb751c95bfb419
SHA1 01e7825088b8d050fdaee4af872994d168fd617b
SHA256 c499ed930172b8815ffb19599c8f8c39692f49d1917c140332e10a2476455820
SHA512 5ef0f139858f0ba5f1183f626b0e4dca4e2a5e9cabb576cc58b841160640c6ffb663fe9ddb5f4a233f98749b79738c18030af65b53a572929a3017e58af111de

memory/1280-57-0x0000000007690000-0x00000000076C2000-memory.dmp

memory/1280-56-0x000000007FD30000-0x000000007FD40000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 e12c52fc76bd431e3e83819a875d1ffe
SHA1 93309b9c1684bb34257baf50ce7e6be17dbf2ba1
SHA256 4d5f07a0a526b93db790794ad8e1ad4e95bb1ee6c2d068efa10af98872727496
SHA512 97ef20dded83b64d0dbbd9f3dff8dab9110de5f3ff6a09216c18a7fd32ed10756de1f44076c0ea30aaa7379850e86699f60b08b075d290211339c9c0c22736f1

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b