Analysis Overview
SHA256
83fccf0f5100107b89f67f9f692972babbda7dbc608f14377cb90122adc71764
Threat Level: Known bad
The file 7ced1bb243ed005bb0abdce463e8ce7b.bin was found to be: Known bad.
Malicious Activity Summary
Amadey
RedLine
RedLine payload
RisePro
SmokeLoader
xmrig
ZGRat
Detect ZGRat V1
Identifies VirtualBox via ACPI registry values (likely anti-VM)
XMRig Miner payload
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Modifies Windows Firewall
Checks computer location settings
Reads user/profile data of web browsers
.NET Reactor proctector
Checks BIOS information in registry
UPX packed file
Loads dropped DLL
Executes dropped EXE
Identifies Wine through registry keys
Adds Run key to start application
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Drops file in Windows directory
Unsigned PE
Program crash
Enumerates physical storage devices
Delays execution with timeout.exe
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-06 01:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-06 01:33
Reported
2024-02-06 01:36
Platform
win10v2004-20231215-en
Max time kernel
11s
Max time network
151s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\u6zs.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\u6zs.1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\u6zs.1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u6zs.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\u6zs.1.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amert.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000958001\\amert.exe" | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fu.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000031001\\fu.exe" | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\u6zs.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorgu.job | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
| File created | C:\Windows\Tasks\explorgu.job | C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\u6zs.0.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe
"C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"
C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe
"C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "explorhe.exe"
C:\Windows\SysWOW64\timeout.exe
timeout 1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k "taskkill /f /im "explorhe.exe" && timeout 1 && del "explorhe.exe" && ren cbfcbf explorhe.exe && C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe && Exit"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
"C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe"
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
"C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,1038411465482970126,16391825748230195815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff811b99758,0x7ff811b99768,0x7ff811b99778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.0.522591083\233251307" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ec94acd-1f9a-495e-a0c4-60247c82077b} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 1960 1ce44bee758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
"C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.1.1599017872\354090361" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6902e78-e6fc-4609-9b8d-6dfe44ce0b48} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 2452 1ce44339a58 socket
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff811b99758,0x7ff811b99768,0x7ff811b99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1900,i,9885377151648025853,9267339572781606975,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3736 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.3.651737258\1520470896" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3364 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e41267a-6485-460f-a3d7-eaf3d5a9b2e7} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 3504 1ce37e61f58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2720 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2712 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1984 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.2.1331204284\644257874" -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0127fe64-bb60-492d-9311-58aab30bba5b} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 3144 1ce44b5bc58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1900,i,9885377151648025853,9267339572781606975,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3976 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe
"C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6523411799529186138,2406776430517157053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4968 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4812 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff811b99758,0x7ff811b99768,0x7ff811b99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1684,i,8346985176723789127,676484711623885561,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5228 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1684,i,8346985176723789127,676484711623885561,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5416 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff811b99758,0x7ff811b99768,0x7ff811b99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe
"C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.4.369049246\1849110370" -childID 3 -isForBrowser -prefsHandle 4776 -prefMapHandle 4692 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f06b9a7e-48d9-4d22-b67b-459be9443dbe} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 4872 1ce37e5bb58 tab
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xdc,0x104,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.linkedin.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,7059473525394005184,16878824735945313973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff811b99758,0x7ff811b99768,0x7ff811b99778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.linkedin.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.5.1026711800\1400198529" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5156 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2777c45-247b-4fba-9a52-b4dd081056fb} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 5168 1ce4b0fe558 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff811b99758,0x7ff811b99768,0x7ff811b99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5628 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.6.1618158021\2040606406" -childID 5 -isForBrowser -prefsHandle 5372 -prefMapHandle 5316 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e3c4065-72da-42cc-bf7d-b3aaec365f5f} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 5364 1ce4b567258 tab
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe
"C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.7.1986545926\730108122" -childID 6 -isForBrowser -prefsHandle 5572 -prefMapHandle 5568 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5c115ff-3fc7-4ab9-beb2-620fc8385339} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 5460 1ce4b85de58 tab
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe
"C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.8.1353631905\649071434" -childID 7 -isForBrowser -prefsHandle 5700 -prefMapHandle 5772 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42452ed3-5835-4062-aa72-2171728e6b94} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 5688 1ce48005958 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff811b99758,0x7ff811b99768,0x7ff811b99778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4116 --field-trial-handle=2340,i,2758434366152481531,16399184323866473153,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff813d146f8,0x7ff813d14708,0x7ff813d14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6520.9.715873631\583082889" -childID 8 -isForBrowser -prefsHandle 5880 -prefMapHandle 5824 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1108 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1f54f18-75f8-4b88-8e79-e3f713d99077} 6520 "\\.\pipe\gecko-crash-server-pipe.6520" 5952 1ce4bb80658 tab
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\497073144238_Desktop.zip' -CompressionLevel Optimal
C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe
"C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe"
C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
"C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"
C:\Users\Admin\AppData\Local\Temp\rty25.exe
"C:\Users\Admin\AppData\Local\Temp\rty25.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe
"C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"
C:\Users\Admin\AppData\Local\Temp\u6zs.0.exe
"C:\Users\Admin\AppData\Local\Temp\u6zs.0.exe"
C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Users\Admin\AppData\Local\Temp\u6zs.1.exe
"C:\Users\Admin\AppData\Local\Temp\u6zs.1.exe"
C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
"C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"
C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe
"C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "ACULXOBT"
C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe
"C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "ACULXOBT" binpath= "C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe" start= "auto"
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 584
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5392 -ip 5392
C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe
C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "ACULXOBT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe
"C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe"
C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe
"C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 8408 -ip 8408
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 1148
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5876 -ip 5876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 2020
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe
C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\497073144238_Desktop.zip' -CompressionLevel Optimal
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| FI | 109.107.182.3:80 | 109.107.182.3 | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.182.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| US | 138.91.171.81:80 | tcp | |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| US | 8.8.8.8:53 | 32.113.215.185.in-addr.arpa | udp |
| GB | 163.70.147.35:443 | tcp | |
| NL | 142.250.27.84:443 | udp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 142.250.178.14:443 | udp | |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 52.167.17.97:443 | tcp | |
| GB | 142.250.178.14:443 | udp | |
| US | 13.107.42.14:443 | tcp | |
| GB | 163.70.147.35:443 | udp | |
| US | 13.107.42.14:443 | tcp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 20.79.30.95:33223 | tcp | |
| NL | 142.250.27.84:443 | udp | |
| DE | 185.172.128.19:80 | tcp | |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.30.79.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | udp | |
| NL | 142.250.27.84:443 | tcp | |
| US | 138.91.171.81:80 | tcp | |
| DE | 144.76.1.85:18574 | tcp | |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| DE | 185.172.128.109:80 | tcp | |
| HK | 154.92.15.189:443 | tcp | |
| FI | 109.107.182.3:80 | tcp | |
| NL | 45.15.156.209:40481 | tcp | |
| US | 20.12.23.50:443 | tcp | |
| US | 172.67.152.52:443 | tcp | |
| US | 104.21.58.31:443 | tcp | |
| US | 52.165.164.15:443 | tcp | |
| US | 8.8.8.8:53 | 152.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.58.21.104.in-addr.arpa | udp |
| US | 20.12.23.50:443 | tcp | |
| HK | 154.92.15.189:80 | tcp | |
| US | 20.12.23.50:443 | tcp | |
| NL | 94.156.67.230:13781 | tcp | |
| US | 8.8.8.8:53 | 31.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.241.179.95.in-addr.arpa | udp |
| RU | 5.42.65.31:48396 | tcp | |
| US | 8.8.8.8:53 | modestessayevenmilwek.shop | udp |
| DE | 185.225.200.120:15666 | tcp | |
| US | 104.21.78.62:443 | modestessayevenmilwek.shop | tcp |
| US | 172.67.152.52:443 | tcp | |
| US | 8.8.8.8:53 | 62.78.21.104.in-addr.arpa | udp |
| US | 104.21.16.152:443 | tcp | |
| US | 104.21.83.220:443 | tcp | |
| US | 104.21.58.31:443 | tcp | |
| NL | 94.156.67.230:13781 | tcp | |
| DE | 95.179.241.203:80 | tcp | |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| US | 138.91.171.81:80 | tcp | |
| NL | 94.156.67.230:13781 | tcp | |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| RU | 185.215.113.32:80 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| RU | 185.215.113.32:80 | tcp | |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| US | 8.8.8.8:53 | udp | |
| NL | 94.156.67.230:13781 | tcp | |
| US | 8.8.8.8:53 | 7e83a9af-8a1f-4417-9467-e4e90a0629e5.uuid.statstraffic.org | udp |
| GB | 173.222.13.40:80 | tcp | |
| GB | 96.17.179.193:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| NL | 94.156.67.230:13781 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 13.107.42.16:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 142.250.27.84:443 | tcp | |
| US | 13.107.42.14:443 | tcp |
Files
memory/1436-0-0x0000000000360000-0x0000000000768000-memory.dmp
memory/1436-1-0x0000000000360000-0x0000000000768000-memory.dmp
memory/1436-2-0x0000000000360000-0x0000000000768000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | 7601feefc634544c794288cc77ddeb34 |
| SHA1 | 0ef9c88cd95f2d7a8654ebd31f1f118aa329c971 |
| SHA256 | 9febba000745e6efb633da91bef9cf8fff26337476f448a69724d0a41c9f85de |
| SHA512 | 04ccf071befd0c35f8eb8f4e70d48a01f733af28fa9f9b16a1aeaefb450a59daed09055faff0aa620f14c38ec4bdbe718cce4b3f34fa2f2c60ddbf01083a9a19 |
memory/4172-19-0x0000000000B20000-0x0000000000F28000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | 7ced1bb243ed005bb0abdce463e8ce7b |
| SHA1 | 5866fd17dae054b91483ff7d6cc0b6096b507fe8 |
| SHA256 | 5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c |
| SHA512 | 915794531d829e050146e1b893c826fd75fb2b2677d8dc21c38ceaa26f28c67bf5e50524e057d5c54899dba5895e979ebcdd3c4372fd797cb558d8cb9b8321e8 |
\??\c:\users\admin\appdata\local\temp\F59E91F8
| MD5 | 5d55464657fa1ef32579ce270054f602 |
| SHA1 | 744a27f68353560f03ca4966853659431039de96 |
| SHA256 | 8684f5f4e5fcb8981567eea5e62047ba032a31638328a351cc8f81c769e2ae8d |
| SHA512 | 7c1b9087e69ae8fd9eda454a3cbb3129d79d9dd625c2496623ad45d39c6fe812ca6a70edf1f7ba624f42d7223a4f68a2167bce57b7ebf1b3950e9db9fac6ec29 |
memory/4172-20-0x0000000000B20000-0x0000000000F28000-memory.dmp
memory/1436-16-0x0000000000360000-0x0000000000768000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe
| MD5 | 28df16971f8111a68d668efcf1f283ae |
| SHA1 | c4658ef871470af2eba89301c05c24d284763bac |
| SHA256 | 8172bd09f31f1cbaf4194afe4bd6ca6330562f6e8440ae3dee9e8baf01b79484 |
| SHA512 | e3f7d7efeb29bcbeb15548faf052a0813c579c1565d243e3955adad6a68bce1cab2ccaeea2a8e30989671bc0005d76a59fc60d6613dfc8f7600bad509abe6abe |
C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe
| MD5 | e385bbbdcfb793d8f255bc029b68a4f2 |
| SHA1 | c942ac15574aa445e07a36bf2a1d05ecde678ad1 |
| SHA256 | c90aaac243c12a6130c7480450afb9f37f015ba26f460328019fd77ae4a1692f |
| SHA512 | 687837dbba2e6b7bca2c98cb819984b1e9ea1f1ed7ecf9776e70312818fe489d3379db3efc8ed78a8f00ecee69ebbcc47b2f91087dc561a75a962bc704b393e6 |
C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe
| MD5 | 1962bccccd9d20f5cfd0540d8eee4f50 |
| SHA1 | ce6b383681f50a118df07e1d8a50e567b41769bf |
| SHA256 | d4c03982ea29f20d8aee62bfe5230ac6426331858f4d45f54ed954a4bb1b7947 |
| SHA512 | 7fb340cb754f63fd2954995ec3cfeea96ad11d21b9c43d15d1ca813fdfce4fa6e586b3a2fe6bfa905d2259147d44cd3282e8cccddaf0320140b2865a65ca94eb |
memory/2480-39-0x0000000000660000-0x0000000000B2F000-memory.dmp
memory/2480-47-0x0000000000660000-0x0000000000B2F000-memory.dmp
memory/2480-46-0x0000000005310000-0x0000000005311000-memory.dmp
memory/2480-45-0x0000000005300000-0x0000000005301000-memory.dmp
memory/2480-44-0x0000000005360000-0x0000000005361000-memory.dmp
memory/2480-43-0x0000000005320000-0x0000000005321000-memory.dmp
memory/2480-42-0x0000000005340000-0x0000000005341000-memory.dmp
memory/2480-41-0x0000000005330000-0x0000000005331000-memory.dmp
memory/4172-57-0x0000000000B20000-0x0000000000F28000-memory.dmp
memory/2480-40-0x0000000077334000-0x0000000077336000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | e78a999c66ea4c80cb75d027c2a137aa |
| SHA1 | e7509f01d938972c0645c277de930f94eb08faac |
| SHA256 | ec8ff8224a7e5c0573fc5b0c3eb5c38b2d2ddc058cc7fe45917d9941cdf92d22 |
| SHA512 | f7c0fdc39150daf27de3513f105337e7163b6b19fb9f5d3df93e688a78b9bffe1cd7f3422e0d2542e83a3cd7f88804d4c264708fa22b978c7d739da271fed0c3 |
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\cbfcbf
| MD5 | ee17c20451162656de91135de8a12efa |
| SHA1 | f4ba5c21325f6710427359cffeeb565f0ce25c7a |
| SHA256 | 4633538f5f844578d773ef70aa5a6f29a266626f1ab87844e808b6163ccffbb4 |
| SHA512 | 11d12056af55d588bd6c1e3a2a773fca93a02b2953bed7d34d80c680b123e51715f9aae8c6f8496e6582d60d2812fbc57bccc85d8206d68a0aa92b0b3f7d4680 |
memory/4848-60-0x0000000000EA0000-0x000000000136F000-memory.dmp
memory/2480-61-0x0000000005380000-0x0000000005381000-memory.dmp
memory/2480-66-0x0000000000660000-0x0000000000B2F000-memory.dmp
memory/4848-74-0x0000000005860000-0x0000000005861000-memory.dmp
memory/4848-73-0x0000000005820000-0x0000000005821000-memory.dmp
memory/4848-72-0x0000000005810000-0x0000000005811000-memory.dmp
memory/4848-71-0x0000000005870000-0x0000000005871000-memory.dmp
memory/4848-70-0x0000000005830000-0x0000000005831000-memory.dmp
memory/4848-69-0x0000000005850000-0x0000000005851000-memory.dmp
memory/4848-68-0x0000000005840000-0x0000000005841000-memory.dmp
memory/4848-67-0x0000000000EA0000-0x000000000136F000-memory.dmp
C:\Windows\Tasks\explorgu.job
| MD5 | 21a84cc44b22390e6dd91d87eb711c57 |
| SHA1 | 6e0fb0b8ec9963a545a7d15cc4b1efb648ce6ffa |
| SHA256 | c9fd005280651ccaf2793fe3da6a31699a743cf80a088617b789d3f13eb686df |
| SHA512 | 3d41ad4f06501a9cb0a139ffdf9ee3b72574ad08c1ffc2fa3a6884d3972c6569dfc04a5e9bed74b74796e855cb38b41076937e6b5eb7e1ab598b0b976719d583 |
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | 505ef09226fa36a82bd46dd58342a9f4 |
| SHA1 | 194556a7b370da2d3f288fd2a001171e9409d280 |
| SHA256 | ecce11e63954fc5b7f051b7ad5a1e208f050d07991b37576b19e00b49368483c |
| SHA512 | 62edf1be4f3a421f917b15875a4a76be32cf686bdf7b126b29537365d78916fa5543f81029e63bef27d36f5a84b270d42b2aba259c7f9eb045aa8a43fb994d91 |
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | 631fb45ff3317ea2c0bc7a404809597f |
| SHA1 | 7f6a85a77cc0dce8a3252814da98aca6d3a24ea7 |
| SHA256 | da03c338156dcfea475fe52c8a3d7b879ab0ca17f63adf3fe30c8828ae9c54b7 |
| SHA512 | cd4be2ba4b0398cd4c7065929a44b6293ad07ea2aeedddaae5a3d3a8cc90b2a35f616d576ee9a6a29a9b0f3bbb63334891c56f13fa6ea6101d8a7dd69e5f6994 |
memory/4848-81-0x0000000000EA0000-0x000000000136F000-memory.dmp
memory/3996-82-0x0000000000530000-0x00000000009FF000-memory.dmp
memory/4848-78-0x0000000005880000-0x0000000005881000-memory.dmp
memory/4848-77-0x0000000005890000-0x0000000005891000-memory.dmp
memory/3996-84-0x0000000004F10000-0x0000000004F11000-memory.dmp
memory/3996-89-0x0000000004EF0000-0x0000000004EF1000-memory.dmp
memory/3996-88-0x0000000004EE0000-0x0000000004EE1000-memory.dmp
memory/3996-87-0x0000000004F40000-0x0000000004F41000-memory.dmp
memory/3996-86-0x0000000004F00000-0x0000000004F01000-memory.dmp
memory/3996-85-0x0000000004F20000-0x0000000004F21000-memory.dmp
memory/3996-83-0x0000000000530000-0x00000000009FF000-memory.dmp
memory/3996-91-0x0000000004F60000-0x0000000004F61000-memory.dmp
memory/3996-90-0x0000000004F70000-0x0000000004F71000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | 05e73dcacaee0d8f77d7f85d181230b9 |
| SHA1 | 6844dcb33287329f5095b21c84adc0ed8c236cdb |
| SHA256 | c90f413fbab865a724abdf2c10bd61272c630d9f4929de034a35b1d7260374ce |
| SHA512 | c4597da2adcaae081b95cedeb26398415d04650b0c73e665550e99e6f6570ec5b606a1a376262e49c00cb9f99a3c2a3aea64077aed1346e6d279f323f7083725 |
memory/5064-93-0x0000000000530000-0x00000000009FF000-memory.dmp
memory/5064-95-0x0000000004EA0000-0x0000000004EA1000-memory.dmp
memory/5064-100-0x0000000004E80000-0x0000000004E81000-memory.dmp
memory/5064-99-0x0000000004E90000-0x0000000004E91000-memory.dmp
memory/5064-98-0x0000000004E70000-0x0000000004E71000-memory.dmp
memory/5064-97-0x0000000004ED0000-0x0000000004ED1000-memory.dmp
memory/5064-96-0x0000000004EB0000-0x0000000004EB1000-memory.dmp
memory/5064-94-0x0000000000530000-0x00000000009FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1
| MD5 | d769ca0816a72bacb8b3205b4c652b4b |
| SHA1 | 4072df351635eb621feb19cc0f47f2953d761c59 |
| SHA256 | f4cc3a4606856fd811ecbcdf3fc89fa6418a1b3c8f56ca7ff5717713e8f806a2 |
| SHA512 | cf13fd667e71707d63d394391b508f5a1ee5ffa7ac27fe35906e15059e9fccc8ad61e91ce3ffd537e8daa0f6306d130997e9b448a4466407fa0c894917850b64 |
memory/948-110-0x0000000072E10000-0x00000000735C0000-memory.dmp
memory/948-113-0x0000000005840000-0x0000000005E68000-memory.dmp
memory/948-112-0x0000000005200000-0x0000000005210000-memory.dmp
memory/948-114-0x0000000005690000-0x00000000056B2000-memory.dmp
memory/948-116-0x0000000005EE0000-0x0000000005F46000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iqbynjie.z4z.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/948-126-0x0000000006100000-0x0000000006454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | 695dc6d67a0645e7405bc1f04e5b57f2 |
| SHA1 | 4a9e7a305bcded681948a9323eb2fd5e2634dfa0 |
| SHA256 | e13fc11cef76ee100e3e100bfb85405ba3333f2415c0582f605dad99662f28ba |
| SHA512 | 9ff62f7492bf7d901c59744c7ca55f4fb868c47451fc978fa4cdc49aa6f67b2ac8e9aaab1f94f8289463dcfe2b1e9930cbe4a5a8b631bc02a257f4d11c9d334c |
memory/764-128-0x0000000000EA0000-0x000000000136F000-memory.dmp
memory/948-130-0x0000000006580000-0x00000000065CC000-memory.dmp
memory/948-129-0x0000000006540000-0x000000000655E000-memory.dmp
memory/948-115-0x0000000005730000-0x0000000005796000-memory.dmp
memory/948-111-0x0000000005200000-0x0000000005210000-memory.dmp
memory/948-109-0x0000000002C20000-0x0000000002C56000-memory.dmp
memory/5064-131-0x0000000000530000-0x00000000009FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | 561bb9fc51e5a9e1494bd249c73d0dad |
| SHA1 | 4cb478d1ed0b0f209d20745e80d565b9f9c0f644 |
| SHA256 | 06a9e16f252a79e5799cf6b3a5267282e620985488dc8584d84826b1510f8cbd |
| SHA512 | 133e93f91ba4e5cdce5c1897d8befbdcbc36704813fff5bcb421ed15674b71d38bc02c5e789c24c0b909651b826bb4ae704412e1ce979aaeb9e17232c4966059 |
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | f005006055c95f166bfe932b259c94c3 |
| SHA1 | af0a831cd7b5689344a799f84d5784567a1d07d8 |
| SHA256 | 04404d6c3490d3f3b54c3f3ec303e97874f0f451c3288faa79797747786827fa |
| SHA512 | 62c297c6d0158750a2a8610edf893ed77c99f0ecedb79db0d5d485eebc4e5ec346b331676d7304591b4a708736ca3310d5c5ece79d530f240a4d27027d5f169e |
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | fdd3df7f096b785f22f290b9d86ce8fa |
| SHA1 | d4529ff693646025479366c29b6e1a8af61c0a80 |
| SHA256 | da41933c2b4c3b237c994c112381cea392f27fb24387f9ddef7922b3c19baf37 |
| SHA512 | 532cbaa4a0e0cc5fc02a51ac781cf3ddf5aa02623cbc9621a994d5d3fbdf99459d03977aad4c109e5954a5802ecf53624e1ec3206167df8f93b60025e3ab436c |
memory/764-154-0x0000000000EA0000-0x000000000136F000-memory.dmp
memory/948-158-0x0000000006AC0000-0x0000000006AE2000-memory.dmp
memory/764-157-0x0000000005720000-0x0000000005721000-memory.dmp
memory/764-162-0x0000000005750000-0x0000000005751000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0bd5c93de6441cd85df33f5858ead08c |
| SHA1 | c9e9a6c225ae958d5725537fac596b4d89ccb621 |
| SHA256 | 6e881c02306f0b1f4d926f77b32c57d4ba98db35a573562a017ae9e357fcb2d2 |
| SHA512 | 19073981f96ba488d87665cfa7ffc126b1b577865f36a53233f15d2773eabe5200a2a64874a3b180913ef95efdece3954169bdcb4232ee793670b100109f6ae2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4d6e17218d9a99976d1a14c6f6944c96 |
| SHA1 | 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f |
| SHA256 | 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93 |
| SHA512 | 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47 |
memory/764-160-0x0000000005700000-0x0000000005701000-memory.dmp
memory/948-156-0x0000000006A70000-0x0000000006A8A000-memory.dmp
\??\pipe\LOCAL\crashpad_2424_FWEJNMGJODNCDANU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | 5d10830fe2ddb95ee3bb047dada1821c |
| SHA1 | 02cda0ed8e5c8afa16bd6d0cb6b23684741332e0 |
| SHA256 | 4ed5337b14417f3cfefb318999146451c59c302d20b95a10fe597f12a6851678 |
| SHA512 | 529f1438080ac943981475d293660d4651323a0af081061de279f2dfc93f38f1e5558cf037d4f448960f3724cfea8e7c99b73e6da01de352b9c5b59a382caa0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | bc16ebe41a9fc2938c4060992a92b0af |
| SHA1 | 1719af3e339b187d984a76437eb80cae5dc50e6f |
| SHA256 | 5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae |
| SHA512 | c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c |
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | f95d69b2f2144f948bf42daade0ea12e |
| SHA1 | f62b22a395515498baefbd3a3620418e0427886b |
| SHA256 | 0ed2d983d93fc80a3774edaf2e1ee63c430f8e916cca3ade9bc28e876758cf8e |
| SHA512 | 3a0340ebfb8e1563f32b29b9627edb73118936da1f2f00bd41b73a59e175b0c0a557104382c0856ee088622f2861aa59a54ac3e5c2f3b8603f39aa23c83092ea |
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | 6fa8da75d989b56727453cf460e77c46 |
| SHA1 | 30586ee72af0f62244cdb463b50f69163179e95e |
| SHA256 | 0ac26a42010ecdc55a94c1ab54fe6d38159b9dd2a139b1304c514be20c7c0abd |
| SHA512 | d65eed44a18697d31adfd12b57c40997c0c52b3a19b5decc0b44d2c89d2b1d3ee252a947052f3d011a9c9f653000b9b576093c59d84901bf34c305617afc46c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b4d526418b5b75124d106cb30a267e0 |
| SHA1 | 126b56a63cbfe4e87c0ea9534ec61f829765174a |
| SHA256 | d0a750a383c0f5672f4dddbe91ff5d919f07867f93024245400c154af78768c4 |
| SHA512 | 00f805718f9c2f9029fd58c2f8795dddaf0163b14a7667df4ed84340baab12a0b6ed3ffa3051744738f501c4edb85552f93603012c65ed92395884e13848b7b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ef465290a2c0e5ecddae315fd858ffd8 |
| SHA1 | 2ecba805cabb3eaec623e503989c1d858e9362e1 |
| SHA256 | 50276f1c381fa3465a47cef172eb77ff098b413dd6d0ce54c0b0f15f67afa4e5 |
| SHA512 | cf5b7293bb9c90b2ca57b6eaac7b9f2cfca230041723e1ebfda96c61ace1929e910cbaadcec73467c80e7706188ee2e86374cad2ef8c93fe05ac16f28b6fa763 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 66db3b3b098fa9e518af9cc10c1d884c |
| SHA1 | 94418d0d1dbb3768c70f8c556c09caf499c03ba3 |
| SHA256 | 713469a881da2206d9876c9423cfdcc69cfb25c04f422068f18c2e23d8dd9d65 |
| SHA512 | 97cc997182d5a2e87de78390d797a86d429c75135fd22f9808e58c74e38f8cb748b6834dec7bc8fdd740ab0ee3a0d7210c18952c87485b0d9b3249687f1e455a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3e814cddc4c436d5cb8fef8ab6f823f5 |
| SHA1 | 3743f6b82240ba36f41ea3bc1b46f2bf5565bf5f |
| SHA256 | 4bac334c77c1ebea7f075ced5ec0c46cd88b33206d3c66c59d7af60a8412811d |
| SHA512 | 9e2f65227fb33111b7cf5cb63b8bf730eb69abede26f58c4d4dcf055bca20151fb25c1d0fe0fffca979c28f380b6d0d3f927ca5f0013f2594f2cb625bb3022a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe
| MD5 | f5c09daa74fe797208cb22477afd4d46 |
| SHA1 | 36f453453dd89d58b9217c602e9e9b3c74ff937c |
| SHA256 | 918d9f8f642de802278f7e1fde19239430d48173581426708af4219f14f90fc8 |
| SHA512 | 4bd80bffc88ff6d256a638c8333b5d687ae31229ae7d514c03c3c899cc29098daa570148682b3b20e2aaf2f3b8be4ce3c2fb6cfb55d837dc920d3ded8b1a4681 |
C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe
| MD5 | 19086035cfd0ee455bbb7b1888dfc57f |
| SHA1 | 5585249b0eb114075b0e783d922bda61cd12023d |
| SHA256 | 03eb9ff8bc35019837a5aae5cfe8a1b5728fd83d02f64eae5f86059cff5de7f7 |
| SHA512 | 451cbb62d8af110d35d326ad9badcc55c97f24d1d20cd900aeb32f0679d1b576df10a18ea161249218d49427dcb007591e4be4d359ea1d8a2c1027a2eeeb15ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0228409e8d7549ef6fde64078d8014dd |
| SHA1 | 3297f7a330a046ca70a088659fbc8bdf6064c35c |
| SHA256 | 194c9ab812f27f714299322818bc6f953573e528b52b9bcb0d5c1248c94cbe6a |
| SHA512 | bdd379332addd36fa14b678bd76fd516d69bb1d3c7269e717d6c5e6d107d4e730d85bc46da4195da9571a1f0a5414dcdd68b42b5dabb848fe5a51e550bed67c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 90b93981c63ca6de9efc648fc481ba46 |
| SHA1 | ba00a710bc6f8b0335ad318b3f57ec3950dd4647 |
| SHA256 | b6129189d39b662f3cbf862118786338ad2acd2047ad2e77ab461c2cd080c012 |
| SHA512 | 493b6a8069c4b2a75fb8e0e9ec323a6c6bd74411ca2b4d8e9263815c71d26925af9d314e3ea1ed24cf0df6a4c05690f9bd8deafb1759cc2def082290c09e326e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 557a542cf9ddf3a3b38aafa5fb2569cd |
| SHA1 | 79fa5d7fccca11ab2c623245949fcc0ca6f100c1 |
| SHA256 | 77bf90c51697bc3872bac2ec54f1c0e54e7f3496689d61e52738bffc92bf95df |
| SHA512 | f35a18dcb8b0d47a605f2bad10a91826837ab5bee49a8f436db8b0a6fe9cce4c65155951736b469319e202090d2b089a1ed497ddc6192ffa541d91e06e3266a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\99f58a2e-2d4b-4318-95ba-1314f516e107
| MD5 | 2b80cdc5770fadacfbd4e8857997faf9 |
| SHA1 | 0e29cb6d97227ff22f21938752d6f299586f9a5f |
| SHA256 | e440991e07941d2a92ef17d8c3d32ad58be5df573f04e5449a673b3093ea6e6d |
| SHA512 | 033e6bcdbddc9ed0a038d4f646bf19d8d63c84fb38d66ba59707ef0557831c95ed3806052fa969c20fe46679e2f48397cdca30ce59848b5c4e3094aff0110ce4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 8549c255650427d618ef18b14dfd2b56 |
| SHA1 | 8272585186777b344db3960df62b00f570d247f6 |
| SHA256 | 40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13 |
| SHA512 | e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c |
C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe
| MD5 | 90a5919041dc84274e341fe5abf0532d |
| SHA1 | 5332d598fc82bc538e091baeafa0c33a77eb6be8 |
| SHA256 | bf0d63ed2a88e9fd6714f4440d40a7f22ecc7ece409df19af5425988ef9cd4bf |
| SHA512 | 3c65022175f0ebdc1e016b4d850befabc5de7766ab103bb3854a1a8b93a5f99f5d6909cf3b21557bf73bcb093ff5c51e77d0b4982a81e5650e0acc7be68da635 |
memory/3996-516-0x0000000000530000-0x00000000009FF000-memory.dmp
memory/764-155-0x0000000005710000-0x0000000005711000-memory.dmp
memory/948-153-0x0000000007730000-0x00000000077C6000-memory.dmp
memory/3996-152-0x0000000000530000-0x00000000009FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe
| MD5 | 4a1148611fdc335601447fa9abbb867a |
| SHA1 | 6b22f1867befed124662d3b9707022f56d371e04 |
| SHA256 | 40aec5bc226f1083a2250800987db2c8bca5655dcf11db0a95e0c395221c5404 |
| SHA512 | d3610d095fbcd3b8f0a250e2fd985c8c253555434d624c7b77ff968b7ac98db3d4a9543e62b4a32b9862817587522de49552806109dd139a0da64b8472e361a5 |
memory/9956-591-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 1e6cf131c43b6bcf9630814ea2c510fe |
| SHA1 | d988668ccec30258c81886d0e579794f538d4394 |
| SHA256 | fdbffa21b325a9e3af2d1561001a0362319c29f2828dde9c8fb4591e67a62f4e |
| SHA512 | fde77d8b6158cc3143fd89d4f5836f2455642866f059ae823f36eb63aa036c68258d869d50f2ad4c961a8671a5dbae31ee0fa9653bad4f2940915332271e53fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2dbc966588e70e21f00f96749e330f9b |
| SHA1 | bfc77e7f87c521132d0ec1f2dec60a3ef1c21d2f |
| SHA256 | 7de512cc3492efd519dd7c11095414454c4c93291a89942e898ba4c80738becc |
| SHA512 | 403cfd68c8a0e1f39448b124f4de452acb5af354b7d25288b2854e42474edd787c72d9fbc5ae38da65160b618f7f4fcc1d0d0c59c876b29dd536fe5456b32f77 |
C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe
| MD5 | 34ea8aa6f5dbba51dc6ff0fe4849b664 |
| SHA1 | ecc262b6059c87244c64097bbab99eb83f2bdf68 |
| SHA256 | bcb04063557894cf25059b3ab32d4daad852ba3e20d75f4a39d915ebd83b06d5 |
| SHA512 | 96a08b847a1883e2c3c386ff34c1fb461008676a2ac212a8131e2e3fde9b56050c7c2dbdc2c1f0996ef58cbcf63da2d293735ece8afd7ccd11d55d2361925d80 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 90fdde078ad99c8ccdb2743fa720442f |
| SHA1 | a64f788d860bb22632c0f724bff0e6069f05f7e2 |
| SHA256 | 707875438614eec9e35614e3fe79995c82821cf5668bac35c4bfba6a534be7a2 |
| SHA512 | f050958dab5fa3012107680e1d925247ef7db1f1245a1bb0624751b48c6d3f7f8e2dd83c2d93a2562aac5294a6fe01b194db3bf65c687a62c1a2b698b949eff3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 02a77c93001e41241399d1ed9965ae93 |
| SHA1 | 7eaa51c7e6e2f8c40805ea4c7a3dace13f5d58a9 |
| SHA256 | 45abada96ab16d84b1c166bf22d9950f08b9288469a1ed100583e068cee491b8 |
| SHA512 | 108254e8604dd4cbd7e2bf28eddcd9aee52aed63d07539eed07ce1f1fb1e754e6f8000e106d182e690ff2c80f0b84e44d85d20726e0328fdda52ad87199437a7 |
memory/9648-693-0x0000000000400000-0x0000000000442000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 64c606b6684c6026cfbcafb2d3959dd0 |
| SHA1 | 434c5299843831f42268b6d5fcc3b7b096944267 |
| SHA256 | 8eb2b5605f849ae81b34ab90464dfd888427df29b56a511201d63619c7186dca |
| SHA512 | 53a629017e52b731e541b595d29a07d79e4c329c07b3ffdde04bfdb060470f408106adbe98836384bf423c34d579d54ced12bd10b25e9a1a7e73def4d1270200 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5819cf47e522719f1f3a4d2d0cf4434e |
| SHA1 | 25b8b1bea3570f4ad4556031155f9c0c77ade099 |
| SHA256 | a3e7a7a531322df83e63e7477b54ee8d80a9161555a20db2654f21f9cc1185a7 |
| SHA512 | 4762cd9e3f6ad2a1e7ea011d99fa486b2bdc66d22407585022d3e9f03ae40ea8f18387c3feafd0c84a7159dd074d9023a2bfd719b12e017eb517b135fd328817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | c2ef1d773c3f6f230cedf469f7e34059 |
| SHA1 | e410764405adcfead3338c8d0b29371fd1a3f292 |
| SHA256 | 185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521 |
| SHA512 | 2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549 |
memory/6712-747-0x0000000000BB0000-0x000000000113E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe
| MD5 | 73ec935b01879ed09e99c74751bb132e |
| SHA1 | db1cee88c1657c21fbde7beef300c72dedb373f2 |
| SHA256 | 7cd702ffc60c728fb46e272c7ba9d35e9c0cc917a3f9641faf69874926eb61fa |
| SHA512 | 6a22f6fd3e294ee1441d8a467f60bc2a97a0dd3b5f55f054a7b5d1df2c1d2d4eff2064d592514e41e05f2f53d2fcfb77b1bbab808797a78dea6fe6bd86333a89 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js
| MD5 | 5baef839ad863ecfecc6d8cca8125643 |
| SHA1 | a5ffdd22c0ee2d0251ae922aac823b7464ed783d |
| SHA256 | b19f7909d6a723d6212e7051a3dd1242184063031117900b3f0d1be06391f2df |
| SHA512 | 8a144dcdb494a4358128382f35b3d4403b7d1d6bfeeb9b553de932b1a121c5b1f119ea050d5b4662edf263d837ab1f9d587a2844fba73ab764954fd98e71bd32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13e1355d7a2e4433db473fe728cc928f |
| SHA1 | cd7a801654dc13b8e3f73ad18c4f190532c8b8da |
| SHA256 | 26b7075d8114525fe6fb4f15e0a5a50ba0417f3297adfdf5e8cf53237a569a98 |
| SHA512 | 3aab0cc9b7e928014e0dbdd72b9048390fd470519e931c2ac7730bddebff67a580052f6ed7a37272c3b06722cff3c71edef770c727e6d96d56ef66f5da2f094d |
C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe
| MD5 | c952f93c8c8f825093f1696918f2b880 |
| SHA1 | bd4ce37676dbdaec14f2f62e0e772868b6127583 |
| SHA256 | 8db5ab83c129cf0e6eda8aaafd9affc48cc961871139a9524145a4d77bf9705d |
| SHA512 | ee8ef5d7935c35bb112c255e6e7a258b276feb594a162b003918a9ca596302be13616d1cacdc73691ca868e6bba2f144f386e855cd19c7770b126f35c095ab3e |
C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
| MD5 | 18c90c32b65fcf0be2c29f5c74399c60 |
| SHA1 | 7db694f61f9655cd1926312a9263cc86cceecc7c |
| SHA256 | 2af342c0eba6729528e71f57feac146fe9505e5d3100fa0d6dee0557ad36fd02 |
| SHA512 | 1eadd18974d46c382901427a44f1d4b5df57a3031ac00ec75a9c8e230217c345c64f7e415ed8a67c710355969dfcd0db1e11d383cc2c949c1c9c2db61f49f1e4 |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | 5bf7e4d63d0d5484c34cfc3b69d64160 |
| SHA1 | bd6795a77b99c75dac8b48c10e70dbd3dad577a7 |
| SHA256 | 8d9de383e87838472c5b9a308401aa9248b5b0c6de6e13c87e6941e37f035087 |
| SHA512 | 823a02d5ab187d70db898cb3c9efccf559dd1810dcf41e73c321a8f03f370fa5d1e04243af7adde9fe98149a335dabf03609d8f90e2b19a64c67f8513779bea2 |
C:\Users\Admin\AppData\Local\Temp\rty25.exe
| MD5 | c77c9596b5fb64e03ab6d05488912e5e |
| SHA1 | 78b4bc03aebf37f34da73ecad0edb4f804c2ae57 |
| SHA256 | 7e820572df291b20f0564bc8344fa8b13ff6132467386980642a487ca149ecf8 |
| SHA512 | 8c575d1c149d125adf4c07fd96fd8ed186b9483f720fec5f891a8afe9aab1cd7fbc5d1adbcdfa1bbfc64c51c7f8c57b21330e8f6cf14d7b7e748da16afb24079 |
C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe
| MD5 | 982aa1688e29cedfd2432ed2bd74f0f6 |
| SHA1 | b8d3321323114c5248565b5a7648cb93c9e11efd |
| SHA256 | 99ebc7010d74b3c98908f83a81a9bf31c99597437d74b44056fc5eabde14caa2 |
| SHA512 | 3c00cb894f9bd02e59f001eeb98bf61bf4e11910d9e74ad4df83b43a98fbe9b2ba3d9cea389a473c824e7769b46798ca8008909251e7ac8620584ca484ea4de8 |
memory/3996-881-0x0000000000530000-0x00000000009FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\AppData\Local\Temp\u6zs.0.exe
| MD5 | 391a2ee96a473578a0545576bf1562c6 |
| SHA1 | b1f0cd53e00c191f5d403c33674b9a6be47dc7d4 |
| SHA256 | 6137a024d3889b6ddab004279321339ad8f070aac94126c19851f80c9ea55290 |
| SHA512 | 618be4fb77fee054087181cb388f88aec7c48e42b4c914a3fc3354406810154aed306c3ca54ae7c28bf38d616cd7c5577f501f5a61e41cefb3214caa3f6451b0 |
C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe
| MD5 | 156ea0c2f89a242d9611843d2eccd725 |
| SHA1 | 40e37fe89ddcb145c0e5a181711c082cdd0da2a5 |
| SHA256 | 8f0f32b4d597772e99d506ec15a563871b80e342a0cf298ce2e4589b59de44dd |
| SHA512 | d38703a2991c17ca5ba92506e29e82019bf644984728dbd06586adfb6b06f1eed11892111c1da95d5b19697e302a16559ea7f882bdac2dbc5f1bb64991c528a2 |
memory/9908-956-0x00000000007A0000-0x0000000000C80000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 958359a271a65976ffdad1c8d0fb3bf3 |
| SHA1 | 7ae758ac9f0cc2a79297f51217f7687c39edd01e |
| SHA256 | 3b030a4a1924e630409e6f153006f321f903b9d41e05caab3d4246865fbf0f42 |
| SHA512 | 46e1b7349531b4addb4a189705ee0544d55556a20cfb55460b3f45922d77629c17c83ffbfc30556693bae84a0e2cd834f84f9bed30f3445458b7026ddc50674e |
C:\Users\Admin\AppData\Local\Temp\u6zs.1.exe
| MD5 | da4e28b8c81f61f5f9b0a5a72879a89f |
| SHA1 | c76a3dc54ecae665ff674f620f420789d021e9a6 |
| SHA256 | 94df8194ceeefcfc68264b2895251eed009cec290c8a24ef9a50c52e65208566 |
| SHA512 | fa22e455a8d2b176d68a144e6871e4d3b69ff3b96c2a7f5343d5093fd89d456fee24e8ad1160c3883248c2961652e03cccfa123bbdc1a7d425130e6a59073885 |
memory/9064-1000-0x0000000000400000-0x0000000000478000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe
| MD5 | 354b58dc470de58630bc6fbeb4c971e3 |
| SHA1 | ae5d1216033ab1b8534fabb241d0147aeebdb8d9 |
| SHA256 | b03023db1b8b80154effdcaf22665a530d1e266558b400cab03b1843e52f4ee6 |
| SHA512 | 1386854166aafb84881b7a62ea20c22d4bd02f67536be897bd248218125193f993303a9b35be0bd350ae34c4a2a321ef6e6b93f80d250c654a671d78e1db997c |
memory/5876-1026-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/5392-1042-0x0000000000400000-0x000000000048A000-memory.dmp
memory/5392-1050-0x0000000000400000-0x000000000048A000-memory.dmp
memory/3496-1073-0x0000000002D80000-0x0000000002D96000-memory.dmp
memory/5028-1087-0x0000000000400000-0x000000000044A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe
| MD5 | 828e886e326dc9d60c6f7f854033b6b8 |
| SHA1 | f3558b441ea4ed58b498880daaef534188b53f2e |
| SHA256 | b656ddd87f76910df149e32a532f00bdad18d8317f25c765e5a2c0374e58f9ea |
| SHA512 | 712f31ccc7643c61472f45b787dc17f715e803177bbb0b1371b359c3809694f4e74e2206bd2d3144ca1a355411f3848ff1cf44ec6a00d1556dee42e98674d360 |
memory/6712-1119-0x0000000000BB0000-0x000000000113E000-memory.dmp
memory/4284-1131-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1123-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1133-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1139-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1137-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1141-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1143-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1145-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1149-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1153-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1151-0x0000000005730000-0x00000000058D5000-memory.dmp
memory/4284-1147-0x0000000005730000-0x00000000058D5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe
| MD5 | 8b6b30a99dc327b2f05f43a5d4239802 |
| SHA1 | 7e1d83b9ea47dc81d6f4e1878bd56ccd0d872c06 |
| SHA256 | 0cddbf55262af00c56c7c383c9614a49ae7d6955c796ee96e7edaf389c67f2c5 |
| SHA512 | 165e9aa7b0c597dcdc1863957da0ee2ab94e584a0705d8e953f487cfec15d49b0fca731437773e654c69d0a67f719617223de3644bf219a3fe360668b821c74d |
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
| MD5 | 066ca30d992d63f415a12672592f2fbb |
| SHA1 | 2c283bc9b28f192b43f0df7bb9c05ee2d4c731ce |
| SHA256 | da00c564f5d5b72e8e86c352694607fb4e772a358486ab921c80d0fa83578bab |
| SHA512 | dffc36b69ca2a5af767e034164d2542296703b9d9d125957b50250e957cac907dd66cd06558b2822bbdf2c544076cb36b82580cf9e2123f50af49ad552cb3ff7 |
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
| MD5 | 5ea776e43112b097b024104d6319b6dc |
| SHA1 | abd48a2ec2163a85fc71be96914b73f3abef994c |
| SHA256 | cf650d13eea100a691f7f8f64674189a9c13d7948e31468963e10a23726dc341 |
| SHA512 | 83667045b7da8596fad90320880d8d7c83f71a1f043d73f7b68a0ad948ae2e530a753d5c7943a096a307e696f8d9fa433025b30078af6d4530d1a2f2a4b12ed2 |
C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe
| MD5 | 87579f13b80cc00af83b1555dc3aeaf5 |
| SHA1 | e046e0e3c2791baee896ec8a3b443067cb227928 |
| SHA256 | b83e794befa6f462e4936a1bc8a2b9fd073e5bf03d82d3379720faf33730cc35 |
| SHA512 | 77d4ee856e397fea20b20a5982d88b2739d7184a923f977882e5f236b6b67767a5c25ce3118072471c5f8a25f4dbc0f39d3d68dc8f69de6cbd5dc5967e21845f |
C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe
| MD5 | 716ee37fc543de9617179d1a8313642a |
| SHA1 | 762f61d59ac5164bccc7e7cb3d6c6f0069be5538 |
| SHA256 | 5cc56099110950178bbfc060bc949cf9dd857e2cc98f0eabd23482f14c0de07d |
| SHA512 | a4cda86bc425ea05660dc57a26ac034baadb9d09fd83c040db11bf918949eac380998566110f2e4c9e4253c58e89a701b0a04521c49dee6ba49c397b8cfd2004 |
C:\ProgramData\mozglue.dll
| MD5 | ef919390985840323767278f54d55b62 |
| SHA1 | 5675230a87a23b2e6f0ec08d16eee200ed308994 |
| SHA256 | a4f619a784b903541cdc5d73ff471d73ac44201805d41ae02b6e81c22726b26d |
| SHA512 | 1c1d2c1fd1b84e74ab875c23c20fe9260f53218ef3f1190419bc3418201f5d503bf546b89a4158fc77a63e97735670b63f0628bad6aa0e5070ede2d49277a5f4 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll
| MD5 | f35b671fda2603ec30ace10946f11a90 |
| SHA1 | 059ad6b06559d4db581b1879e709f32f80850872 |
| SHA256 | 83e3df5bec15d5333935bea8b719a6d677e2fb3dc1cf9e18e7b82fd0438285c7 |
| SHA512 | b5fa27d08c64727cef7fdda5e68054a4359cd697df50d70d1d90da583195959a139066a6214531bbc5f20cd4f9bc1ca3e4244396547381291a6a1d2df9cf8705 |
C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll
| MD5 | 154c3f1334dd435f562672f2664fea6b |
| SHA1 | 51dd25e2ba98b8546de163b8f26e2972a90c2c79 |
| SHA256 | 5f431129f97f3d56929f1e5584819e091bd6c854d7e18503074737fc6d79e33f |
| SHA512 | 1bca69bbcdb7ecd418769e9d4befc458f9f8e3cee81feb7316bb61e189e2904f4431e4cc7d291e179a5dec441b959d428d8e433f579036f763bbad6460222841 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-06 01:33
Reported
2024-02-06 01:36
Platform
win7-20231215-en
Max time kernel
2s
Max time network
150s
Command Line
Signatures
Amadey
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2272 wrote to memory of 2704 | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe |
| PID 2272 wrote to memory of 2704 | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe |
| PID 2272 wrote to memory of 2704 | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe |
| PID 2272 wrote to memory of 2704 | N/A | C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe | C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe
"C:\Users\Admin\AppData\Local\Temp\5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe
"C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k "taskkill /f /im "explorhe.exe" && timeout 1 && del "explorhe.exe" && ren cbfcbf explorhe.exe && C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe && Exit"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "explorhe.exe"
C:\Windows\SysWOW64\timeout.exe
timeout 1
C:\Windows\system32\taskeng.exe
taskeng.exe {5CB6C6F5-5DB3-4A5F-ADB8-866F3A7CF289} S-1-5-21-3308111660-3636268597-2291490419-1000:JUBFGPHD\Admin:Interactive:[1]
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
"C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe"
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
"C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe"
C:\Users\Admin\AppData\Local\Temp\1000019001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000019001\leg221.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1"
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
"C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/video
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/login
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
"C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6919758,0x7fef6919768,0x7fef6919778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2052 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2060 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe
"C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.linkedin.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2860 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6919758,0x7fef6919768,0x7fef6919778
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2864 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6919758,0x7fef6919768,0x7fef6919778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3460 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.0.483994247\1504771651" -parentBuildID 20221007134813 -prefsHandle 1168 -prefMapHandle 1160 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ddbec95-336c-405e-be25-a193e23b0bf0} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1304 102d5558 gpu
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe
"C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6919758,0x7fef6919768,0x7fef6919778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1144 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.1.689836615\1716085611" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc087bfd-9239-420a-b2fa-019bc309b244} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1496 f4ed058 socket
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3596 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.2.40340722\866276406" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dfab82c-1613-48ec-9414-89fa104fe05f} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2104 19990858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.3.732219762\945432769" -childID 2 -isForBrowser -prefsHandle 1964 -prefMapHandle 1792 -prefsLen 21689 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e25208a4-5cc9-4fae-98fd-8968856bf7b0} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2016 d62b58 tab
C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe
"C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe"
C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe
"C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.4.954640484\1885381513" -childID 3 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 21689 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98a1bbc5-3e8b-4efb-8a09-17eb21314358} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2724 1ab37858 tab
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.5.249623073\90482466" -childID 4 -isForBrowser -prefsHandle 2752 -prefMapHandle 2740 -prefsLen 21689 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {072b45f1-680e-46bc-b4c5-55a39be87187} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2836 1bdbe858 tab
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4220 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:8
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.6.13730702\627294238" -childID 5 -isForBrowser -prefsHandle 3440 -prefMapHandle 3436 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2019c49c-b2b5-412e-be32-ef6716773f43} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 3452 1d03a958 tab
C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe
"C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup_nine.exe"
C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe
"C:\Users\Admin\AppData\Local\Temp\1000055001\RDX.exe"
C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
"C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"
C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe"
C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe"
C:\Users\Admin\AppData\Local\Temp\rty25.exe
"C:\Users\Admin\AppData\Local\Temp\rty25.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe
"C:\Users\Admin\AppData\Local\Temp\1000058001\alex.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.7.1716002336\513629790" -childID 6 -isForBrowser -prefsHandle 4180 -prefMapHandle 4016 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e9e57b8-7c8b-4554-b572-7f3c3a492f58} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4192 1eef2b58 tab
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "ACULXOBT"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 592
C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe
"C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "ACULXOBT" binpath= "C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "ACULXOBT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4760 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4876 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Windows\explorer.exe
explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5008 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4664 --field-trial-handle=1128,i,3856922413345853458,2101642175816423645,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\u3c4.0.exe
"C:\Users\Admin\AppData\Local\Temp\u3c4.0.exe"
C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe
"C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe"
C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe
C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe
"C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6919758,0x7fef6919768,0x7fef6919778
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6919758,0x7fef6919768,0x7fef6919778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6919758,0x7fef6919768,0x7fef6919778
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 96
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 604
C:\Users\Admin\AppData\Local\Temp\u3c4.1.exe
"C:\Users\Admin\AppData\Local\Temp\u3c4.1.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\308111660363_Desktop.zip' -CompressionLevel Optimal
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.8.1002236170\1194091976" -childID 7 -isForBrowser -prefsHandle 1988 -prefMapHandle 1996 -prefsLen 26905 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c24df5f7-33f3-47b5-bec5-26dd3ca17db3} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 3384 1ce7ab58 tab
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.9.85250400\1665915650" -childID 8 -isForBrowser -prefsHandle 3036 -prefMapHandle 3048 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31c54443-1d0f-4ad6-89fd-237b4c68d94f} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1052 102d2858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.10.1330194650\1303596237" -childID 9 -isForBrowser -prefsHandle 4496 -prefMapHandle 3196 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e6d6cbb-c79d-4400-9c03-46cec2d2eb50} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4488 19a6fe58 tab
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x580
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| FI | 109.107.182.3:80 | 109.107.182.3 | tcp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| FI | 109.107.182.3:80 | 109.107.182.3 | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| NL | 80.79.4.61:18236 | tcp | |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 13.107.42.14:443 | l-0005.l-msedge.net | tcp |
| GB | 142.250.178.14:443 | youtube-ui.l.google.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 44.227.167.82:443 | shavar.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | static.licdn.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.14:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | static.licdn.com | udp |
| US | 8.8.8.8:53 | static.licdn.com | udp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| NL | 45.15.156.209:40481 | tcp | |
| NL | 94.156.67.230:13781 | tcp | |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | udp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| GB | 163.70.147.35:443 | facebook.com | tcp |
| GB | 163.70.147.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.155:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-1gi7znek.gvt1.com | udp |
| CH | 74.125.108.201:443 | r4---sn-1gi7znek.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-1gi7znek.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-1gi7znek.gvt1.com | udp |
| CH | 74.125.108.201:443 | r4.sn-1gi7znek.gvt1.com | udp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| NL | 94.156.67.230:13781 | tcp | |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | ponf.linkedin.com | udp |
| US | 8.8.8.8:53 | ponf.linkedin.com | udp |
| CH | 172.217.168.67:443 | beacons.gcp.gvt2.com | tcp |
| CH | 172.217.168.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | ponf.linkedin.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 144.2.9.1:443 | ponf.linkedin.com | tcp |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| GB | 172.217.16.238:443 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| CH | 172.217.168.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 94.156.67.230:13781 | tcp | |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 94.156.67.230:13781 | tcp | |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | static.licdn.com | udp |
Files
memory/2272-1-0x0000000000120000-0x0000000000528000-memory.dmp
memory/2272-2-0x0000000000120000-0x0000000000528000-memory.dmp
memory/2272-4-0x00000000006D0000-0x00000000006D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | 7ced1bb243ed005bb0abdce463e8ce7b |
| SHA1 | 5866fd17dae054b91483ff7d6cc0b6096b507fe8 |
| SHA256 | 5ec0957697ef3692607bc8a8d00bdad0ff86c129ead5fb698c035f4d6b47c69c |
| SHA512 | 915794531d829e050146e1b893c826fd75fb2b2677d8dc21c38ceaa26f28c67bf5e50524e057d5c54899dba5895e979ebcdd3c4372fd797cb558d8cb9b8321e8 |
memory/2272-16-0x0000000004970000-0x0000000004D78000-memory.dmp
memory/2704-19-0x0000000000B90000-0x0000000000F98000-memory.dmp
memory/2704-20-0x0000000000B90000-0x0000000000F98000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | 7111602f267440dda877002924871f8b |
| SHA1 | 61d1748a53257c701355a459aface2bf01899162 |
| SHA256 | 16d813f787ec367936678e38db7a5589a1da13e04126de67ce190c7b0e1a1bfa |
| SHA512 | f31ddee0dd381868857ace70e8b9f09805cbce994fd1b6f3d6dd31468639799ed63c55ad0e024b23b7c2c559f49eba80aa7e5f7264793edacd8edb20a5033df3 |
memory/2272-15-0x0000000000120000-0x0000000000528000-memory.dmp
\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | b5caf29fb36c8ef803822539a78b8787 |
| SHA1 | 17afa77adacf90667eeb94ac2746abf77de3588f |
| SHA256 | 75a24250c876e854cea38f73d64054e06e3a28d230e234bb073f533bf974ffd9 |
| SHA512 | 55169a418711f3772e9b1a7c983e71aae07dba72be0ad7d8c13f4cbb5a65ccdc4fe296b58546253d3078d6d2171b0529a0894c1bd780034acb8f8c187bbdfa13 |
\??\c:\users\admin\appdata\local\temp\F59E91F8
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe
| MD5 | aabdedcc858d75de2d067b4ee4d7b472 |
| SHA1 | 1b7f94318e28e2057eaa3ade7203f9ccbc46c7e6 |
| SHA256 | f04c7235be5186e8d8d98b08d0fca68d736359a4a66b8125e258d0674845380e |
| SHA512 | cd256aa0b0d131d242c064761fb618772d4a4226575127bc60b84bb584fc438da1b546497d6138ede948b9f4032724f18f695956aedf0136b6c878ea6c50cabe |
memory/2704-40-0x00000000049E0000-0x0000000004EAF000-memory.dmp
memory/2704-42-0x00000000049E0000-0x0000000004EAF000-memory.dmp
memory/2596-43-0x00000000011E0000-0x00000000016AF000-memory.dmp
memory/2596-53-0x0000000077270000-0x0000000077272000-memory.dmp
memory/2596-54-0x00000000011E0000-0x00000000016AF000-memory.dmp
memory/2596-57-0x0000000000C60000-0x0000000000C61000-memory.dmp
memory/2596-56-0x0000000000CE0000-0x0000000000CE1000-memory.dmp
memory/2596-60-0x0000000000CB0000-0x0000000000CB1000-memory.dmp
memory/2596-59-0x0000000000910000-0x0000000000911000-memory.dmp
memory/2596-64-0x00000000009C0000-0x00000000009C1000-memory.dmp
memory/2596-65-0x0000000000A60000-0x0000000000A61000-memory.dmp
memory/2596-63-0x0000000000C10000-0x0000000000C11000-memory.dmp
memory/2596-62-0x0000000000C00000-0x0000000000C01000-memory.dmp
memory/2596-61-0x00000000009D0000-0x00000000009D1000-memory.dmp
memory/2596-58-0x0000000000E50000-0x0000000000E51000-memory.dmp
memory/2596-55-0x0000000000CC0000-0x0000000000CC1000-memory.dmp
memory/2704-66-0x0000000000B90000-0x0000000000F98000-memory.dmp
memory/2596-67-0x0000000000BF0000-0x0000000000BF1000-memory.dmp
memory/2596-68-0x0000000000E70000-0x0000000000E71000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\cbfcbf
| MD5 | 01b5a74e1ba5429e94d28c0746d80ff2 |
| SHA1 | 063ac7c8c3cf2bc49e47d5acb04f792b48d99638 |
| SHA256 | 915489d14132a7a27d2c1dfab930caf7688d7cd8c4e4b45a0adec82fb135ad6f |
| SHA512 | 1eeffe663d5736c3cd2a30616cf8ce2e4d74e9c1a5fb66adffdd59e8dd0a88e31403754c3e37492d3f76cf01ac378701d21cc3a9786129e59e839ccba84d4a45 |
memory/2596-73-0x0000000000F80000-0x0000000000F81000-memory.dmp
\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | 90cf9c15e385d2de8888ed763f7818b0 |
| SHA1 | 71a6d587efdbc37730d64ecb84437b9c39fe8c56 |
| SHA256 | 2c8dce0616888e841c272a2b45fd94dd2b08573e71593d28cb70d52b37f85f8f |
| SHA512 | 2c05e9bac932c3bb24c9c5b41da33a13d3784ae7d13f69b69b09d82f4ba2643c88a43f01fda9af53578cadd88d0d30e2c00cb3594ac52c097084e0d434c70430 |
memory/2596-77-0x00000000011E0000-0x00000000016AF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000958001\amert.exe
| MD5 | 497e8ad1f20ef80774226fe113debf56 |
| SHA1 | 45ffcf3156516019b3f58a25ec786fa823b6852b |
| SHA256 | 0a8065cd77e91bbcbd8ca3ba5ed77fa807c5a3159b36d7b5ae56093df3a732dc |
| SHA512 | fb1c4128e8f7e8d781f2efd7fed37dac965a2197901b277cb82fcb185c960c4d67e1f33841e43dd45f1d653ad0aaf45a62a84c06941c8896f71a4131e3605705 |
memory/2008-81-0x0000000002140000-0x000000000260F000-memory.dmp
memory/2596-71-0x00000000009A0000-0x00000000009A1000-memory.dmp
\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | 16d63fdae1fe5b462afdf28698d8e015 |
| SHA1 | 30f68d25f658bf39fb264102394ee0b7fe0498fa |
| SHA256 | edd5d948fd7ff62acfa5bf217054b75ef2d1f7802aa45a7048539db6d988bd8f |
| SHA512 | 7b241d4db7309d61265c6ca6dfc0f46a2cbdffa78e3d0362dc2389e37276d501b42d882f23d99246f8236184605f45801bb99e35f3e40cb623c0cd8cdc187b06 |
memory/572-82-0x0000000000A00000-0x0000000000ECF000-memory.dmp
memory/2008-83-0x0000000002140000-0x000000000260F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | ee50a01d0d664f827a12c5153b3aa5fa |
| SHA1 | aeb6e581929a5be833a6bef6b22fff8fdc799f99 |
| SHA256 | 55efbc5dd534f0479d11179d4bd680c4177c1cf0cdc69b4d88da7447a2cea17b |
| SHA512 | 9d826869a95c3a58fd98f9c0ede9841573d6c29437a71b2009e7adbee886c7ee1fb94c5ec5bceecd9fa1ca4f666c126eb4c9731f0b0801b0b0fc4e659f737732 |
memory/1716-85-0x0000000000A00000-0x0000000000ECF000-memory.dmp
memory/572-86-0x0000000000A00000-0x0000000000ECF000-memory.dmp
memory/572-87-0x0000000002390000-0x0000000002391000-memory.dmp
memory/572-88-0x00000000023B0000-0x00000000023B1000-memory.dmp
memory/572-89-0x0000000002320000-0x0000000002321000-memory.dmp
memory/572-90-0x00000000023F0000-0x00000000023F1000-memory.dmp
memory/572-91-0x0000000000910000-0x0000000000911000-memory.dmp
memory/572-92-0x0000000002340000-0x0000000002341000-memory.dmp
memory/572-93-0x00000000022E0000-0x00000000022E1000-memory.dmp
memory/572-94-0x0000000002310000-0x0000000002311000-memory.dmp
memory/572-95-0x0000000002330000-0x0000000002331000-memory.dmp
memory/572-97-0x00000000022D0000-0x00000000022D1000-memory.dmp
memory/572-98-0x00000000022F0000-0x00000000022F1000-memory.dmp
memory/572-96-0x00000000023E0000-0x00000000023E1000-memory.dmp
memory/1716-99-0x0000000000A00000-0x0000000000ECF000-memory.dmp
memory/1716-101-0x00000000026B0000-0x00000000026B1000-memory.dmp
memory/1716-102-0x0000000002520000-0x0000000002521000-memory.dmp
memory/1716-103-0x0000000002770000-0x0000000002771000-memory.dmp
memory/1716-105-0x0000000002680000-0x0000000002681000-memory.dmp
memory/1716-104-0x0000000000560000-0x0000000000561000-memory.dmp
memory/1716-106-0x00000000005E0000-0x00000000005E1000-memory.dmp
memory/1716-100-0x0000000002690000-0x0000000002691000-memory.dmp
memory/1716-107-0x0000000002410000-0x0000000002411000-memory.dmp
memory/1716-112-0x00000000009A0000-0x00000000009A1000-memory.dmp
memory/1716-111-0x0000000000590000-0x0000000000591000-memory.dmp
memory/1716-110-0x0000000002720000-0x0000000002721000-memory.dmp
C:\Windows\Tasks\explorgu.job
| MD5 | b95754080cadf42df76a467de180d20a |
| SHA1 | 859337758c43ba6f90f3b3c5f71b8fb27bf61713 |
| SHA256 | 56e50f3167c120f009b2092fbc74e1d10eb68b1fba8f1d1b8a3afdb112ee357f |
| SHA512 | 16bb8aac7fab522381d83474bcfbb8253996d0b41340f7761048bd568790c6d32fdb4ede11f468e6cb2ba60bffa138e5fcf7bd6bdccf5dba47181e7d21bfed1f |
memory/572-113-0x0000000002440000-0x0000000002441000-memory.dmp
memory/572-114-0x0000000002300000-0x0000000002301000-memory.dmp
memory/572-118-0x0000000005190000-0x000000000565F000-memory.dmp
memory/572-120-0x0000000000A00000-0x0000000000ECF000-memory.dmp
memory/572-117-0x0000000000A00000-0x0000000000ECF000-memory.dmp
memory/2008-121-0x0000000002140000-0x000000000260F000-memory.dmp
memory/720-122-0x0000000001370000-0x000000000183F000-memory.dmp
memory/1716-123-0x00000000009F0000-0x00000000009F1000-memory.dmp
memory/1716-124-0x0000000002780000-0x0000000002781000-memory.dmp
memory/1716-126-0x0000000000A00000-0x0000000000ECF000-memory.dmp
\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | ee650b620489a1445666611bf8026bbe |
| SHA1 | a6ffb8cab0260cff727dbccd7b48881bd9f5704a |
| SHA256 | 9d2645f48ae9fab3bef318b218afc502b125a5a8d628a437f0ae4930b5d0e1d0 |
| SHA512 | 812cbf7fbb93dfc4772970a9a075b75b4f194e5e527be932392d1efef00574d5072522440019fcc213abd59d3fa922cc50b74432ec2dbc250a70030f058ce5df |
\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | d5e0aa61a7156ac82ffa338327b3ce1b |
| SHA1 | 8b51862b6af65e5bcedb818172ec8fa8e6c44352 |
| SHA256 | cadf8508776edb14c89d6ce32a08dbecff183b8dbc6dec57c92d9a6aaddc8778 |
| SHA512 | c830214b87073ba133e8e3a942ef09957d49bdbbd270a195bf357839cba5731b43c04b7cc71a689f89630a08b224acf8aa6c8d08b423906943e3aabd34b8120d |
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | a7539d39855936ccfb9796f5847b9a0a |
| SHA1 | bedf663018946554b6600e4d2438db6a5420c3cf |
| SHA256 | 2cbb922d709022705c151ec4a6a556c5db7ee897196c86632a0d53bb98713f1c |
| SHA512 | 72a2a21b13b8ab24cbd0e771e20da3334e6d94e3f6d2534ce14d26b4465286fdf919927a2bff97ff7c0d2a6325b561ba054b5828a878e00573b4b69da27076cb |
memory/1716-144-0x0000000000A00000-0x0000000000ECF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000019001\leg221.exe
| MD5 | d177caf6762f5eb7e63e33d19c854089 |
| SHA1 | f25cf817e3272302c2b319cedf075cb69e8c1670 |
| SHA256 | 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0 |
| SHA512 | 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25 |
\Users\Admin\AppData\Local\Temp\1000019001\leg221.exe
| MD5 | 44c4e540ef28ad7c365c8d592fe8099c |
| SHA1 | b25f77e53d3d568d5bfcca4c2a2d371ddafcabfb |
| SHA256 | 7c8655f120f78385ebae8276890621e9751713a7da8bf0073e3cbdef2f592011 |
| SHA512 | 18eb613c9884796b043cc48f2d5ce5fdfbfe55502dd826f59a8820313d84da6a7275c652f174b83c00fbdb6a864dd79d081a4c19bf2a3ec4146ebb23f3ea08da |
C:\Users\Admin\AppData\Local\Temp\1000019001\leg221.exe
| MD5 | aed6732f41e44a2618eebfd97f7b021d |
| SHA1 | 1bdc5e9829ac57710e1849324cb08bcc0effcee2 |
| SHA256 | 0937bf680a0bee9e9f29398a42b418de3e7c9bd6acd83305242ebb7d12ade7db |
| SHA512 | 6fbb5983812b4771a31f46aea6f628128d90ce62a58210713ec5357e8bf8a1600eef4e2b254ec36c7e0a559ae9d0fb395110925cce18eb7b24b1113de4563fe5 |
memory/2020-177-0x0000000001370000-0x000000000183F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1
| MD5 | d769ca0816a72bacb8b3205b4c652b4b |
| SHA1 | 4072df351635eb621feb19cc0f47f2953d761c59 |
| SHA256 | f4cc3a4606856fd811ecbcdf3fc89fa6418a1b3c8f56ca7ff5717713e8f806a2 |
| SHA512 | cf13fd667e71707d63d394391b508f5a1ee5ffa7ac27fe35906e15059e9fccc8ad61e91ce3ffd537e8daa0f6306d130997e9b448a4466407fa0c894917850b64 |
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | c308dd92aaa04b1b424fa3b970d7e04e |
| SHA1 | d3a7d45eacb705c0a0da2547b2f9cfd3fd42ca92 |
| SHA256 | 789f23a6c4ff4766adc036a3af1289299bb67d0601bca21bd1ad02a21528000f |
| SHA512 | 8c50bc1ef1cb0c8a9ece1d6a06134641011ee00bd284a72d8c1381dc1bf696a25ac4863ff645d02329d9f1575449f1df015f6550bd4880f26c73202168859597 |
\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | f6b780f05827d33dd3aaeb93710fa4f7 |
| SHA1 | e28f8da6ec76046338cdb5b883e42194e85b0df1 |
| SHA256 | 644269ec4e54f4f67641e82d217869aa574b0d20cb37f1c0a594e4292ca0d864 |
| SHA512 | 03d7835b715a39f424be4e1052576bccfc645de6303d0a4624d85f40ff6971d6af6a51ed87b1c962e878c5e4a4531913b8b6eaa6f2ddbda676142a18cb5e9e96 |
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | db5fede6ad650e6cab1f27468907bd76 |
| SHA1 | caa129093cfe57621faccd6018496906a82dfb9f |
| SHA256 | d27c3a8a9152cc6138f5ca48dda28b4ebf2ced916ff64e9c00bb5437baaeb758 |
| SHA512 | 5eeffacffd345dd6dcd09fd1afc534466faa69d0fd0f1612272656e1dc98a77cdfeef1f09b110f370483babf3fb3ab4f317a82c799bab72f874d063cd74e8153 |
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | 0c4cf4d389a2740beff7745556e97d42 |
| SHA1 | 75ee779192de021ef1e569b9857bbed34fe46981 |
| SHA256 | b1dc66fd07943243094bd247d9b4e208d47838f11b31ee8ad1d76b927d4d563b |
| SHA512 | 0741f4971ecfa277c383dc770bf110a5b5c5167bccb475dbc17b274498828f69d2d677a449e659830c13c45cb587e1b190291b87bf20076caa519b5c23d02a26 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D1924E91-C48F-11EE-8AC5-6E556AB52A45}.dat
| MD5 | ef0ec1b8944ed79cf3b414c86dc82422 |
| SHA1 | 3bce92d60707850709964dc2172c913322c86866 |
| SHA256 | 9795fc756fa2040211057316c806dd392470c4619ddf00378bb603de3ba7acb7 |
| SHA512 | c33e967ff53c94e0a33c491663a8fff2d2d760088aa3f6131fdd11ee73de1b45d75c36d87cd9a943e4180811576e0a914a364f44986eced69d9461119bf375d7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D196EA41-C48F-11EE-8AC5-6E556AB52A45}.dat
| MD5 | 81a23a509f6fe61e45dabac23080b819 |
| SHA1 | b667ceaab6619fdee3314c3625de64586ebeeb5c |
| SHA256 | 2bdda59ee06830d07011e819adfd17e1362d84c98e1c1e3f5c57468ab1dc6225 |
| SHA512 | 0f6fb0f453a94d02a973d058e507c40a0b2334f6692639be1adad6ac497efa6564c6180645abff73d171f5f2260bb1f233cefb14069cb0dc2436f8edf1752ba0 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D19E0E61-C48F-11EE-8AC5-6E556AB52A45}.dat
| MD5 | f63ceedd198f95d89b81331e672f4a31 |
| SHA1 | ef09504b2768caea310568aa97cfef5b729b73cd |
| SHA256 | 5cd677f75225a3a88d5b55af98f226347883034bbc4f314b73a666124dec0f95 |
| SHA512 | 2563dc01e5f5b84d8545d12fef576f88018fce0591fa5f06706b314a5281ccb31a87b930edec0f1da1cd4812a0ac15e53e857bef53f0f5166b8fff438e4af86c |
C:\Users\Admin\AppData\Local\Temp\Tar8A96.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab8A97.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | bbe4ac7070a7dc35cbbdd51702b0eaba |
| SHA1 | fe94fb49503484d02312f5e522ff1f175bd3e4f6 |
| SHA256 | 16f9eb4e8af660e2a93e9b3319ed51cd9aec3db285023a09a607c26c8fe80947 |
| SHA512 | a513d8e6af2e8c77cf23b8ff8651b59d996f81e3371f92f4ebd1981049941dc03ad0ee8441a769d456fa704fbefc83b2323ed55f19046372928923fea7a62a76 |
\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | 480dba91066e0db42dd462ba28b1cfa8 |
| SHA1 | f6c897f90ae4e147bce95256b1ed273748c55530 |
| SHA256 | 9c5145e86c2334127add016049de0748cdb4485263673e9ce241e6799ef1d441 |
| SHA512 | 7e81a9a04d5d650540227a4b59276d277f51210736ea5b218bd1416f5cb520a63f7940e1209a45593a1ce4d7cd10bf145850ee636ffdea1e32213da14fb16ed5 |
C:\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | be9bb9a459bd1db7c3bdad2aef8b0f09 |
| SHA1 | dd496a9119928af0eb99d6d2b284f509a04b32b6 |
| SHA256 | 4e17ed2e9980d53e95a7e5c13fad6b042241b7b69b13afd304888bfe2c2e8340 |
| SHA512 | 2055d79b03ec789ec30987d8cb31a16c317eb6c633202d2c62cf0c6f89ad8db0a6157c4960674b6026a06c9014d7d2fba90b92e90d9c7d33b6f1638779861db7 |
\Users\Admin\AppData\Local\Temp\1000032001\dota.exe
| MD5 | c10cb731aa7abcafcc56aa45d42859e6 |
| SHA1 | 3f8d655cd3d926336cc59c67e2fe96d7465635a2 |
| SHA256 | 53eda0fd01e5b9d46d2db530f947ed9afd6a0d7f9f4bc1cd6144077a5bcef18c |
| SHA512 | 400dc3713a664e690f110c58315261b2c6f9e38d54d1d7ef418fae812ef4a3812a2066606a50d3be578a9507ffdd4e1883097b4d450aa565298873bc968a81a1 |
C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe
| MD5 | 8f423f18a87426aa5e86b6fe5eed1eba |
| SHA1 | d7dbe70f455331173fa978d34f46162345bc4a3c |
| SHA256 | be74020cbb5d576fd890fb4acd495a9f8c8d2de9d86a6585e4b20a4e98713f33 |
| SHA512 | 37cb50bbc87b910968b4119b3e708a3c144b8b89c5b2d8e48e3da8b1c0016a9ccb16d739b15936cc4cd8d572df2e603bec96cbef880a8fa71ef1a6b1007ecfbd |
C:\Users\Admin\AppData\Local\Temp\1000050001\Amadey.exe
| MD5 | d467222c3bd563cb72fa49302f80b079 |
| SHA1 | 9335e2a36abb8309d8a2075faf78d66b968b2a91 |
| SHA256 | fedb08b3ec7034a15e9dee7ed4dec1a854fb78e74285e1ee05c90f9e9e4f8b3e |
| SHA512 | 484b6c427e28193ddb73dd7062e2bfbd132ddc72ce4811bfe08784669de30e4b92bc27140373f62a4ce651401000a3c505188620c43da410bf6b0799a0791fa7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 6992aa2d747756123be1c5b182f9ddec |
| SHA1 | ca793310391afb6484938a731839ef59a13ded93 |
| SHA256 | 89563071fb7bb4205206469f561504c6b36e764dd658eaaf8d02c0901d7dee26 |
| SHA512 | 022312f898dbc857d3d9bcfec3b8661e61e46bce311ea4b885b30527c05b739fdc1b3c0a0bab6f6fc0b0d972f1dc03a7ed1027b7bf649bc6b46d7a73ccd4e864 |
C:\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe
| MD5 | 0dccbae3a624960851756c05fc91cda1 |
| SHA1 | ffcf690f49a69e1b5a8b6c1edffd6dd1ed7ca7a8 |
| SHA256 | e2256bb95a81d664364ae5f0b4f5e09a6327a7639dbaa9bbaa2f9d876041c330 |
| SHA512 | f04f1a325bf1c48b4452652c607a2ebd265189ebd5c4f27b21494d1878cc224b536a088363b249a691a0359330b6f2fb598e79c1e0d6d81f50be182e46474fe7 |
\Users\Admin\AppData\Local\Temp\1000051001\rwtweewge.exe
| MD5 | 6e401ff8d2152ee1f93cdf7a48072207 |
| SHA1 | 5b6945cde50036da4f96c3ad4d8151e4edfa0eb7 |
| SHA256 | f7c9102387ff2be3466578767db90e8208f9edbfbeb048d08b3aa47b042a05a8 |
| SHA512 | 66ae5caabd19090229449dede7840770c6b3bf8a5d875fa75df3621119b3798a0a5b60e19c4bba9cfb8a39172bde6b5a45ec1d8cff865ca8a8f152f335c68b96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/720-416-0x0000000001370000-0x000000000183F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe
| MD5 | 9b3eb33a68ed9fe9a8618373f7dbdc4a |
| SHA1 | 8ab552271385d3dc511bbb9d004ffa3f735721bd |
| SHA256 | 24be2c6415b6c41514057c3f3b82a81b669f0f1105c9b1eca0c78c0cdbce6932 |
| SHA512 | 64b3df4e7d5c8964b2fbb8a45b5cbc9261f4243667d5f8040b1e77f33ce57ea89219a71e01d7f2584b40a31de7622d7b57e64420916b43bdf308c141f4082533 |
\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
\Users\Admin\AppData\Local\Temp\1000052001\plaza.exe
| MD5 | 403352865e40d0dfb273e4d1d749e69a |
| SHA1 | ce8e4e1bf74c9747da03a073313a9d51f2064793 |
| SHA256 | 14a25d06adb6a835341a7c1fc6e0a8d030590dc66f2d4bcf0f5cbef18182531d |
| SHA512 | ac9e422be37fa7974c4f7d03091e052242653824dc1fbb85f4c4bfd7504bca8cf7c8648fab664b3bca2a68b4975b06eae6a15f7ba7f95e930e4b63accc7b207b |
C:\Users\Admin\AppData\Local\Temp\1000053001\daissss.exe
| MD5 | 10a331a12ca40f3293dfadfcecb8d071 |
| SHA1 | ada41586d1366cf76c9a652a219a0e0562cc41af |
| SHA256 | b58eec6e5aabc701404d5b5556c86fff5cc103c69eeda00061e838c4f122288f |
| SHA512 | 1a5b8e77ddbab97bb4c848adbcd7dbfb9ca84307d1844dba9572fcea48a2cbb091a3fc52663b87568416adf18a1338adc07aab0bd5f1ab36a03c8ff8a035d399 |
\??\c:\users\admin\appdata\local\temp\F59E91F8
| MD5 | 5d55464657fa1ef32579ce270054f602 |
| SHA1 | 744a27f68353560f03ca4966853659431039de96 |
| SHA256 | 8684f5f4e5fcb8981567eea5e62047ba032a31638328a351cc8f81c769e2ae8d |
| SHA512 | 7c1b9087e69ae8fd9eda454a3cbb3129d79d9dd625c2496623ad45d39c6fe812ca6a70edf1f7ba624f42d7223a4f68a2167bce57b7ebf1b3950e9db9fac6ec29 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 92fbdfccf6a63acef2743631d16652a7 |
| SHA1 | 971968b1378dd89d59d7f84bf92f16fc68664506 |
| SHA256 | b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72 |
| SHA512 | b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117 |
C:\Users\Admin\AppData\Local\Temp\1000054001\dayroc.exe
| MD5 | 6bafdfbaa6cd0416fb25cb98317237bb |
| SHA1 | c34b4a5029f8957693cdd7fbd5eac9c3df6a73bc |
| SHA256 | 8bc0c15284a5f54dec62b856e434706caac528f97d4122a1cb2e194f0dacffd5 |
| SHA512 | a3c48cba779667a60480576260828a06ad838d98eb0cfe35df579a1a9149a1e3f6deb182af09d9512fb73221c074ac1bec48635e6032713f948e1c851872c457 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b06d08c023c618376c5393518361d784 |
| SHA1 | 44cf35b1077e0afe2f06d2fd9cfd64b821374404 |
| SHA256 | 9c2837997a2d1f1ad38263f8ce56fb81bec5dd94001abdf0e66940c5f698c65f |
| SHA512 | f52759d051c69b92e1f5af4dd03f080a3c29f98e97d0614f64a1b5e1ac6361c30376e85602417046b43ada8b405206236fb0e006abd4432f097fa0731fe85054 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs.js
| MD5 | c3709af11f1c5b3ccfe332d9ba115661 |
| SHA1 | 057b8931ecac9d7708f1ef2abc9f2f5872c313e7 |
| SHA256 | 05cea9ce3d4d3052fab67eb4892a87536f708781c7b0ba2b13c521d3dbafe640 |
| SHA512 | c3a0e7da8dbad0046b415d218e4cd0d53e8a71567deb0a16b88cb9494c18e7016dcbdd6a63fc60a6eaf92236331c31e81454a63eb0dbc179c81e09e48bda3be8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 66049b4b6e6beb08887d109f7648fdaf |
| SHA1 | 0a1521be0b995f847c79aa013ecb7fd408cfa5ca |
| SHA256 | 80ea142c8e5cb0c45d6ed8d000a9185a1f3b23455c1688f38ee0aa08a035be7e |
| SHA512 | ee18d47da62758f6c6deb7316fa0ae48e013e14a5ec2b1067aca4941e8f59b5565712526272c98916b96e8187c4806149f0d687da5575098f607f9cd3a2554c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\13c8060f-b156-4af7-8888-4d650b8e6470
| MD5 | 66e92e77eb48a49a087320e19f1bbd19 |
| SHA1 | af2736d4acf850d5c241bbda1b7832b2c3f08230 |
| SHA256 | f30dd2fb5d5d319604bab11125e1e22c4ba91dc90b4e30ee3493beb4781ba8c2 |
| SHA512 | 41a6a5e1712aa4a0739d7940c8d0cc180643beb050c9dcb0855b9333da588b69a4a51d071dad1ccf50bcbdc812cbb00e31855cecefbde4de10f3ccf29b700195 |
C:\Users\Admin\AppData\Local\Temp\1000056001\redline1234.exe
| MD5 | d612d9d6dd2a8c6ed9aee4944daafef8 |
| SHA1 | 09b523241299dad0b76f2af97d189055d16fe5b1 |
| SHA256 | d1561519293a2eb62454d86eb29f511744f32a0ec67a7c2ef2858590a315a628 |
| SHA512 | e747505660fd2c5650f270c6c641e6fcb40e518d8b6c72d5652b39dc63bbba5f8b0922b079f62243f1d24d2395fc24c5b3edf861779c0e4ed0e9239b7bb92512 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js
| MD5 | 03d8462d5c8a34db9cfa828a30aa45b6 |
| SHA1 | 10ac237957ded1bf3800491fda88367288cb5d9a |
| SHA256 | 16d15f069031f065664327ba146c89671323fd1c4ab57932d4bc52b57f505825 |
| SHA512 | fb3795a87c3b6efed6e7ef476e5096dca88dce0c0e761116fa2f0cefce729da63979869484333f9ed2ed019ecf201cda3d540748564398126e5d213ab07d4421 |
C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
| MD5 | 8ef6614c2044ef99f3a9813638b7e98c |
| SHA1 | 315231dfc448f8161e489d8db39900bbcdae3a7c |
| SHA256 | 64ab4337aba81400c5673b621b4414c611ed685e8084fe74954276ef24d0ace3 |
| SHA512 | 6df09b9a478afba44866c2ab55df90a57198a4d1992e26d5c5a7677fff07956af05800742067a9450892613850e47de0ebdf39154a95d114c49457f9dc70bdca |
memory/4536-645-0x0000000002750000-0x0000000002B48000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000057001\mrk1234.exe
| MD5 | 9fbfb76e83fc6fcfdde6b4a678df9f3c |
| SHA1 | d7490105284afc4b61b67bcbd0aa321d34d70e42 |
| SHA256 | ce022c30354a1f267bc6f5c770f82854f56810a59ab9d077dd4c53252456704b |
| SHA512 | 28f808aefc7767bea1a268ee812a49075683e3ea7a5173ed29cf5d342670d555722792226e5e57c0ae9572fc44889c4a3b636ef8e8a1cc7b52b6bc60e66128f5 |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | 8c20d9745afb54a1b59131314c15d61c |
| SHA1 | 1975f997e2db1e487c1caf570263a6a3ba135958 |
| SHA256 | a613b6598e0d4c2e52e6ff91538aca8d92c66ef7c13a9baadcba0039570a69d1 |
| SHA512 | 580021850dfc90647854dd9f8124418abffbe261e3d7f2e1d355dd3a40f31be24f1b9df77ad52f7fa63503a5ee857e270c156e5575e3a32387335018296128d7 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 2afdbe3b99a4736083066a13e4b5d11a |
| SHA1 | 4d4856cf02b3123ac16e63d4a448cdbcb1633546 |
| SHA256 | 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee |
| SHA512 | d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 42f055e712706af8dd847fff2b3bbf18 |
| SHA1 | 84e83a77045fc0fd81138f163bf1b0ff42aa6883 |
| SHA256 | 4a45b38b72e421ea1cdb8b03aad202323b4fa5a448b16328d81323cc5ea894d5 |
| SHA512 | f92334fa28176a26afbc920e7262e3921f304ba014e76e88e8663645c7fa7cf2136050a1a1f0527f3181a63d289ba447de5553afe891d38b659d74f9582d524a |
memory/4932-750-0x0000000000400000-0x000000000044A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000059001\sadsadsadsa.exe
| MD5 | 5a6358bb95f251ab50b99305958a4c98 |
| SHA1 | c7efa3847114e6fa410c5b2d3056c052a69cda01 |
| SHA256 | 54b5e43af21ab13e87ff59f80a62d1703f02f53db2b43ddca2bbd6b79eb953c5 |
| SHA512 | 4ba31d952bffbe877a9d0d5df647e695e16166d0efe7e05e00ddb48487ab703413351a49043965d5d67ed9faca52832ed01bf9fa24d5943fd591b2d263cf05c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js
| MD5 | fd7e5975445267fec26e279bfe9f3715 |
| SHA1 | cb2f234a28121beee8ac0ec1c3330c0ba3f28fb9 |
| SHA256 | 5c2a194c8f44b4bb70d2aa9d63ce82c8f0a83cfd60ed1b3f3568755bc2a88abe |
| SHA512 | 0fe30381f30eebc14d9f4ed20fe24b8542a3b04bd337a5f0e144f35e26b7a866f171007dd2eb124bf743a9e0b11301a9059e1cc11982d35200f14dd8e52cb720 |
memory/4192-811-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-812-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-816-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-818-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-821-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4556-828-0x0000000140000000-0x0000000140848000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 121b08ad1d479b2f83f33754f5b7cb5b |
| SHA1 | 785b9e5267f8a22410e2e0e826740e6960553882 |
| SHA256 | 14a3b610e20ccbeb0ebadf52093599c7cfeb40cd30b26840b2d7929535a0a1b0 |
| SHA512 | 6eee12693ccae9378aa8531b8a18d0a7c0b2e5321393301a48b4b4674b9d61724a0780d821e9cccf2f761c1fe7ee546888584dead0af481c285fb701881d4bcb |
memory/4192-869-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4556-868-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4556-870-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4556-873-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4192-872-0x0000000004C00000-0x0000000004DA5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000060001\1233213123213.exe
| MD5 | 98db5fb88d393b3ab4734f344c9acd5c |
| SHA1 | 860f8841a4cfb6b31d680ea1adcdb7b240e0ef64 |
| SHA256 | 7f570395a226377c7393b7fe0faed25aa8c6f45c7816de45a73d6a3a4d041648 |
| SHA512 | c647095a6a62c83edab2628743edbc75f31815933d5e7ff9182f8f2f99efaa36c96692ce64ce551225f75bf3a16c7a941809aa83aa0b138e4a9c94f41196c9ae |
C:\Users\Admin\AppData\Local\Temp\1000061001\55555.exe
| MD5 | 06900b1c94b4858708cba1fab235ec46 |
| SHA1 | 73b00bee2580eecf3b596132b2871d02c0e692fa |
| SHA256 | 18208fb4ff7717a3ff1cb5e806a4c6b42ef886d5e519c4887a84994bfb107acc |
| SHA512 | 96940d1201d3ae6cd506bad6d3161acb14eae3f8060a1b7cb8df12a7004eaf7201eaa7952c8a602a7666c741aa000e981c7287d0c416285ed6f2fbb0203ee0f2 |
memory/4192-839-0x0000000004C00000-0x0000000004DA5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u3c4.0.exe
| MD5 | 29eae1a7170233af379dc241348e6531 |
| SHA1 | a6801e82440bb316c51d072f03f1be5938afcde0 |
| SHA256 | 18778e5f6c6c5a0b8ff538ce85c12e83859c6362e0e682bc0f990f010e80ae0e |
| SHA512 | 5aff56f961f87e6d41c7ac93c204471a136724a5ca96a4af3217d0f7afed178d742681cc2b0cff08250ebbba801d93572e8911543fdd1d57c645d89253144d02 |
memory/4192-887-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4556-886-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4192-899-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-904-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4556-903-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4192-921-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4556-924-0x00000000000C0000-0x00000000000E0000-memory.dmp
memory/4192-926-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-928-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4556-913-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4192-814-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-932-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-934-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-938-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4192-944-0x0000000004C00000-0x0000000004DA5000-memory.dmp
memory/4752-945-0x0000000000230000-0x00000000002B9000-memory.dmp
memory/4556-957-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4556-959-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4556-966-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4556-969-0x0000000140000000-0x0000000140848000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5e1b7c6f44c9976feac2afd6cc53981b |
| SHA1 | 9aa787ae5afac9363acbaf89ce7ef941426bd396 |
| SHA256 | a35974276b5b19377fbc25ef46138ded6f39c32d10b59e007853b470035e2ec9 |
| SHA512 | 45b93852e8ca62a5508bd03f05ba13587d7714f07452bf3b516aa3d5850b9e6d9ff4fac4af92a6c1acc9251903ae30c8dc8ec424429ce26d23edcb5a87c86c80 |
C:\Users\Admin\AppData\Local\Temp\u3c4.1.exe
| MD5 | 62326a7b139445927197d0f602df4943 |
| SHA1 | 2bd3e8e9a970b73ef4b2179c59b647d023cedd9c |
| SHA256 | 85b0a33f27294b8344a0505c51c4ed67a1cbbc4b5bf5923255eccbb921b26627 |
| SHA512 | 70e94099a3125f23fd5369c47d556a561f2fa5714694670838e7727a12ef0f185184f54d9e8419398cc1b28256264d36d3904548057896030990f953827d0f40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 23d01a9865d498a2eac1869d15fc7703 |
| SHA1 | 1514cc90b5b0169906b7442af1229271f8c4cf7f |
| SHA256 | 8968222dfafbc095bfa737833fc46caced60d6b4879c4ce52d5c8a11701e80a0 |
| SHA512 | b0ae46b785080c785000dcb145ff292c8dfa2d859dad71e7246ad958620e6f5a74ac675d8442950cb38153954e6cb37f9ca1c2f9ffcc9ebf94265cce0d459073 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b6987bf20c060e9af39bc424fb3d0e9 |
| SHA1 | 3cdead9f7fefc01aadb203eb01fbb44568ef5423 |
| SHA256 | 96bb556b41f4676d8367b7957ca4b3dac3401287c50644b77b25c8705681eca3 |
| SHA512 | 732bfb9ff05879f276bb8551a565eb35a502739137d0eb84df44bd08fc689951aec0f4407202b1dc767a5f70f300ee3ac8eaa4297bf34ec49fea537167b2775a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 370005215249a035ff8c4b4f0343ff11 |
| SHA1 | 764e1862c6bb6232a3cbf2796ab89a3a81393a73 |
| SHA256 | cc5f5c02d5b8343ce9be41ece86bea82b8c0bde28a9894908d89f63a09934536 |
| SHA512 | 59be5ade0334884ca15d6234fa21510cd161629c93902f8cea5888c40faf587c7a71e64ca1c02593b6a5a288f7718c1524821921cba15b5f05d3ab81be7b0f62 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F
| MD5 | 5f21a95efd41a544ca6d5f71386c824d |
| SHA1 | a571ed8337b0b34b73c93ed00c7d6b81aec06cd1 |
| SHA256 | 4dacd9a0daae109507dd527e89bec934949134f90af8feb224ef18b0ed9d1144 |
| SHA512 | bc04155c42e443fc1a62f8c7ded4d9bc7e09bfe9bf0f94eb9ac7034c54bfe36310035f41ac1c29debecb0f37d000958345f8e6e9afac6e2ed486d286dd4dba0c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E
| MD5 | ee070ef0f2c6e182ba1199cdd3b0afb1 |
| SHA1 | 3a66c258874bf136cc12b5b7a1c23202d7067656 |
| SHA256 | da7c85ef83a572a553d763a758d7338f5fced302feeaab3bd08daf42496c7821 |
| SHA512 | 57785b45342a4084f775c0245de1d2c1f55f8250b143f46fb6ad4dac995e33637ab758f4d9d3bf7c266b8c63cf981c0ac750d239dd654f378da28c2041003fb5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs.js
| MD5 | 6be6254752ce9179ddf698b3bd738406 |
| SHA1 | b3d6d85df933707a3452ae4e9fa51495bb72ec92 |
| SHA256 | a613a10b3ad50d3ce0fa9b82f53c4eea83bd89bfd774345e6af942213dfeb428 |
| SHA512 | 55ad3f0a29036e83f9704400c7362cc08fd5df76a598c57ee1dae1f9cc18c54b0bfe31dae9d0b4b5119950a05767ff13b2044f9eb6fd4f953b34a883534ebbe1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js
| MD5 | d9be28c18a0888e95778f01af9ce90fb |
| SHA1 | 4b82f971855b3f494faba33f7471005a3538ef03 |
| SHA256 | 22ef6e838f888139716fa87521d237ab7e0f5d707ccdf5ac6920f1fab70471c0 |
| SHA512 | c50e2f6104354382e70a75da1a767f96d96e0840309eab80d9e6250d0880dc53fd4b74dbe1e7a0db6c247b82fcf4fe3c88f1a3be17b4357d7813dcc0b49b7acf |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 4c743db218bc8392132b06cbaddef7bb |
| SHA1 | eaff3b07325166cdd94a458c211764ab00b2f4d7 |
| SHA256 | 1bcdf256e7eb00d11e241a90980928099f08e5de005f2e3a7c7c8b68e7ef56c3 |
| SHA512 | a05c3d48b7c05361aac405973826015ca29af590762b0ecede485803a906023feebfc340f1120efe95a931682fa7d8a295ab128bd538cac68baacf73ed21c147 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | 59ac317f83fb1a7abb3a64ac7914f215 |
| SHA1 | 818819227635efc9f50f5e1668f1f02a3d1402ea |
| SHA256 | 787705dbbe08069c4b307b2a359a571e85a7f3cd737492c903a91f837b05db99 |
| SHA512 | 142bd5c30600e2d7525f96addd98bb6255619533c39c186f2de22f5f5855d12139c2e8a974dc7ad781b54c5382be180ee3cfb641452fbf932701a25dd65e605c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | edead1a6ab28343225407de4845fc85b |
| SHA1 | 728592068b9340967b18e2fc5b31cebf2942c1e4 |
| SHA256 | 3c0c22f60ccd5ac7066ad5658c1ae499a42a0c0f8655ea3214caf7cfb822ed31 |
| SHA512 | d94e53946b86b81d4a927163170e44aee41bb47200f35f7fca59248259e7a1fc52effc31edc7ae25580100a78371226c118dc5eb14c9cdf7f6b13c83082384b7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9175adb8e1957408c705e66601b9b047 |
| SHA1 | a95ec5b3ee9209cc4b06f1951c6f7fb18ca82a84 |
| SHA256 | 9bfea081e084c7da2f0eb7ea0068fac8886cc07e0a485176c83f5668750ebf86 |
| SHA512 | c7e85cf9a6562937717c2eb639a5a28312d6ea1d46bafd08e4f3802b909b97b4984c1d0adb06f199a6732f774a9ac8d5b5ba366458509ec75a61dc99f387efcd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 2cbbb2414a25ee89bf9e7cdd78a56939 |
| SHA1 | 1ede4323ef68b818de136aaf5b071d07600b2587 |
| SHA256 | 67db5cee60717b75fb6347488635deed40ca64df13234351a97e9ec920c464a1 |
| SHA512 | ab932b12870ce6c34465f2cfff51f0f1b3e738b31eef6a449786b767787951a04fdf4aa1a9e02198f020eca7f778265a5bd518b0b5c12810f8bf25e5e15d7bfa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\14t8eq6w.default-release\cache2\doomed\1888
| MD5 | 906264a847343cf43b8d683236f9898f |
| SHA1 | 97db21327f34a9b1ca7c0b38019c03091b04b8ab |
| SHA256 | 00d44f861835f5c272cfc8dc366ab3fb0a30aac11cd34c51a760343550e42aad |
| SHA512 | 5d2c6e1e6b64526926cdd78c48a9138839d41167e4da6bddea3db27fb166e182b08a8d6863d6029e6d596ad9f1b40c42a4f4774db89e92232a7135895c31c0db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c10848fb1cf02cc2be75786445af4383 |
| SHA1 | 0c8e4068961ca8e5fa966596bb55a30e0162e9f3 |
| SHA256 | 2ada8754dd4bdc1e20ac8c6381e17add850d1f4e1e1c71d9d27592a88cf83a4a |
| SHA512 | 3dc6fe76a39be8d9d5652bdd520b210431525b27fcc0316a1fa8c7e4ee940d7e4d9232c53b660ce6e47fa94814abe3241f7ee5b120239258e44a3cb2d229d426 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf778556.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 15f4322496a82af6968e3d997a646493 |
| SHA1 | 3b4d3d2f269cdbfb60d85365a3abf5fa2b0ceb51 |
| SHA256 | 2d74486e8004a68a0b89c11a8f718e7dd7e1007ef33dfab903b58748f58d9547 |
| SHA512 | fe1f7b5a14173844b328f891e2747aafede8174f30ab22cac2d714f60d3a15c28f64780a26bf24abbb324835ba0a9b50e04098800efa13ce0cbaf1574b688013 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\516742c8-d2a8-41a2-9d09-16491f93d956.tmp
| MD5 | b5e10e0bba21085d9383337c66b0866b |
| SHA1 | 2eb0486b92c7213b4b4cbfc8dce47b4506d2dedc |
| SHA256 | e0d0f00713a996177a001df6ed0f8d9fc4512c7df4a23cb97b2b22c2de5281cf |
| SHA512 | ed6d2b787e839babaf376416c79b13f023acbce6d6e31ce4e3ab5794c4c41b0f7d3737ae5caa7f2ae881ef391ddb236a6e763fc9bfea39d515c9b1f279251a1b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a1ae2b0a9672d30bc40d010438763077 |
| SHA1 | 711d7720c0a955abe5c40a9ff36a41f38c7aad5b |
| SHA256 | 52e28066f65351328749b1d3982b7b7a7fa5539cf144a342b328e73729bf83e3 |
| SHA512 | 0a83dd6d9209eb6d4b726dd7108d3a1f95842d36ac9358af5d262300a09b749b2d27bd4f32d8cf557c9711cbfd26c437b6aea81fe10b664507c6e00495331db9 |
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d88994687f68eecfcb3c255cb6ebf557 |
| SHA1 | 991369a95a7a79f169521275d1b9aed47144aec6 |
| SHA256 | 5dcead697e36a2cdc440e59853dc3ea77620a63400bedd815cc3e66d65a29e3c |
| SHA512 | 8bdebd94829f1bbaac402ad64d77f233375877fe5e89018f650d740860e93e00f4473729b77a5893ef9de59a93a11ed58547bb5bea7c31f7b181cfa7a131e544 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8a73d71e-c3b7-41b1-9f51-8a4b541d3336.tmp
| MD5 | 7a692cc0e4fb8e60fc1bbab1fa5833c9 |
| SHA1 | 381ad8bd05f9b1aedda1d99c3bfe963479e3bda3 |
| SHA256 | 475be25846ec4e24ddd0d56a360b71c1802b4fc8f94a9f2dbb06e71151aea94b |
| SHA512 | 32ffef7edf46d29a70583d291b31e5ca4fcb743abc06cc8664871ed723c993ffaeef7c1ef3bd7bfc21a5de13bf71623bbf37f054ada16e21963e75c2ed993a88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e78efa016d0e13b61fab692b49a1c016 |
| SHA1 | aed9cc5af76a31a4f07eee4425f2ded6191a0a44 |
| SHA256 | d7aee9a2ed56b9bd3c47d301cb621a81a63ce939b52438debf239ad15422a89a |
| SHA512 | 70387cc60a00914812828b5690b6a6c258cd1c51c6b3e0fce45df39eaf35cf9608fc737c874f9d6c0ae6f41910f2f18c71c018e9068781e6d8ce96d7e147c2c4 |