Analysis Overview
SHA256
d437d473d31d266737ef5c7240cc94e3df6d71defde59fd3262d06722de55c84
Threat Level: Known bad
The file 05aef2221ea6cc47def254618a61d437.bin was found to be: Known bad.
Malicious Activity Summary
Detect ZGRat V1
RedLine payload
SmokeLoader
RedLine
Amadey
RisePro
ZGRat
Creates new service(s)
Stops running service(s)
Downloads MZ/PE file
UPX packed file
.NET Reactor proctector
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Launches sc.exe
Drops file in Windows directory
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Creates scheduled task(s)
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-06 01:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-06 01:00
Reported
2024-02-06 01:03
Platform
win7-20231215-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Amadey
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorgu.job | C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe | N/A |
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe
"C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe"
Network
Files
memory/624-0-0x0000000001000000-0x0000000001A1B000-memory.dmp
memory/624-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
memory/624-2-0x0000000077130000-0x0000000077131000-memory.dmp
memory/624-4-0x0000000000D00000-0x0000000000D01000-memory.dmp
memory/624-8-0x0000000001000000-0x0000000001A1B000-memory.dmp
memory/624-9-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-06 01:00
Reported
2024-02-06 01:03
Platform
win10v2004-20231222-en
Max time kernel
1s
Max time network
150s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
ZGRat
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorgu.job | C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe
"C:\Users\Admin\AppData\Local\Temp\9da4c067d4be2414c6dd9a7dc7ee89faa4ad19b474b55e73605c707405a71339.exe"
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1"
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
"C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.3.1117242860\160585025" -childID 2 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd5af992-0353-4e9d-89e0-b118a9b255e3} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 3784 2d90745d958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1896,i,13973590826635939218,3306650475486823200,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1896,i,13973590826635939218,3306650475486823200,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4624 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.4.586954681\186170950" -childID 3 -isForBrowser -prefsHandle 4300 -prefMapHandle 4640 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {633202c1-b824-4e41-83b9-81bb2b036468} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 4752 2d907468158 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4636 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4988 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.linkedin.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3836 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe
"C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1984,i,12473809990671549228,2425935381141632353,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1984,i,12473809990671549228,2425935381141632353,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5344 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.linkedin.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe
"C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.7.1509189032\331175334" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5588 -prefsLen 26206 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e33fc74c-e50c-426e-84b9-b50e77368faa} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 5604 2d90742e458 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe
"C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe
"C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7384 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.8.1691611412\611410421" -childID 7 -isForBrowser -prefsHandle 5856 -prefMapHandle 5860 -prefsLen 26490 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c410899-20d8-4970-85bf-b2d8f03d9992} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 5868 2d919cf8a58 tab
C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "ACULXOBT"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe"
C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe
"C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.9.1773139626\1344457787" -childID 8 -isForBrowser -prefsHandle 6044 -prefMapHandle 5876 -prefsLen 27337 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70800333-4929-433c-9fa1-1340b8128d0e} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 6172 2d91ac63a58 tab
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe
"C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "ACULXOBT" binpath= "C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe" start= "auto"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1720 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\u7xk.1.exe
"C:\Users\Admin\AppData\Local\Temp\u7xk.1.exe"
C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe
"C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "ACULXOBT"
C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe
C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 10316 -ip 10316
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10316 -ip 10316
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 1176
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 1224
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe
"C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe"
C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe
C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 10572 -ip 10572
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 10572 -ip 10572
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 1088
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 336
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6632 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\u7xk.0.exe
"C:\Users\Admin\AppData\Local\Temp\u7xk.0.exe"
C:\Users\Admin\AppData\Local\Temp\rty25.exe
"C:\Users\Admin\AppData\Local\Temp\rty25.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5852 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8820 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x494
C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
"C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\168293393341_Desktop.zip' -CompressionLevel Optimal
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\8DF3.exe
C:\Users\Admin\AppData\Local\Temp\8DF3.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4928 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5320 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.6.1543322583\291857977" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8c240e5-aa58-46c0-b28f-6a44ee499e29} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 5224 2d918ceb258 tab
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6132 -ip 6132
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 352
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe
"C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.5.508278504\1347918097" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4888 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e6f2769-8941-4912-af42-e35b6fdf6b99} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 4776 2d91947c858 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1784,i,17781962333011325246,12341143174394173020,131072 /prefetch:8
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1784,i,17781962333011325246,12341143174394173020,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1900,i,15253746473774563221,10544703459943465582,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe
"C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.2.1230019342\911170048" -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3040 -prefsLen 21525 -prefMapSize 233414 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32d0864a-9413-4b95-b616-15c0df50e94f} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 3120 2d913762858 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.1.844085204\981196768" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 21487 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aa74f0c-a5fd-4724-a02c-df066a7bff04} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 2360 2d912f30158 socket
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
"C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5260.0.492972789\1526157839" -parentBuildID 20221007134813 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0847328c-41d2-4397-bffd-b048167418e3} 5260 "\\.\pipe\gecko-crash-server-pipe.5260" 1888 2d9137d7758 gpu
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6144924718442087704,12299002801638321534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1463021959927124328,8634639345586080321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdd8f9758,0x7fffdd8f9768,0x7fffdd8f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14949324305986686653,15768167953382488290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14949324305986686653,15768167953382488290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15840944613037408908,896488217382210014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffdf1c46f8,0x7fffdf1c4708,0x7fffdf1c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\168293393341_Desktop.zip' -CompressionLevel Optimal
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1672 -ip 1672
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 2372
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| US | 8.8.8.8:53 | 32.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.132.233.193.in-addr.arpa | udp |
| US | 13.107.42.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 13.107.42.16:443 | tcp | |
| GB | 163.70.147.35:443 | tcp | |
| NL | 142.250.27.84:443 | tcp | |
| GB | 142.250.178.14:443 | udp | |
| NL | 142.250.27.84:443 | udp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.3:443 | udp | |
| GB | 142.250.180.3:443 | udp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 34.120.158.37:443 | tcp | |
| GB | 216.58.212.227:443 | udp | |
| US | 34.160.144.191:443 | tcp | |
| GB | 142.250.178.14:443 | udp | |
| DE | 185.172.128.19:80 | tcp | |
| NL | 142.250.27.84:443 | udp | |
| GB | 216.58.212.227:443 | tcp | |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 173.194.24.40:443 | tcp | |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| GB | 163.70.147.35:443 | fbcdn.net | udp |
| GB | 163.70.147.23:443 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| US | 173.194.24.40:443 | tcp | |
| US | 173.194.24.40:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | ponf.linkedin.com | udp |
| US | 8.8.8.8:53 | ponf.linkedin.com | udp |
| US | 8.8.8.8:53 | ponf.linkedin.com | udp |
| US | 144.2.9.1:443 | ponf.linkedin.com | tcp |
| RU | 185.215.113.32:80 | tcp | |
| US | 173.194.24.40:443 | tcp | |
| GB | 142.250.180.3:443 | udp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 8.8.8.8:53 | 40.24.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.9.2.144.in-addr.arpa | udp |
| GB | 88.221.134.155:80 | tcp | |
| US | 13.107.42.14:443 | tcp | |
| FI | 109.107.182.3:80 | tcp | |
| CH | 74.125.173.169:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.3:443 | udp | |
| GB | 216.58.212.227:443 | udp | |
| GB | 163.70.147.23:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.144.127:19302 | udp | |
| GB | 142.250.144.127:19302 | udp | |
| GB | 216.58.212.214:443 | udp | |
| NL | 45.15.156.209:40481 | tcp | |
| US | 20.242.39.171:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| NL | 142.250.27.84:443 | tcp | |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 163.70.147.35:443 | fbcdn.net | tcp |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| US | 13.107.42.14:443 | tcp | |
| GB | 216.58.212.214:443 | tcp | |
| GB | 142.250.180.10:443 | tcp | |
| GB | 216.58.204.67:443 | tcp | |
| DE | 185.172.128.109:80 | tcp | |
| GB | 216.58.212.227:443 | udp | |
| GB | 142.250.180.3:443 | udp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | udp | |
| HK | 154.92.15.189:443 | tcp | |
| US | 172.67.152.52:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| DE | 185.172.128.79:80 | tcp | |
| DE | 20.79.30.95:33223 | tcp | |
| RU | 5.42.65.31:48396 | tcp | |
| US | 172.67.152.52:443 | tcp | |
| DE | 185.225.200.120:15666 | tcp | |
| US | 172.67.213.168:443 | tcp | |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | 31.65.42.5.in-addr.arpa | udp |
| NL | 94.156.67.230:13781 | tcp | |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | 182.126.12.185.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | tcp | |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| GB | 163.70.147.35:443 | fbcdn.net | tcp |
| GB | 172.217.169.74:443 | tcp | |
| US | 13.107.42.14:443 | tcp | |
| DE | 95.179.241.203:80 | tcp | |
| NL | 94.156.67.230:13781 | tcp | |
| NL | 94.156.67.230:13781 | tcp | |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
Files
memory/1652-0-0x0000000000CC0000-0x00000000016DB000-memory.dmp
memory/1652-1-0x000000007EDF0000-0x000000007F1C1000-memory.dmp
memory/1652-2-0x00000000776D2000-0x00000000776D3000-memory.dmp
memory/1652-7-0x0000000000CC0000-0x00000000016DB000-memory.dmp
memory/1652-8-0x000000007EDF0000-0x000000007F1C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | ec587dd5f8265242b825f850d144f0e6 |
| SHA1 | 1ddb3e2e26af865b17fd70da9e503df721e692d7 |
| SHA256 | da3b421aa1989d94d0b7482ffb6d3c034b922248e05983619197d223b206b42f |
| SHA512 | 21fed4eac5805223038ef41d976e69889a55e98466818b010cd5f79dd6df04080c756800fe04a0cd8b851c6bab65ab741887cb0baee62ff695eb4bf1b219c589 |
memory/1420-11-0x0000000000610000-0x000000000102B000-memory.dmp
memory/1420-12-0x000000007F180000-0x000000007F551000-memory.dmp
memory/1420-13-0x00000000776D2000-0x00000000776D3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | 1ebf0c1cc5a1999da0d0cfcda6bcb021 |
| SHA1 | 08802f77c197721569b8d6dcaaab4fc82df1c2e8 |
| SHA256 | dbde513996ac5ef0df5f3dc6c7a4ce7b885373162f86db83d667b20bff086a50 |
| SHA512 | b5f83400a9a5fd80a6e2ce29052ebd5bafd44e42633ffa51140b60be26190fafeb2ba7c72a77ca2b4b3ebc4619321cc1d2a583d56d83c831d0398fad0c22a654 |
C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1
| MD5 | d769ca0816a72bacb8b3205b4c652b4b |
| SHA1 | 4072df351635eb621feb19cc0f47f2953d761c59 |
| SHA256 | f4cc3a4606856fd811ecbcdf3fc89fa6418a1b3c8f56ca7ff5717713e8f806a2 |
| SHA512 | cf13fd667e71707d63d394391b508f5a1ee5ffa7ac27fe35906e15059e9fccc8ad61e91ce3ffd537e8daa0f6306d130997e9b448a4466407fa0c894917850b64 |
memory/1280-23-0x0000000073250000-0x0000000073A00000-memory.dmp
memory/1280-25-0x0000000002B00000-0x0000000002B10000-memory.dmp
memory/1280-26-0x0000000005560000-0x0000000005B88000-memory.dmp
memory/1280-24-0x0000000002B00000-0x0000000002B10000-memory.dmp
memory/1280-28-0x0000000005C80000-0x0000000005CE6000-memory.dmp
memory/1280-34-0x0000000005CF0000-0x0000000005D56000-memory.dmp
memory/1280-39-0x0000000005E60000-0x00000000061B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_io2zmw0c.4w1.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1280-27-0x00000000054B0000-0x00000000054D2000-memory.dmp
memory/1280-40-0x0000000006350000-0x000000000636E000-memory.dmp
memory/1280-41-0x0000000006400000-0x000000000644C000-memory.dmp
memory/1280-22-0x0000000002A50000-0x0000000002A86000-memory.dmp
memory/1280-45-0x0000000007540000-0x0000000007562000-memory.dmp
memory/1280-44-0x0000000006870000-0x000000000688A000-memory.dmp
memory/1280-46-0x0000000007B20000-0x00000000080C4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | 9c9fc434de16897bda59837a70e8013a |
| SHA1 | 304c240c0fc9df3b1e63dcaa6e63b241f28758b1 |
| SHA256 | c4d7d159db777fe91f8cf11100e7be00f50b749e22b6ea5b2d85efbca35da365 |
| SHA512 | 85c29c495a306d020bac3223b8c849a2a508ebe211dbe2f03341a47be020c6c47cdf2656e5159ca8c56b5795eacd87d0b577936343a29a780460945141234472 |
memory/1280-43-0x00000000068E0000-0x0000000006976000-memory.dmp
memory/1280-69-0x0000000002B00000-0x0000000002B10000-memory.dmp
memory/1280-70-0x00000000076D0000-0x0000000007773000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | 40e2b17dd5a60e51c80f5ea3995f82b2 |
| SHA1 | e11e3c44d232c0d49c8d7b743d1f2ca73d7c0817 |
| SHA256 | 791b730f0fe20018eff42e243bc2e961d82c4cb20d633efa92c5d91c1ee71237 |
| SHA512 | 78253ac30ce70b188cc401583b8197f96fadff16c5237b96207199aaf502659da6ea42074bcb9186fb15f039d6a336bb642d828e69464c5cb1248321f55d2e02 |
memory/1280-81-0x0000000008750000-0x0000000008DCA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | ec9857112b0f18c0e3aa2f5ee2af4205 |
| SHA1 | 9fb9bdd3bc09313c5776225974b2e9387bd6b5b1 |
| SHA256 | 5a0b015ea6abb0845b510beb4c1df893e0f700160667fca1d08bfe3da3883836 |
| SHA512 | 467c90482486f4e9378fef80ded947e8acd308df81d81ad53f7bcbdabcc961c0eab7cd46bdd353d64ed827241361f90263ce6d5a5440795c3689c0439112f1b5 |
memory/1280-82-0x0000000007890000-0x000000000789A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e71d66ce903fcba6050e4b99b624fa7 |
| SHA1 | 139d274762405b422eab698da8cc85f405922de5 |
| SHA256 | 53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3 |
| SHA512 | 17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 16b7586b9eba5296ea04b791fc3d675e |
| SHA1 | 8890767dd7eb4d1beab829324ba8b9599051f0b0 |
| SHA256 | 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680 |
| SHA512 | 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3df3163f5ea67ed4b2ddace7565c03cc |
| SHA1 | 08422b60d455162bcef1f7219a6ee74a9c594ccf |
| SHA256 | 1be3dc01f2dcbaef2e2ec057ff87732dc55758276f8e74162851eae69eee1aa8 |
| SHA512 | eb931bd525d9c7b383141066de0b02d6683653b85e97c6bee835c8ebc5505ea79bbec56f4a18df6c17c2fffcf75f3a50a4b963ca4eb87a4d6fb163edfadcb744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 759c24e81f559828bee794349c23341b |
| SHA1 | 8a546155b14aeda515f8d2d57d090e0f2112af7a |
| SHA256 | 1e7de381473ab78f8bf6b2afce0827bb66b1a737ce68b177ff7002a825bb29c1 |
| SHA512 | 128a1bc58fffadd8d764bf2ec2f23cb4a3fe9aa3aa0e0dec94c75ef0ff98d6b2e7946aecabd5704d9920921ab39c1e12075ae8e7f22439dbac271dd131ae2a38 |
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | 382773d80bed8c745c92be22975c0ef3 |
| SHA1 | 53110ba716197e2197a9c005e78f2e02cf162911 |
| SHA256 | 6a4d510bf57132248221d15a162d9e11e742dc381b6219f9802a881dcb877430 |
| SHA512 | e195e5cff19baaf83d5da7232d78f049faa54d18af7a389612866465142577212e4afed554b3592b8e9dae2f8001db0de1b61377bfd75e7810f7a61dd00b5ea1 |
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | 115a0883f5b107eb3d9363b849e9e2ab |
| SHA1 | 755e34e4e4cc2ec31e880369f5909682e9921a3b |
| SHA256 | 93a06b07e11821930c5682ea8deeda855594f964cd5ef9ae6261c6414dd68bdb |
| SHA512 | f427b6014c085d867847a5023670af938d1ded87c3e4a41b00e311fb17ebd175f0a04654bca19473443f78b0e1033d992ca640744389ae4df24d155e8144619a |
memory/6856-241-0x00000000009D0000-0x0000000000F5E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | bb2cdf82802bf69b297c9fae3fa48e85 |
| SHA1 | f26dbf7984929197238377b2b3e37f974447448d |
| SHA256 | 29998264d3f24068d6705e32cb6306f042797a0025aaebda57b3c581a49be0c7 |
| SHA512 | 00535865805747cb5fe10f4f67872b52e94fd0ce51937f94a7662254027919b13df4af538557116cd4a8002afbeb295c601a79d5e64c8d2d2de9cf377eba1db7 |
memory/1420-247-0x000000007F180000-0x000000007F551000-memory.dmp
memory/6856-242-0x00000000776D4000-0x00000000776D6000-memory.dmp
memory/6856-248-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | e9e365607374115b92e4abe4b9628101 |
| SHA1 | d5054ea9b22317dca83801eb3586017bfcc0e2a8 |
| SHA256 | 5cd2c4d9f13524923046198c92213691539407e04fa520cdae9eade1bad3d91d |
| SHA512 | a84d65ed53e43883e5ecb7848fbd48f5305a63e6975e6af480cf85532879720061106be54f2a5888ebc3569f7123081a0e6eb48ccb8d7dba3e1da1c8a3c50401 |
memory/6856-252-0x0000000004D30000-0x0000000004D31000-memory.dmp
memory/6856-253-0x00000000009D0000-0x0000000000F5E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe
| MD5 | c8445a38a03b043e732b04e86d745665 |
| SHA1 | 1855c33a4854941576b8573383803e5a00cfeecc |
| SHA256 | a2688bd7d84a1144536af54753e29f92c210e1c3e65d059d044684de343ae998 |
| SHA512 | c5468ceed4cc1f6eb5c5366b390b31000775a8eca5c0c543dd5fd69684b39ae185bdd0ac7102c2a8cd8868b821ebadda9c3c060e36b1c62ea813bb9a298a572c |
memory/6856-266-0x0000000004D50000-0x0000000004D51000-memory.dmp
memory/6856-267-0x0000000004CE0000-0x0000000004CE1000-memory.dmp
memory/6856-275-0x0000000004D40000-0x0000000004D41000-memory.dmp
\??\pipe\crashpad_1616_VFFAXVSUTOSNVTIU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js
| MD5 | 0cbceae9a528c8e54d0629f4ea13055f |
| SHA1 | 147e55335a00bd2e5e84a0cee58e644fc2576680 |
| SHA256 | 007383a4e9c17af1b16b7de4483cbda8a08e0b38b3000d21bb01b51fa0d6a207 |
| SHA512 | 631d8979c60b4a758d82afc91fd9960c73ed2d9e6f9dbc544942b7ce2a892b1c9399442557208b4899acfd49559972b1b414d619a40fbb903eaf3aab339af577 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 265db1c9337422f9af69ef2b4e1c7205 |
| SHA1 | 3e38976bb5cf035c75c9bc185f72a80e70f41c2e |
| SHA256 | 7ca5a3ccc077698ca62ac8157676814b3d8e93586364d0318987e37b4f8590bc |
| SHA512 | 3cc9b76d8d4b6edb4c41677be3483ac37785f3bbfea4489f3855433ebf84ea25fc48efee9b74cab268dc9cb7fb4789a81c94e75c7bf723721de28aef53d8b529 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js
| MD5 | 9fc66e22f871f9d50fe085395090593e |
| SHA1 | 9b8e470ba95c3e859e3c182bc79111b5f2b97a1f |
| SHA256 | 80f8eff362716ddf94713e7761b5bdb2f6e5a7f414e36f15c6f497e90e2dc3dc |
| SHA512 | 2f0912f696bbc73dbe2128102cd1d3a56b9232fd37f74cacd248716f3f6316f4426856301667e1388af9b03e87d4672f71028534260820816008ec8961d480c7 |
C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe
| MD5 | 8ec2a8366213164fcd0e41e9d00c29cd |
| SHA1 | 9d3f8a2d7d100433f88d61659c977eac49c876b5 |
| SHA256 | 4b25d9df9f9ef4f0de7ac9cac4451d19b14a7784f0bf1bcec9a3e731a442a032 |
| SHA512 | 520f26ac6f4b21c6a219e91abe94a639dd89767e78020aca52c0652cd8d706b6b594565818549322b87c34969884dbab8c989261ebf86f7060afe116c2a26a37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4b8418a0818d596510a805c0a771c7df |
| SHA1 | dd6444167697c5e4d249daa6cfeff81b7cb5060e |
| SHA256 | 900b425551113afd7642079209f46e573ef0c06ab59dd1d589e052863ea6632f |
| SHA512 | 2223cbe7c1ac54a31f879084433aec569b99b7b44670082fb021a93491b193035100cb4a28bcafbbfdaa1443187c13ae2a29896ba5173d60d7c7491d22b7c578 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 687ff3092330bacadc52091fd45c265c |
| SHA1 | 6206151b55d6a56ac2e31eef8eebddc410b36ccc |
| SHA256 | c1eb0fbddcbc53bedab9edeb3a0d63955d5209734911fdb33b5e13498c08a5a9 |
| SHA512 | 0a2175ede6f22d1f9205b0f6f9b6df87da5807ab9bedd56987e2a2ec3aa9e62b3027758836117ff09a51bab9839a6ae662fd651b1f8f3aa10b3c709d12b971fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9f66e6bf4c1fde0b69061ea48a641f1c |
| SHA1 | 8694e54a0be75062290e164666d56e3febf1f3f7 |
| SHA256 | 9b9d887e0b62fc6b991cba09c1230a6112c6846807cfcbbda86eeacc1be90f6d |
| SHA512 | 8d5bbf6c44d5670adf9fe324a1be7fa9ba31558777275d517c00205873bc24fc9010c5af8ce762ee2238564992556faaddbe85d717f34dc20a36cf1c8ce65651 |
memory/8516-643-0x0000000073250000-0x0000000073A00000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe
| MD5 | f01733b9b11312768665edbf39443ab8 |
| SHA1 | e5a878ef597e05287b651b9d0f1c983c761f5d1a |
| SHA256 | a0617cdbc32c9068aa2d265a48323f403d7a273762e8da0fc1c79d2044f35744 |
| SHA512 | c869f7132ebb8d2384f6671876a1ea919f0b541dcbd77ab92d41f1785f1f8d1a70d5074a8e4b9629959d23db6385ca4f2abd92f6194de7c7751292f6c535302d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0c2c4d4f4359e572e4f6e2f348e9e5ce |
| SHA1 | add5e0d9ee289438cde40b39212ed52691e7ea0c |
| SHA256 | a54b33ef4d797bb662a0f22977949250ef033f034ed1acac49f31119706e9e32 |
| SHA512 | d83f779da902cb7dd70366116b7e2afb369de1f72a03646ced14994bed4d5fe349b6ac6014cb7e092e86c6e8bea918b696e4a357382d8f01e284d1c071eb9e62 |
memory/8516-695-0x0000000004C40000-0x0000000004C50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1b1b142e24215f033793d1311e24f6e6 |
| SHA1 | 74e23cffbf03f3f0c430e6f4481e740c55a48587 |
| SHA256 | 3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1 |
| SHA512 | a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 429c5368cac1585f084403d81df89015 |
| SHA1 | 8ba41e1941d71e768343752e38e7b78f8e7f18a9 |
| SHA256 | 74408d0eddb049c4c583e7fed6d45120fa25fc84c45c9383aa7e14e77e63f435 |
| SHA512 | eaa227d234e24229c4c93bf78930b9200db0b2803f3e571ba906816dbfb7a65c227d01c378c2e942e5278b4e9cfef01c170d7309abd470b35e0c1e298f6e34f0 |
memory/1280-605-0x0000000002B00000-0x0000000002B10000-memory.dmp
memory/8516-603-0x0000000000280000-0x00000000002DA000-memory.dmp
memory/9620-601-0x0000000000EA0000-0x0000000001380000-memory.dmp
memory/1280-590-0x0000000073250000-0x0000000073A00000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 765e861b23a27dcd906fa63b309eed77 |
| SHA1 | d7dd27f61b7a4d16322952837a60bdbb2343cef9 |
| SHA256 | 5549717d63a8ceed73b4575ed7d59eb1ba76954135e3e007459034fbb52c5292 |
| SHA512 | ba99d89462f4131304bd3dcdb7cf8e851a855151deb4fe882e48b453937d86109b78c4b3ab93ab37c37fd4d5ce089e3ff2c00ab96ad65bdd96d2a295ec3dfb47 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js
| MD5 | 35ac7b0666b43acd17533e71d346653a |
| SHA1 | f595978c3192e1c762e3af477f1f6907610fc551 |
| SHA256 | aa09313e35fff13b1ce257831331ba2113c65a081c48e74dcb4978a876257670 |
| SHA512 | 482f934418038b916b62c21a3f1eaf6aec2ed974ed84983f39e4dc307ad44100764c102d31729bdb440fae8537597b07c237fcbc78295974479f2e3d76b22836 |
memory/1420-772-0x0000000000610000-0x000000000102B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js
| MD5 | e010578c153ca8e73e0ac5c7242396ac |
| SHA1 | 22c26967aaf645c029c068a724ba5f08b2e6b347 |
| SHA256 | 2579b31085f6d2f1fa61db73d9f387b2d5b17952323028fd048ff5bd71e96bb3 |
| SHA512 | 5918c5faefb1d14663e55f0429d2d11adedb1445e409f01d587e08613b13961eb0b4cc7fb179bcb9ea7233e18c45f8d481a297573db0959f8bc818224c8cbf26 |
C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe
| MD5 | 58524249c5f5dfd80f2c45eb9ff4bf8d |
| SHA1 | ed88f5f41c55bbca3c606aa39c5c2bde9033bc56 |
| SHA256 | cb8be6821588264da1776d5c3667c5a930e40a700b9ae25ed37dc1a3f67e7fa4 |
| SHA512 | 5c21f010c8440888a036388e26f36bda5364c6d46a8f81a1d0c6843e35b19c1f75b6d7ac55aa0732771908ce1556469ce1ef6698ee8e1ab1f2cfccadd301b1f8 |
memory/1668-859-0x0000000006510000-0x0000000006B28000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 2afdbe3b99a4736083066a13e4b5d11a |
| SHA1 | 4d4856cf02b3123ac16e63d4a448cdbcb1633546 |
| SHA256 | 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee |
| SHA512 | d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f |
memory/9420-838-0x0000000004FF0000-0x0000000005042000-memory.dmp
memory/1668-822-0x0000000005540000-0x000000000554A000-memory.dmp
memory/8516-810-0x0000000002570000-0x0000000004570000-memory.dmp
memory/6856-947-0x00000000009D0000-0x0000000000F5E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 83da1995b96a328a4b48c3abbd8dd6a5 |
| SHA1 | 0979e3feb13ecc5b5c4ec66051996033a4c3fd4d |
| SHA256 | ad63aa4fc47952b01d585293005ba90ea0ae30d25a8ab5866ddddbcd28a1519a |
| SHA512 | 3fe0dbb5d592c1d71b59915cb019235e0c12cc8ce5c0c78fccfb1e9a892e02c4097ee231628b1e05b5055d313a3eea7f70604bbd5837f1b2c41f5f641271d9de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | b63bcace3731e74f6c45002db72b2683 |
| SHA1 | 99898168473775a18170adad4d313082da090976 |
| SHA256 | ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085 |
| SHA512 | d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | c1164ab65ff7e42adb16975e59216b06 |
| SHA1 | ac7204effb50d0b350b1e362778460515f113ecc |
| SHA256 | d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb |
| SHA512 | 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509 |
memory/10368-1095-0x0000000000400000-0x0000000000442000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rty25.exe
| MD5 | 4368ddcd80e9a18ab5571a081e72f0d9 |
| SHA1 | 38e78ea560a1c65779f31027ef752801031e7bb5 |
| SHA256 | e2538e6a058a5bd1978adb5e4c1c20245d4016ec8de5a842a03b050df262f38c |
| SHA512 | 197e88b53140e8e2177a1ad489d34eb8a661b2f8e035539be47f992837b0d0f3eb2419159452b73cf9542115d12974ed40e00622c3934dc5a0af286796425b03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b818b73aca5e3d0ae760d73c93a26758 |
| SHA1 | cb691cf89a79ca20b03fc1eade79c3285b236b1c |
| SHA256 | 79516fc2296b313dffa11694e319f6b7c3809c41483c9073301b73610b435fba |
| SHA512 | 32bcc556ba36d86a09197226a56cab770d740488c50432a6e15428300d1c0019364cb9e78845ee892431e387d397a85c51be894f6e9cf67c07c5e5ac13d89966 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js
| MD5 | 2b02b1d46a29845b82e1902c7a98ffa4 |
| SHA1 | c52b1ab088c8de38754daac3bac7fde3ce7dd308 |
| SHA256 | 2f5f653289527a60861c3f81544311a90e1578b2bce5cd2cf161af364d0954fc |
| SHA512 | 0f88e56d520cd13b29d12469ec3ff6f352139e42b49dc4cfe75e6f72ad43616329531e8082dec8bb0e4c9f3719af8c7c77718c0cb5fa4406992b8e4eae1c2d65 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe
| MD5 | 192c2ccd064a1c74db17a251c2841cce |
| SHA1 | 417d5787efaa221f27b928227bdf6558657ab855 |
| SHA256 | 8f68ff3f9bfefdab852bb4eb274a2c176cacdabcd1ca289c12ff37f55fa7d0b8 |
| SHA512 | b369dd401d34d0de5d02579f1bd047038da7dcd97f43fde96d003a22ca9852f859c8bf491bc5a3b081e32b3d2760214bb8141df1e532f18d42b31803a492974c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | 3d517ae9713e5a87128ada8225dda336 |
| SHA1 | e9c891a7066705ec24d544b41a02d3105e14e0e6 |
| SHA256 | f25a716e4ff4353a4d505ae3ed2754f124c36ccece2e837286d067f8a70406be |
| SHA512 | 319003fb58b74b4da20f4ffbaf2460f6c25ca3563907a8add0ec57b63ed3afdec5387941693ebccb9f0d32187545377bb8d485c05619001e0432ebabb7e9e3be |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 3cdc91542aa602794469deedf298c789 |
| SHA1 | 88e136efe467998d73bbaa2854ac2ac0210c4b97 |
| SHA256 | b4d1a78e5eee35d6baad9c71928eb147c52986211df6cfa143c541bbb6218c4e |
| SHA512 | 83888a98668c4a4b803ff245a2f4afee614cd5b784ebff8a693d3c2d6bdda2a2a20193c3a7f48daff7d845b5046223e45b1bc888f0d4a1a24e056cffec050d6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
memory/6856-1400-0x00000000009D0000-0x0000000000F5E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 1e9c2b20415332ccbfa0b040c631e10a |
| SHA1 | 7d4747294610674fdc2cf846096dbe38d3efb566 |
| SHA256 | df0fa79e63bda8994209c97a82c3205fe58d158ed43cea86f9fb857635ef9c59 |
| SHA512 | d6cb04cfd5061e02d7791e26cac7babff69580a6e8bae42854cb0c04fd72819a28396a2cb983173017db23206f63026966221bd9b6c36d76c8a4f536b05d32f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\27130428AA9673FE224F99BCAF97A6009AE4D837
| MD5 | ffdd25d2a241683ed87cf5b9098a7814 |
| SHA1 | 61c43f3e7b08d4f8889d22713811197a661aa8d3 |
| SHA256 | 3bf4903836446a2b3a5f4949851b2e39b32961a98e416d185feccf6504dc8f2a |
| SHA512 | 6a2b65909c5042604a38d0d6f29e17729bbfd87867aa54100281caaaf9da48cc824d7a7294a4bbd23eb4cc7c955c653fd2caf3fc3bc86f737be99254abb3829a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 3af0f3f6faf9b86676aee59b463f5db9 |
| SHA1 | 176955541d509d8d069e41f14756f807b82ba31b |
| SHA256 | 3d9a9ac27ba9fe088b17f4760dc2884c2708211a23bbdb51e67525786710c77d |
| SHA512 | 9aac1c2609ee268d1c31cdf84e13e9341986ee9384de16413b5441df6479e9637141a144e3f486bbf18d7f5bbc2f242512d4ccb1996f579cd03ca89a85518f58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\default\https+++www.linkedin.com\idb\301792106ttes.sqlite
| MD5 | e2c172f499dbac650955f3dc34717ebd |
| SHA1 | a541a44812c8260183b729bb8173a515f977a5a6 |
| SHA256 | 7cdc4bed933156490488e2ca2ea713862f49b66b4a6da1977214b08e66a2bcb8 |
| SHA512 | aecec37f57e2e31e275a689164db099505a3db39f1d801ac1fdb64110c2ff009accaf7dde46c520fd3d9ce0045ec6067545bd403f8f7bfe7001f541dd87fbe2c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\169D382E6ECEFB0B4DC415049A9EE59A0E33C50C
| MD5 | da5dc1d02c1d588895aeb42a30a76509 |
| SHA1 | 81542d32e87c3c2ff58e21459afd9972a4ef2158 |
| SHA256 | 7a74cc93f1ab0c37a51d8d9d57b6b459c1db138da713bb3a4826cb51cb749d4a |
| SHA512 | 95d38404190a863f3e9af0f92382a08e051908bdae7e4ca77d980d669d01c6cec9d9816839aee7d08ddbc8e7f2870e9cb9b86abc79bc049f8916e87ec8fc6f71 |
C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe
| MD5 | 7a3e33624ef7d3acdc43f5123e93a47c |
| SHA1 | 2625eb7aaa116560997b4d54410902a818f40c5b |
| SHA256 | d6fe6884a6bd7206d4677788e0b299ad225a3c42fcae65386a7a58a8ffdd5c1d |
| SHA512 | 93716e8485cd0df8259d5e10d25a67ba57e97238185270b0cde0e44b9a3aa818ecc433048952674fa42960352ead28c2659891883dbec41e7894d0c9d259d55d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\0206971B56AA72A685F9515133D05C879FC04909
| MD5 | 09b3c3887fd85e88e9d368332660d882 |
| SHA1 | 8a7cf2ac1be08de7fc48a2b257472af5a44b9fcb |
| SHA256 | 1521a693d75b7d910a80ae0eeb8dfea3d24cffda8fe4b09f510b109d6e04a457 |
| SHA512 | a3719ba2307a2e013e290ef66122c23bdb69a9e08a11c2f234951a4d208375b0d6d464c9a061eb05e68f4604bc439ab8447fae25a4786d5a5d17285fcf2ceb73 |
memory/1420-1459-0x0000000000610000-0x000000000102B000-memory.dmp
memory/10316-1543-0x0000000000400000-0x000000000048A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 7a204d478c8dfe822bf86f9103bbd9b3 |
| SHA1 | 7114b36ea1588d9372d730b2ee5dec7a3aee36d1 |
| SHA256 | d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb |
| SHA512 | f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e |
memory/10316-1576-0x0000000000400000-0x000000000048A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5314dcd61103939f8b2cd3391f372cdd |
| SHA1 | da0252c17cb0a304528b97333a82540d3a45a541 |
| SHA256 | 0a1c7dc665b263b16781e2095c4afa6d13ef3d3eeabc13fc8d6b4de993e151f8 |
| SHA512 | a236e040bbf1f9c4a0aa567c3436e189676e0c0ff6bcddcc676bf382ca947bfe01d45bd904fb9c98a2f1dd89f23020460b475310e71d54347ae7e7d750ee1582 |
memory/1536-1692-0x0000000004F30000-0x00000000050D5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 03a6a060558ed4030aa232b7135b76d9 |
| SHA1 | d047026d303d7517194d1769a95bbef05e8f5c48 |
| SHA256 | 25adc5de5800c8b09ac01dd5a965d381d2dc1847ff301aa00290f81d746dbf13 |
| SHA512 | 2c488609f032044bd49978fb0c0f05c34d61a9a6f33ca0302d9a0c8df404b6c7a653fa02765ec3a193f1d6746df1efa3dde6879f0bc0c4879260bed567fc1219 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fbf24d7df053f0930f81ee7ae2ddecb3 |
| SHA1 | d77d80a158bab9f15fd40bd4277dc61a723ce412 |
| SHA256 | 38d0fb01a3c600cf6b159b93b8cc5aff6a21180d33d0c3797b9b8beed5f8663a |
| SHA512 | be043fbdbeb9a2937fb601924c082c5ba3110b3522a93fa27ce08d242bd88d6f7c81abe50998d41b0b0cb731e44cc2943e7c1db6f5012b640924848b22bee62c |
memory/10280-1760-0x0000000000400000-0x0000000000478000-memory.dmp
memory/1536-1759-0x0000000004F30000-0x00000000050D5000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 06967f647f3de50dbeef43b2918604ed |
| SHA1 | bb3e5cc61b8593563b4f3b0ee70eb0ca20883cc0 |
| SHA256 | 7bd377fbbd5e94c64c201423cf29ba12f35539a1dd000be6c5a9cb62b2077ad5 |
| SHA512 | e1d7d87b2ce5613006ed7ac1073cf165119f4b249d12ef04e5c1f9b1a8cf8c896f33823187606154f20c5d2b107d12fd35f4d830270561782f1bb0a25b439127 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe583767.TMP
| MD5 | 0d6891e244f1f3d755d6c9d740675c8a |
| SHA1 | 5d5281ce907e6aff5e69d8efb5e655926a72a0bc |
| SHA256 | b670e59f95432d1ea9fa0bfe2dfb0e5493a7983e3a93fd109262f91a9add5cca |
| SHA512 | 8dbc9f33d91756ab5e57bcf5df5405f5afaa55afa3616e07473ac137e53e8bef0842381423ebc0a9308be78438bba7c0c1b7c7cda68f01d13b2851a77ecffb86 |
C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe
| MD5 | f3a452901b7de386457d5f09d2dd5a4b |
| SHA1 | b5c6460aff0723f3bf1a5088570fc2bc74f8acd5 |
| SHA256 | 57dd4d3d67da701353fbd78cdda376e2dbbe680c46778605afa8db8c090f31cd |
| SHA512 | e6005cb82fb176ae0738603ea66a2211736a9eea7916088dcaa1956dd47fbd4b667c1cd64984a6cd832a723220eda8225d36b7bbd5acf30a76092c62b700c0af |
memory/6856-1791-0x00000000009D0000-0x0000000000F5E000-memory.dmp
memory/1536-1812-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1536-1888-0x0000000004F30000-0x00000000050D5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 14b060676a33c32f1321c2b0743782e8 |
| SHA1 | 71f4b7db22890b1c392a572d9a9ef545e20f7d7b |
| SHA256 | 2ff55eb07e1eae2c2221871211a786e327c48eee94f4650f353d1413149cbb76 |
| SHA512 | 6206d096b4838bb6d8b2725998df787ad8c6ccd181e06aca6171c158d8b382b3d9579aea06bd8b564765cad9e5a30ec6244e340012dc211a11766eea7237600f |
memory/1536-1920-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1536-1927-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1420-1923-0x0000000000610000-0x000000000102B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe
| MD5 | a7a6cedc486c833ee4e5692b2a71df54 |
| SHA1 | 30640072738d6cdf6ffa94a96d4bffe02dd6dc99 |
| SHA256 | e0d7f4ebaed84592e99e3545e24199be955c04372762e74027bd2e80a695ced5 |
| SHA512 | 41aa0d9534e64a0f64998aabed9c2d028df5fc2d0cc1abd0b3e17c45c440c255c4fce5c15c83dc94b949f5e84159c0fc7e1fad77a7b99b6dfa019402df2e7f82 |
memory/1536-1969-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1536-1972-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1536-1995-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/10572-1991-0x0000000000750000-0x00000000007D9000-memory.dmp
memory/7860-2000-0x0000000140000000-0x0000000140848000-memory.dmp
memory/7860-1997-0x0000000140000000-0x0000000140848000-memory.dmp
memory/7860-1993-0x0000000140000000-0x0000000140848000-memory.dmp
memory/1536-1987-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1536-1974-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1536-1958-0x0000000004F30000-0x00000000050D5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
| MD5 | 53bde46c600286b424a9b8dfff5fc83f |
| SHA1 | d1aa787275e5da9850ccbd7de5a02b43c879c50f |
| SHA256 | b122a71ec2b0d0dd0fc3326567cb5e74a6b98b8736cca7186dc700a53f93bfb7 |
| SHA512 | 222b6e4a471d67a35c0fed78a6fc86f75d17a26c1c959eec3f50410e60df885752e1f33397c5710f303f7a3589fa508ca0be58fa7a5fd3157b4aa25a23fbc0e2 |
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
| MD5 | 54b24d158dc38220b2be92a883211ce3 |
| SHA1 | 7d9501947544b1a39dee35f3d59a3b98894055c7 |
| SHA256 | 9d8c1888d2e65df90ec0b856fbd30c9b7789209277994b8cdd764790511ac5a9 |
| SHA512 | 3b867aac4de737f8547257bd491bb9fea4c37e2d9943e5ffcb3cc7ec088dfcd39c7cc7c3e8f2b7c00b08ca16efa86d2b5a69f925489ad2e004b2c558c761c767 |
memory/1536-1942-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/3512-1924-0x0000000003370000-0x00000000033CE000-memory.dmp
memory/1536-1861-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1536-1790-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1536-1765-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/1536-1736-0x0000000004F30000-0x00000000050D5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u7xk.1.exe
| MD5 | 1036f5df13b9807a53a109abd405952d |
| SHA1 | d1d70097a10867378ecdf89c66fd032e8556c958 |
| SHA256 | e1b6fce84f76d2adca62cb6b890e6ee3672bce0a311700d98e215eb7718a8f29 |
| SHA512 | 9489f719aa261986976b9de65873bfd1c501b458fa7f8c82fc3fbf4c0eaa9b6164ee01b587908aac71726bdb37e37947a78eb7c990e22a79da866200b5762841 |
memory/1536-1718-0x0000000004F30000-0x00000000050D5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | eae2525bc30fa5a4e253f2a94553fda3 |
| SHA1 | a289173d5b1f2988a43683ff11d5bb1a952da7f6 |
| SHA256 | 36a3ceaf7c80d066f443a18b70295ae2931dcd55f1a3f33981d396fcf4e5a3b4 |
| SHA512 | 4566144f8f656bbe5b371add9da6efb2bc47e227065db7a7b67d341ce02cf0f4aad56c20ad26061f80684dc594d92f7e7a22f06f3b6f2979f197156c71d685f4 |
memory/8548-1679-0x0000000000400000-0x000000000044A000-memory.dmp
memory/1536-1674-0x0000000004F30000-0x00000000050D5000-memory.dmp
memory/3512-1668-0x0000000002B90000-0x0000000002BA6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | e404d7406b6b25ff193fc7269b92fd52 |
| SHA1 | 6a02136cb3de07b970e1ba64df0b148f0df31dd6 |
| SHA256 | b40c483b6cdc7f83f646ebbf9ac45699285f8b68096f6451b99a9ea0a51ae59b |
| SHA512 | 046c1b06607619a7354391d9152d8a9b5ce990ee0b5e0587c088ea611856836d187ead6ff1289bbe663df191702e34bd7954194ce5950a6126b6f808bfd42bdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\doomed\2644
| MD5 | 491879184a778369539820e8a33022a7 |
| SHA1 | a5a48e59f5b8504977d6eaf0dedabd5a68559c4c |
| SHA256 | e2fc2f89f577060644b0df3cb5c115fd17b93cb0ac4d809490e393725b1e32c8 |
| SHA512 | a994cb56bf0c2c13ec133a9e63707b19c506325438753ce71f5b75d549f59ef63e5a539175c6114fa7db893a4c2517f51759fd9d726f2deecdde5a885415d045 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\D3886D483BFF9B004AA331EF257C3770172BC48A
| MD5 | bcccf3d606a780255203e990bb0275d6 |
| SHA1 | 87697a52d97d7ba31d82e2868c28b5bcae6fb820 |
| SHA256 | 1f123056056916a159992293bac806bcb5c7fdc4285a6b265a9ba1968cc45c73 |
| SHA512 | 8bb91b954bc83c05ed6c5a622f7e6f2258d69ec1dbe95cc9faec34f8536b5b68c48f820b24f5f173a5058330b51dc6a0c17f8ab5ef2c6eac94c7ce63d2e1861f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\4FBF04A3C9F4324AFD2987052CBF8504453061F7
| MD5 | b7b209d3f0c8861b452f1dc3f58e1890 |
| SHA1 | 23ed01a4daa628491b533b749d7c61f2618d99cd |
| SHA256 | c2d8f1f681beceef4e75d7c48b1d121959bb2e196e36ba7792778e79c0dc9851 |
| SHA512 | 5bb16b051338ef8c6b726106659e84e632fe15f4a35f827b933179d9efdacc99e9c4607837f67f7463afa9c1527d367b1018efd18718db70a48e7d524260de78 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js
| MD5 | 1185c6b3e8fe4c35911cf727078f59ec |
| SHA1 | 5d0027cec1aafc647197503a8ad459dfe776ec44 |
| SHA256 | 7bbb24c3088c738404092656483effc5d434e030aa7e7cacb677267147733163 |
| SHA512 | 00146cc7d6ef3308bde002bd5e1e82a81622d7acec910322f2274bce93297656f1ce4d489b3a1b3f951d23551dba4406c4cee575401c42d96eaec5819b8023db |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\24FCC1FE10B5907E89DD2B7D6CE6B2D40A935AAF
| MD5 | 1cc34ff1d87b7d438689f8fd178dfe52 |
| SHA1 | 7571362d13f64ec054f07ec3dd26d7c995fdc245 |
| SHA256 | 631ea459540e6c81ca5a47386dc09601d71e5eee880a2156093d55ae91a69dde |
| SHA512 | f6e14794815ac274fe3173a2f32fc223a706818471b012270d3eb7ae6e22bfe575f7fa3854522b49eefe6f8da77c86213f3cfaad6d2af7f000fbbed8740ffb41 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\A4EAA756C522664D9CEE8A7AEF94BA0D5D323F4A
| MD5 | 7e9b70faa24f68062064defc28b16cf5 |
| SHA1 | cdc24ef963d58375603e21b3f2627f068aa49cdb |
| SHA256 | 6767a0246cc7e160f70ec75d08308b933868aac12c5a771fb11589e2ccf7cdb7 |
| SHA512 | 9d66aef728c65f3bf7dd2c71e859d0d1b4d46be421489226873559bb3c87b1ec27056903e76482071590481c83a3bd5fc96f056cadce90b989c5dd1e4cce05e2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\59q4zd6z.default-release\cache2\entries\B367EE5B548D0683FAB204AE7A360BBB1364F50D
| MD5 | 618fa07e99121192bb38b93bf7660f0a |
| SHA1 | deb08fced75893b657f84fed806f4ed4cafa092e |
| SHA256 | dd7653fe720ec12a9ce5cdfad195016e23fb5d7e0aeaf4010a39532e3b1055fe |
| SHA512 | 90557008b6a026de4eb80f0b022b223df751ca883edb2e266716d64073c938e728ba1b342d11bccccc02c86f7872e04e819d6158617009a50deafb2a82bd8ced |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | 8c20d9745afb54a1b59131314c15d61c |
| SHA1 | 1975f997e2db1e487c1caf570263a6a3ba135958 |
| SHA256 | a613b6598e0d4c2e52e6ff91538aca8d92c66ef7c13a9baadcba0039570a69d1 |
| SHA512 | 580021850dfc90647854dd9f8124418abffbe261e3d7f2e1d355dd3a40f31be24f1b9df77ad52f7fa63503a5ee857e270c156e5575e3a32387335018296128d7 |
C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe
| MD5 | 18d9a5482ff42810415072f95fe5fad5 |
| SHA1 | 5526e1b76189f08fd279bfaaef076b3f7335e2b4 |
| SHA256 | bb626a8b614591272a2d60ff692d887298d08b39c50e34970c6ef3f386497c0d |
| SHA512 | 9161106cbdbe4f4932a0abfcb03ed6f3dda3ff72ff0e829c8de183cccdc9bde26a8b3362ae2aad41ee34e4030b09e4c11c1a3ada6702c7229028eaf26b1e2045 |
C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
| MD5 | 38a2f1b404d10f0ceb5b66de06296238 |
| SHA1 | 0979e856ad064f6c3dfb3aa10eac8f0c7797047c |
| SHA256 | e3498a4bffc7c02f7230dc54859d1e49c7b2099564aabdc60c8a0ff59ef40e56 |
| SHA512 | 585e7db52461606f61fcc9e71e3169579689cb45b24703e295595243b887e7ded69cc0cd1c25c8148716056dc6a221d04cfa27ff4fc7b606fa6d73300c94ae08 |
memory/1420-1105-0x0000000000610000-0x000000000102B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7dc43188e3f2c66c556e24a622f5da4b |
| SHA1 | c0d73e66616ffa24cba6a3957303dbf2d00b278f |
| SHA256 | 54287c4072972c41157822dbb9b0f584c73362d8258fe2acafdc5ff1150d04f8 |
| SHA512 | f53aa2d43e2640c0f3f3b64b61eed2688442cda1266031a4cc9220805cf1cc002d6ba2ca2cd83b0379c780fb30e347cc9537d63a59cb7f3dfbda6ab8265a95ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2acb468f629db682f77269aae751c5c |
| SHA1 | 5c2144a35a7dc265f300a5b97acf1f89f4e3e973 |
| SHA256 | b7d5bdc93131bb51c931ea70013e559081802e96e3415cd523a7f4d5e9e7bc12 |
| SHA512 | c23fef319d9f3b0fd10205aed6f7b419820cce324a0741f6965b4e6f5b8da097e904ab48cdebdd3e3477b26137a1041386335eb5c959d5e2555f72ad3f6a4824 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe
| MD5 | 654abe1db0f972272b5b012914d9e5d6 |
| SHA1 | 1ac7b42167369dcfa528837f13a2c80de7bcc161 |
| SHA256 | 5f2bdf7f83ab075f7dafaf7493cbf4ab08d2e79b95cd3382621acfe73ba96094 |
| SHA512 | 18823ab8a9a160ac169052ec210e6adb356190dc0644c8b5fd6f5ccbc8de2666c5e9d44ef90c954d5b6e948c81ef2666900c0fe40b7d5e4b644a39e8b93c1a12 |
memory/6856-1046-0x00000000009D0000-0x0000000000F5E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 3669e98b2ae9734d101d572190d0c90d |
| SHA1 | 5e36898bebc6b11d8e985173fd8b401dc1820852 |
| SHA256 | 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a |
| SHA512 | 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3 |
C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe
| MD5 | f733785f9d088490b784d4dc5584ebfb |
| SHA1 | 6c073d4208fee7cc88a235a3759b586889b91adf |
| SHA256 | e7216d8b7084c0c36d90aefaf30bb7b6d10ae2ecae700889d459ed5ab1b26a59 |
| SHA512 | 43589b18333b0edcd6e300577f86de685058df5533bcbfdd3e30497aa76176008125fbd28deecaca5e6132c42cc5c0a583c34497f40dbe4ea577333eaebab899 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 6b39023e9c3164add64f52e7cf2dd035 |
| SHA1 | 62df9c1a92d29cf3163afd77ccb4db5f90777666 |
| SHA256 | acdf73844e128312a01602d2f3feef7db13507aa0d5dc345ca4aa7d4e61a76c5 |
| SHA512 | 9bf0c5efd8ec44982977f0536b9a9eaee21edefa0eb2c81d5a0472ab499d1d8560a8d7e5651341814a17cc38a638d06b8d9e985e3eb469df79846c2ec2ded211 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e4fe9c40b3c92045a461fc5d505eba1b |
| SHA1 | f39f8943f0965e336c69c96fab9eaabaa2baa9ce |
| SHA256 | 1a646397bb427cf167bb052326ab3410efc47b030d6be6d5f1aa355ff60934be |
| SHA512 | fc37f77f7c6e3b2acf1786418b9c1af850236add0d2cf715202e8ed45ccd484a63b766a312fd7ce142e0b33f914f93164fc6006ac4ce04103f24646b66d61b6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57e222.TMP
| MD5 | 1b7f0ce5c517b1cc169b3826461bb05e |
| SHA1 | 17241249db2d553e179a65d87f9ce7b5ecaeecdf |
| SHA256 | dd32fa3f1a207234288f1c9cac314915ab5899a41bede25051591e3c9af6fcd3 |
| SHA512 | b82af67a867e9552c0177255260263743c9c8ef32c4b09ede79f79bdba3abb3b158717a3cd971f417dc3d998dbd1c618b8fb493d127d8634f2dc89ea271cb12b |
memory/8516-801-0x0000000073250000-0x0000000073A00000-memory.dmp
memory/1668-800-0x0000000005480000-0x0000000005512000-memory.dmp
memory/9420-793-0x0000000002420000-0x0000000002474000-memory.dmp
memory/1668-773-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 92fbdfccf6a63acef2743631d16652a7 |
| SHA1 | 971968b1378dd89d59d7f84bf92f16fc68664506 |
| SHA256 | b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72 |
| SHA512 | b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117 |
C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll
| MD5 | e6eaaf14065f1ac77cd2a9f22148d422 |
| SHA1 | b3de8d96ad8e52240b1db738187e3f2aa9241564 |
| SHA256 | 2438f4fbea174cd9152cdb4afa6b4c01d0b9b882f0d6384c23e223af632002f5 |
| SHA512 | 88d7be2f13dd613d45cfa60e120131da66c22f14e6dc37e656413a71ad6c4070b34525c7615f733067aa45a77c500039b376abe1654b05ecb10d72d1d136e4bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0803d7199ccab22591b3e19c7654a8e5 |
| SHA1 | e84e3a8eb35653e5459a7f024e138a1a0bce8a43 |
| SHA256 | 11ebb601cdd6616e3af741b4ea20a8ca24d408ed0512206f47b3e8843de31b49 |
| SHA512 | 19cf11f42bb7dd517132ae031d56bfa7c956b2fbd856bca083a5eb80f36fab28dd46e33bb745af3990f1f3a6aea39f444053b5981de005737e4a0877ae3adc47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2eb45e9688b8e135e6e4c738cbe0ac53 |
| SHA1 | c95882325d1f2dceb92d6ff1b28066dc13b3f147 |
| SHA256 | 79f2629b69a3fb95af067f90b43591be2413db1fba3036ea1a277b4aff87a1a5 |
| SHA512 | 73cab41f77aac4b5698677106e27306c95245a55e025cf9beb0f267c2b4ecddb5d6cc498ee5edb2b2a80a0aa4dd6e7fdb3615ad150dd1e7f0a3354aa146050ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 12073af823007ae20c7b3a14b70da94e |
| SHA1 | 6f38b90eb5ecd0ce2f3ecdbe9f18d7412e5298ce |
| SHA256 | d00f5c773ce637e3514f0c74ef1d1ff11a371cc5be323fbef17acd3835e3c6e6 |
| SHA512 | 91df4bf86a99a79e9e60f2db6a1107af73fafa273c9910adca1e804f63ee81970f5683b460e85c56fbab8230cd8d44e55c294b2cdd17f5ec61a31e900c3b9c38 |
C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe
| MD5 | 6e401ff8d2152ee1f93cdf7a48072207 |
| SHA1 | 5b6945cde50036da4f96c3ad4d8151e4edfa0eb7 |
| SHA256 | f7c9102387ff2be3466578767db90e8208f9edbfbeb048d08b3aa47b042a05a8 |
| SHA512 | 66ae5caabd19090229449dede7840770c6b3bf8a5d875fa75df3621119b3798a0a5b60e19c4bba9cfb8a39172bde6b5a45ec1d8cff865ca8a8f152f335c68b96 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\85c5e205-fc73-4b78-abca-a6cfeca1ab4e
| MD5 | 2148b76bb3e35201ca6c12c7149c31d1 |
| SHA1 | 4895c05cd6cb7144238fc087581883432c524403 |
| SHA256 | 58ca73eb6e255ec67fa60dd8e6bed72642f2ae49379ac85e7059e6aab7425c87 |
| SHA512 | be159dc188812d5c54e932ff8f400c2223d51e346eda41af6ef787f7f9b0e93b4bf1ab3e45d8c9220af0e692b5955f1a48ec2b05748d75660b193bfbc115454e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\db\data.safe.bin
| MD5 | e87b484309866ee5a52c4776606af173 |
| SHA1 | fdb1759bfb55d1ee479afd9bc584db03b8fe4d18 |
| SHA256 | 77906db1e42aa50b0e6de98fa229a8eb17f53a90c5a7c88709a1969bd36a256d |
| SHA512 | 910d215c7726b87faebd7ec6c5d17da09e631293667b9520592e60a56b4f3fe49609a3d8ba851684bcca332d3795251db8b77d013d6592d62b311a60858a3c0b |
memory/6856-309-0x0000000004D70000-0x0000000004D72000-memory.dmp
memory/6856-301-0x0000000004C90000-0x0000000004C91000-memory.dmp
memory/1420-278-0x0000000000610000-0x000000000102B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe
| MD5 | d467222c3bd563cb72fa49302f80b079 |
| SHA1 | 9335e2a36abb8309d8a2075faf78d66b968b2a91 |
| SHA256 | fedb08b3ec7034a15e9dee7ed4dec1a854fb78e74285e1ee05c90f9e9e4f8b3e |
| SHA512 | 484b6c427e28193ddb73dd7062e2bfbd132ddc72ce4811bfe08784669de30e4b92bc27140373f62a4ce651401000a3c505188620c43da410bf6b0799a0791fa7 |
memory/6856-272-0x0000000004D10000-0x0000000004D11000-memory.dmp
memory/6856-265-0x0000000004D00000-0x0000000004D01000-memory.dmp
memory/6856-255-0x0000000004CA0000-0x0000000004CA1000-memory.dmp
memory/6856-249-0x0000000004CC0000-0x0000000004CC1000-memory.dmp
memory/1420-239-0x0000000000610000-0x000000000102B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4da8a55423aeeb16444215d63280bd15 |
| SHA1 | aaba533f6aaf1f78fc3d84591b0f16ed8248b55e |
| SHA256 | c4abacdd6ef905dca3ee7c70f3cfd4eccce9f2b01ca72c53ae26fe68f88a2706 |
| SHA512 | dda7b94e608777145b701246979ef40d7339f752e84facfc3a7b2ed233a2fab9aed0966be574bfc191451e958b8b67f7d544a1330a83b1c0e8a431952281f799 |
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | 02515428ef6c93543dcc4cfc528acd37 |
| SHA1 | 01f102981617fece98a5ada0fed4647f6a12971c |
| SHA256 | 45df693db85845b1c76dc4588868c47db54d0637db10d871b1e28efd75616b19 |
| SHA512 | dd10c48f4feb16ea9ef4bc61ca7228b516fb6ca09370ac79ed4a4dfd57842997c214dc1fa60f478727fa3f866fd8555476813df9be386f2056b99b675466528f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2dd4fdc9ff1afe4cd90f18685ebe66ba |
| SHA1 | 63e50c6cc927b3e41e307426518d4417f4d8fcd0 |
| SHA256 | 3b00e83c7a4a0bc770361a453550c7e7a0212db0ade53f7dba5480bf2eb0258c |
| SHA512 | 7e6276c87bf691d6e38b46399a543fb836921b9fe7ece1a58a20ad4865870c1fe5019a4b85dc9ece15011949d74aa193bfcb0e525ca0de351bc0485344977823 |
memory/1280-151-0x0000000007A60000-0x0000000007A68000-memory.dmp
memory/1280-141-0x0000000007A90000-0x0000000007AAA000-memory.dmp
memory/1280-108-0x0000000007A30000-0x0000000007A44000-memory.dmp
memory/1280-106-0x0000000007A20000-0x0000000007A2E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 12f5ea17522d20f57cfc7ed287507d1c |
| SHA1 | 683a34647d67a7f0db4b48c8e5ab2bd96b1ae58b |
| SHA256 | 25fe9a74a26f05364d78e4fef7962b5509f562c825da977bf6ee46a31e2392cb |
| SHA512 | 6ba3e8a3b7eb2fbd8edf13571a7a430b334dc86527eb4368ba3b8c2e7bcd24073cca99677ddffa633643046536bf7c7516076a9018f7b3c7c63a9f2a26de67c1 |
memory/1280-83-0x00000000079F0000-0x0000000007A01000-memory.dmp
memory/1280-68-0x0000000007670000-0x000000000768E000-memory.dmp
memory/1280-58-0x000000006FAE0000-0x000000006FB2C000-memory.dmp
C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll
| MD5 | a81a828672216bb4f6cb751c95bfb419 |
| SHA1 | 01e7825088b8d050fdaee4af872994d168fd617b |
| SHA256 | c499ed930172b8815ffb19599c8f8c39692f49d1917c140332e10a2476455820 |
| SHA512 | 5ef0f139858f0ba5f1183f626b0e4dca4e2a5e9cabb576cc58b841160640c6ffb663fe9ddb5f4a233f98749b79738c18030af65b53a572929a3017e58af111de |
memory/1280-57-0x0000000007690000-0x00000000076C2000-memory.dmp
memory/1280-56-0x000000007FD30000-0x000000007FD40000-memory.dmp
C:\ProgramData\mozglue.dll
| MD5 | e12c52fc76bd431e3e83819a875d1ffe |
| SHA1 | 93309b9c1684bb34257baf50ce7e6be17dbf2ba1 |
| SHA256 | 4d5f07a0a526b93db790794ad8e1ad4e95bb1ee6c2d068efa10af98872727496 |
| SHA512 | 97ef20dded83b64d0dbbd9f3dff8dab9110de5f3ff6a09216c18a7fd32ed10756de1f44076c0ea30aaa7379850e86699f60b08b075d290211339c9c0c22736f1 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |