Malware Analysis Report

2024-11-16 15:58

Sample ID 240209-abr7gsee82
Target c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc
SHA256 c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc
Tags
amadey evasion trojan djvu redline rhadamanthys risepro google discovery infostealer persistence phishing ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc

Threat Level: Known bad

The file c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc was found to be: Known bad.

Malicious Activity Summary

amadey evasion trojan djvu redline rhadamanthys risepro google discovery infostealer persistence phishing ransomware spyware stealer

Amadey

Rhadamanthys

Detected google phishing page

Djvu Ransomware

RedLine payload

Suspicious use of NtCreateUserProcessOtherParentProcess

RisePro

RedLine

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Stops running service(s)

Downloads MZ/PE file

Blocklisted process makes network request

Creates new service(s)

Checks computer location settings

Reads user/profile data of web browsers

Loads dropped DLL

Reads local data of messenger clients

Identifies Wine through registry keys

Checks BIOS information in registry

Modifies file permissions

Executes dropped EXE

Looks up external IP address via web service

Adds Run key to start application

AutoIT Executable

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in Windows directory

Launches sc.exe

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Kills process with taskkill

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-09 00:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-09 00:02

Reported

2024-02-09 00:07

Platform

win7-20231215-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe"

Signatures

Amadey

trojan amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorgu.job C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe

"C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe"

Network

N/A

Files

memory/2140-0-0x0000000000C10000-0x00000000010D8000-memory.dmp

memory/2140-1-0x0000000077BB0000-0x0000000077BB2000-memory.dmp

memory/2140-3-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

memory/2140-12-0x0000000002960000-0x0000000002961000-memory.dmp

memory/2140-13-0x0000000000940000-0x0000000000941000-memory.dmp

memory/2140-11-0x0000000000B50000-0x0000000000B51000-memory.dmp

memory/2140-10-0x0000000000B70000-0x0000000000B71000-memory.dmp

memory/2140-9-0x0000000000B00000-0x0000000000B01000-memory.dmp

memory/2140-14-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

memory/2140-8-0x0000000000A90000-0x0000000000A91000-memory.dmp

memory/2140-7-0x00000000008D0000-0x00000000008D1000-memory.dmp

memory/2140-6-0x0000000002A70000-0x0000000002A71000-memory.dmp

memory/2140-5-0x0000000000B60000-0x0000000000B61000-memory.dmp

memory/2140-4-0x00000000026F0000-0x00000000026F1000-memory.dmp

memory/2140-2-0x0000000000C10000-0x00000000010D8000-memory.dmp

memory/2140-15-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

memory/2140-16-0x0000000002A80000-0x0000000002A81000-memory.dmp

memory/2140-18-0x00000000008E0000-0x00000000008E1000-memory.dmp

memory/2140-19-0x0000000002D60000-0x0000000002D61000-memory.dmp

memory/2140-23-0x0000000000C10000-0x00000000010D8000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-09 00:02

Reported

2024-02-09 00:07

Platform

win10-20231220-en

Max time kernel

44s

Max time network

303s

Command Line

sihost.exe

Signatures

Amadey

trojan amadey

Detected google phishing page

phishing google

Djvu Ransomware

ransomware djvu

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Rhadamanthys

stealer rhadamanthys

RisePro

stealer risepro

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 6704 created 3116 N/A C:\Users\Admin\AppData\Local\Temp\1000150001\newfilelunacy.exe c:\windows\system32\sihost.exe

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

Creates new service(s)

persistence

Downloads MZ/PE file

Stops running service(s)

evasion

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads local data of messenger clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Windows\CurrentVersion\Run\fu.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000031001\\fu.exe" C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Windows\CurrentVersion\Run\ladas.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000032001\\ladas.exe" C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Windows\CurrentVersion\Run\dota.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000148001\\dota.exe" C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 6436 set thread context of 8688 N/A C:\Users\Admin\AppData\Local\Temp\1000151001\daissss.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorgu.job C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\Tasks\chrosha.job C:\Users\Admin\AppData\Local\Temp\1000121001\Amadey.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000149001\File300un.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\8917.exe

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdomain = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-0876022 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = de4b255deb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9395ea5beb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 85b4ab5ceb5ada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000150001\newfilelunacy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000150001\newfilelunacy.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000121001\Amadey.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4332 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4332 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4332 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4332 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
PID 4332 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
PID 4332 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
PID 4332 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe
PID 4332 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe
PID 4332 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe
PID 4332 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000121001\Amadey.exe
PID 4332 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000121001\Amadey.exe
PID 4332 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000121001\Amadey.exe
PID 2792 wrote to memory of 5372 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2792 wrote to memory of 5372 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 5404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 5404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4332 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe
PID 4332 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe
PID 4332 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe
PID 4332 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 4332 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 4332 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\rundll32.exe
PID 5524 wrote to memory of 5556 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
PID 5524 wrote to memory of 5556 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
PID 5556 wrote to memory of 5664 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\netsh.exe
PID 5556 wrote to memory of 5664 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\netsh.exe
PID 2792 wrote to memory of 5784 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2792 wrote to memory of 5784 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5784 wrote to memory of 5840 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2792 wrote to memory of 5928 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2792 wrote to memory of 5928 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5928 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\choice.exe
PID 5928 wrote to memory of 5640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\choice.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5372 wrote to memory of 6092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

c:\windows\system32\sihost.exe

sihost.exe

C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe

"C:\Users\Admin\AppData\Local\Temp\c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc.exe"

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1"

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

"C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe

"C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\1000121001\Amadey.exe

"C:\Users\Admin\AppData\Local\Temp\1000121001\Amadey.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff30b99758,0x7fff30b99768,0x7fff30b99778

C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe

"C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.linkedin.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff30b99758,0x7fff30b99768,0x7fff30b99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2392 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2384 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1828 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3556 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Users\Admin\AppData\Local\Temp\1000149001\File300un.exe

"C:\Users\Admin\AppData\Local\Temp\1000149001\File300un.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.0.56627468\1586830629" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1632 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03740544-fc66-4dd8-8b7c-2a382fe2206d} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 1736 1e779dd8358 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4424 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.1.139059439\1352490624" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e78fcfa-b9da-4b97-932a-e78e17218fad} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 2140 1e767fe6358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.2.1369014645\411562061" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a847d6-e029-4405-a73e-2e4b26f9453c} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 3152 1e77dbdb258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4680 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\1000150001\newfilelunacy.exe

"C:\Users\Admin\AppData\Local\Temp\1000150001\newfilelunacy.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\775739321368_Desktop.zip' -CompressionLevel Optimal

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4856 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Users\Admin\AppData\Local\Temp\1000151001\daissss.exe

"C:\Users\Admin\AppData\Local\Temp\1000151001\daissss.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff30b99758,0x7fff30b99768,0x7fff30b99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5132 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 1176

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.3.534946130\2068164712" -childID 2 -isForBrowser -prefsHandle 3900 -prefMapHandle 3892 -prefsLen 21752 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a35ea923-a6f4-4f92-831c-24aa4a6b4b86} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 2684 1e767f60a58 tab

C:\Users\Admin\AppData\Local\Temp\1000152001\lumma123142124.exe

"C:\Users\Admin\AppData\Local\Temp\1000152001\lumma123142124.exe"

C:\Windows\system32\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff30b99758,0x7fff30b99768,0x7fff30b99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4884 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5332 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff30b99758,0x7fff30b99768,0x7fff30b99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5552 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5352 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff30b99758,0x7fff30b99768,0x7fff30b99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5924 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000153001\for.exe

"C:\Users\Admin\AppData\Local\Temp\1000153001\for.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000154001\Goldprime.exe

"C:\Users\Admin\AppData\Local\Temp\1000154001\Goldprime.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.4.3399195\944527844" -childID 3 -isForBrowser -prefsHandle 4440 -prefMapHandle 4372 -prefsLen 21927 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {089e78f2-deae-4b5a-85da-d40c828c16f6} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 3440 1e77db12858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6528 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\1000155001\mrk1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000155001\mrk1234.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.5.206273981\1304546239" -childID 4 -isForBrowser -prefsHandle 4588 -prefMapHandle 4592 -prefsLen 21927 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80e8e7b8-3a5b-483f-9aa5-980bbd4b7d7a} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 4664 1e779b38a58 tab

C:\Users\Admin\AppData\Local\Temp\1000156001\dayroc.exe

"C:\Users\Admin\AppData\Local\Temp\1000156001\dayroc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff30b99758,0x7fff30b99768,0x7fff30b99778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6660 --field-trial-handle=2596,i,11321271082676606709,6364725612731222585,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.6.1520745246\955003962" -childID 5 -isForBrowser -prefsHandle 2592 -prefMapHandle 4360 -prefsLen 21927 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67380b8c-a54c-44ad-8a5f-c9d28cc4dda8} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 4576 1e779b3a858 tab

C:\Users\Admin\AppData\Local\Temp\1000157001\RDX.exe

"C:\Users\Admin\AppData\Local\Temp\1000157001\RDX.exe"

C:\Users\Admin\AppData\Local\Temp\1000158001\redline1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000158001\redline1234.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 764

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.7.818953350\1572358008" -childID 6 -isForBrowser -prefsHandle 4912 -prefMapHandle 4916 -prefsLen 22192 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78a04763-e765-4a22-861d-b862affc2d2f} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 4972 1e77f7d1c58 tab

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "ACULXOBT"

C:\Users\Admin\AppData\Local\Temp\1000159001\new.exe

"C:\Users\Admin\AppData\Local\Temp\1000159001\new.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "ACULXOBT" binpath= "C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe" start= "auto"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.8.116182421\117946479" -childID 7 -isForBrowser -prefsHandle 2628 -prefMapHandle 2740 -prefsLen 22192 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44af1de0-ed17-4c9b-98f3-65abfedefa2e} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 4640 1e767f68758 tab

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "ACULXOBT"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe

C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe

C:\Windows\explorer.exe

explorer.exe

C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe

C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe

C:\Users\Admin\AppData\Local\Temp\nine.exe

"C:\Users\Admin\AppData\Local\Temp\nine.exe"

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe

"C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 384

C:\Users\Admin\AppData\Roaming\configurationValue\bott.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\bott.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 368

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 1132

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3636.0.608986998\459998067" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1492 -prefsLen 21136 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47ab0bcd-3f4e-436f-9339-c61b09762f21} 3636 "\\.\pipe\gecko-crash-server-pipe.3636" 1600 2901a0e6258 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3636.1.1274086595\1987938676" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1892 -prefsLen 21181 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6d36365-cb3f-444a-b8ca-7e7f5095cfea} 3636 "\\.\pipe\gecko-crash-server-pipe.3636" 1928 290087e3558 socket

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main

C:\Users\Admin\AppData\Local\Temp\1000015001\Khdgbygo.exe

"C:\Users\Admin\AppData\Local\Temp\1000015001\Khdgbygo.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main

C:\Users\Admin\AppData\Local\Temp\1000016001\ohmcryp.exe

"C:\Users\Admin\AppData\Local\Temp\1000016001\ohmcryp.exe"

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "nine.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\nine.exe" & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "nine.exe" /f

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 688

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\775739321368_Desktop.zip' -CompressionLevel Optimal

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 844

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\c8d2dc11ee2044bfbe9091b315187faa /t 356 /p 5084

C:\Users\Admin\AppData\Local\Temp\1000017001\akrbuil.exe

"C:\Users\Admin\AppData\Local\Temp\1000017001\akrbuil.exe"

C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\main.exe

C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\main.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 672

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 608

C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\main.exe

"C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\main.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\main" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1784,i,18287127191061187478,13410174978756041858,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\main.exe

"C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\main.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\main" --mojo-platform-channel-handle=2004 --field-trial-handle=1784,i,18287127191061187478,13410174978756041858,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 804

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 628

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 664

C:\Users\Admin\AppData\Local\Temp\8917.exe

C:\Users\Admin\AppData\Local\Temp\8917.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 484

C:\Users\Admin\AppData\Local\Temp\9F01.exe

C:\Users\Admin\AppData\Local\Temp\9F01.exe

C:\Users\Admin\AppData\Local\Temp\9F01.exe

C:\Users\Admin\AppData\Local\Temp\9F01.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAMQAwADAAMAAwADEANQAwADAAMQBcAEsAaABkAGcAYgB5AGcAbwAuAGUAeABlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAASwBoAGQAZwBiAHkAZwBvAC4AZQB4AGUAOwBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQwA6AFwAVQBzAGUAcgBzAFwAQQBkAG0AaQBuAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABvAGgAbQBtAC4AZQB4AGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABvAGgAbQBtAC4AZQB4AGUA

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\50dafced-c9cc-47b3-b082-200a9650dd5e" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAMQAwADAAMAAwADEANgAwADAAMQBcAG8AaABtAGMAcgB5AHAALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAG8AaABtAGMAcgB5AHAALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABBAGQAbQBpAG4AXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAG8AZgBoAG0AbQAuAGUAeABlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAbwBmAGgAbQBtAC4AZQB4AGUA

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\9F01.exe

"C:\Users\Admin\AppData\Local\Temp\9F01.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\9F01.exe

"C:\Users\Admin\AppData\Local\Temp\9F01.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\ad81cb8f-e90a-45a6-b858-2235182451a8\build2.exe

"C:\Users\Admin\AppData\Local\ad81cb8f-e90a-45a6-b858-2235182451a8\build2.exe"

C:\Users\Admin\AppData\Local\ad81cb8f-e90a-45a6-b858-2235182451a8\build2.exe

"C:\Users\Admin\AppData\Local\ad81cb8f-e90a-45a6-b858-2235182451a8\build2.exe"

C:\Users\Admin\AppData\Local\Temp\1000015001\Khdgbygo.exe

C:\Users\Admin\AppData\Local\Temp\1000015001\Khdgbygo.exe

C:\Users\Admin\AppData\Local\Temp\1000015001\Khdgbygo.exe

C:\Users\Admin\AppData\Local\Temp\1000015001\Khdgbygo.exe

C:\Users\Admin\AppData\Local\Temp\1000016001\ohmcryp.exe

C:\Users\Admin\AppData\Local\Temp\1000016001\ohmcryp.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "python.exe Crypto\Util\astor.py"

C:\Users\Admin\AppData\Local\Temp\pyth\python.exe

python.exe Crypto\Util\astor.py

C:\Users\Admin\AppData\Local\ad81cb8f-e90a-45a6-b858-2235182451a8\build3.exe

"C:\Users\Admin\AppData\Local\ad81cb8f-e90a-45a6-b858-2235182451a8\build3.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Users\Admin\AppData\Local\Temp\8423.exe

C:\Users\Admin\AppData\Local\Temp\8423.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Users\Admin\AppData\Local\Temp\A2F6.exe

C:\Users\Admin\AppData\Local\Temp\A2F6.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER

C:\Users\Admin\AppData\Local\Temp\E59E.exe

C:\Users\Admin\AppData\Local\Temp\E59E.exe

C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\main.exe

"C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\main.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\main" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 --field-trial-handle=1784,i,18287127191061187478,13410174978756041858,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
RU 185.215.113.32:80 185.215.113.32 tcp
RU 193.233.132.167:80 193.233.132.167 tcp
US 8.8.8.8:53 32.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 167.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 15.204.38.209:80 15.204.38.209 tcp
US 8.8.8.8:53 209.38.204.15.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.licdn.com udp
US 8.8.8.8:53 mbappeportal.shop udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
GB 88.221.134.88:443 static.licdn.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
RU 185.215.113.32:80 185.215.113.32 tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 ponf.linkedin.com udp
US 144.2.9.1:443 ponf.linkedin.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 stun.l.google.com udp
US 144.2.9.1:443 ponf.linkedin.com tcp
GB 142.250.144.127:19302 stun.l.google.com udp
GB 142.250.144.127:19302 stun.l.google.com udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.138:443 platform.linkedin.com tcp
US 8.8.8.8:53 1.9.2.144.in-addr.arpa udp
US 8.8.8.8:53 127.144.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 82.221.107.34.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 88.221.134.88:443 platform.linkedin.com tcp
GB 216.58.213.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
GB 88.221.135.104:443 platform.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 m.facebook.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ponf.linkedin.com udp
US 144.2.9.1:443 ponf.linkedin.com tcp
US 8.8.8.8:53 ponf.linkedin.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
FI 109.107.182.3:80 109.107.182.3 tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.35:443 facebook.com tcp
GB 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
DE 144.76.1.85:18574 tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.169.86:443 i.ytimg.com udp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 85.1.76.144.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
GB 163.70.147.35:443 fbcdn.net tcp
GB 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 3.182.107.109.in-addr.arpa udp
GB 88.221.134.88:443 platform.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rr2---sn-hgn7rn7y.googlevideo.com udp
US 8.8.8.8:53 clients2.google.com udp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
GB 142.250.200.14:443 clients2.google.com tcp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
FR 172.217.133.7:443 rr2---sn-hgn7rn7y.googlevideo.com tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 7.133.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 triangleseasonbenchwj.shop udp
GB 216.58.213.14:443 www.youtube.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.213.14:443 youtube-ui.l.google.com udp
RU 185.215.113.32:80 185.215.113.32 tcp
US 8.8.8.8:53 www.google.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 172.67.204.169:443 triangleseasonbenchwj.shop tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 gemcreedarticulateod.shop udp
US 8.8.8.8:53 169.204.67.172.in-addr.arpa udp
US 172.67.152.52:443 gemcreedarticulateod.shop tcp
US 8.8.8.8:53 secretionsuitcasenioise.shop udp
US 172.67.213.168:443 secretionsuitcasenioise.shop tcp
US 8.8.8.8:53 52.152.67.172.in-addr.arpa udp
US 8.8.8.8:53 claimconcessionrebe.shop udp
US 104.21.58.31:443 claimconcessionrebe.shop tcp
US 8.8.8.8:53 168.213.67.172.in-addr.arpa udp
US 8.8.8.8:53 liabilityarrangemenyit.shop udp
US 8.8.8.8:53 31.58.21.104.in-addr.arpa udp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
US 104.21.83.220:443 liabilityarrangemenyit.shop tcp
US 8.8.8.8:53 220.83.21.104.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 rr3---sn-q4flrnlz.googlevideo.com udp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 8.8.8.8:53 136.3.125.74.in-addr.arpa udp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
RU 185.215.113.67:26260 tcp
US 8.8.8.8:53 67.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 pool.hashvault.pro udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 mealroomrallpassiveer.shop udp
NL 45.15.156.209:40481 tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 172.67.149.126:443 mealroomrallpassiveer.shop tcp
DE 20.79.30.95:33223 tcp
US 172.67.152.52:443 gemcreedarticulateod.shop tcp
US 8.8.8.8:53 209.156.15.45.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 126.149.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.30.79.20.in-addr.arpa udp
US 172.67.213.168:443 secretionsuitcasenioise.shop tcp
US 104.21.58.31:443 claimconcessionrebe.shop tcp
US 104.21.83.220:443 liabilityarrangemenyit.shop tcp
DE 185.172.128.33:8924 tcp
US 8.8.8.8:53 33.128.172.185.in-addr.arpa udp
RU 5.42.65.31:48396 tcp
US 8.8.8.8:53 31.65.42.5.in-addr.arpa udp
DE 95.179.241.203:80 pool.hashvault.pro tcp
RU 193.233.132.167:80 193.233.132.167 tcp
US 8.8.8.8:53 203.241.179.95.in-addr.arpa udp
RU 193.233.132.167:80 193.233.132.167 tcp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
RU 193.233.132.167:80 193.233.132.167 tcp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp
RU 193.233.132.167:80 193.233.132.167 tcp
US 8.8.8.8:53 rentry.co udp
FR 51.83.3.90:443 rentry.co tcp
US 8.8.8.8:53 cladrepublic.com udp
IN 195.35.44.72:443 cladrepublic.com tcp
US 8.8.8.8:53 90.3.83.51.in-addr.arpa udp
US 8.8.8.8:53 72.44.35.195.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 trad-einmyus.com udp
RU 185.12.126.182:80 trad-einmyus.com tcp
RU 185.12.126.182:80 trad-einmyus.com tcp
RU 185.12.126.182:80 trad-einmyus.com tcp
US 8.8.8.8:53 182.126.12.185.in-addr.arpa udp
RU 185.12.126.182:80 trad-einmyus.com tcp
US 8.8.8.8:53 galandskiyher5.com udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 brusuax.com udp
IR 2.180.10.7:80 brusuax.com tcp
N/A 127.0.0.1:50455 tcp
US 8.8.8.8:53 7.10.180.2.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 api.2ip.ua udp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 104.21.65.24:443 api.2ip.ua tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 24.65.21.104.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 speedmouse.cz udp
CZ 62.109.150.87:80 speedmouse.cz tcp
N/A 127.0.0.1:50546 tcp
US 104.21.65.24:443 api.2ip.ua tcp
IR 2.180.10.7:80 brusuax.com tcp
US 8.8.8.8:53 habrafa.com udp
RU 185.12.126.182:80 galandskiyher5.com tcp
AR 186.182.55.44:80 habrafa.com tcp
US 8.8.8.8:53 44.55.182.186.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
AR 186.182.55.44:80 habrafa.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.215.113.32:80 185.215.113.32 tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 m2reg.ulm.ac.id udp
ID 103.23.232.80:80 m2reg.ulm.ac.id tcp
US 8.8.8.8:53 80.232.23.103.in-addr.arpa udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
DE 88.198.108.242:9000 tcp
US 8.8.8.8:53 242.108.198.88.in-addr.arpa udp
DE 88.198.108.242:9000 tcp
DE 88.198.108.242:9000 tcp
DE 88.198.108.242:9000 tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 pay.ayazprak.com udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 mahta-netwotk.click udp
NL 46.175.144.56:443 mahta-netwotk.click tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 56.144.175.46.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 172.67.217.100:443 resergvearyinitiani.shop tcp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 172.67.152.52:443 gemcreedarticulateod.shop tcp
US 8.8.8.8:53 100.217.67.172.in-addr.arpa udp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 secretionsuitcasenioise.shop udp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 172.67.213.168:443 secretionsuitcasenioise.shop tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 104.21.58.31:443 claimconcessionrebe.shop tcp
US 8.8.8.8:53 yip.su udp
US 104.21.79.77:443 yip.su tcp
US 104.21.83.220:443 liabilityarrangemenyit.shop tcp
US 8.8.8.8:53 77.79.21.104.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
IT 185.196.10.146:80 185.196.10.146 tcp
US 8.8.8.8:53 146.10.196.185.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 udp

Files

memory/3548-0-0x0000000000950000-0x0000000000E18000-memory.dmp

memory/3548-1-0x0000000077CA4000-0x0000000077CA5000-memory.dmp

memory/3548-2-0x0000000000950000-0x0000000000E18000-memory.dmp

memory/3548-3-0x0000000004AC0000-0x0000000004AC1000-memory.dmp

memory/3548-4-0x0000000004AD0000-0x0000000004AD1000-memory.dmp

memory/3548-8-0x0000000004AA0000-0x0000000004AA1000-memory.dmp

memory/3548-7-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

memory/3548-6-0x0000000004A90000-0x0000000004A91000-memory.dmp

memory/3548-5-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

memory/3548-10-0x0000000004B20000-0x0000000004B21000-memory.dmp

memory/3548-11-0x0000000004B10000-0x0000000004B11000-memory.dmp

memory/3548-15-0x0000000000950000-0x0000000000E18000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 d704ca4e325ad4fd78b345f7b2812e07
SHA1 fa74d9fb49a54250a891ab11caa56028cc065dfd
SHA256 c633c3908a201fd0625df781c82b7b8ebaa87657f4829e34fe2cb4db8b9fa7bc
SHA512 009d757d9a07ae5e89822fd2faf0886c2615b1373fecae2633cb472388afaaa4706d0f43aeedb377c5b2b33d4630666d023f45223f53f01b9943ab158a56ee86

memory/4332-18-0x00000000003E0000-0x00000000008A8000-memory.dmp

memory/4332-19-0x00000000003E0000-0x00000000008A8000-memory.dmp

memory/4332-25-0x0000000004A00000-0x0000000004A01000-memory.dmp

memory/4332-24-0x00000000049F0000-0x00000000049F1000-memory.dmp

memory/4332-26-0x0000000004A40000-0x0000000004A41000-memory.dmp

memory/4332-23-0x0000000004A50000-0x0000000004A51000-memory.dmp

memory/4332-22-0x0000000004A10000-0x0000000004A11000-memory.dmp

memory/4332-21-0x0000000004A30000-0x0000000004A31000-memory.dmp

memory/4332-20-0x0000000004A20000-0x0000000004A21000-memory.dmp

memory/4332-28-0x0000000004A60000-0x0000000004A61000-memory.dmp

memory/4332-27-0x0000000004A70000-0x0000000004A71000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1

MD5 d769ca0816a72bacb8b3205b4c652b4b
SHA1 4072df351635eb621feb19cc0f47f2953d761c59
SHA256 f4cc3a4606856fd811ecbcdf3fc89fa6418a1b3c8f56ca7ff5717713e8f806a2
SHA512 cf13fd667e71707d63d394391b508f5a1ee5ffa7ac27fe35906e15059e9fccc8ad61e91ce3ffd537e8daa0f6306d130997e9b448a4466407fa0c894917850b64

memory/2792-40-0x0000000072C50000-0x000000007333E000-memory.dmp

memory/2792-39-0x0000000006F30000-0x0000000006F66000-memory.dmp

memory/2792-41-0x0000000006F80000-0x0000000006F90000-memory.dmp

memory/2792-42-0x0000000006F80000-0x0000000006F90000-memory.dmp

memory/2792-43-0x00000000075C0000-0x0000000007BE8000-memory.dmp

memory/2792-44-0x0000000007C20000-0x0000000007C42000-memory.dmp

memory/2792-45-0x0000000007CC0000-0x0000000007D26000-memory.dmp

memory/2792-46-0x0000000007EA0000-0x0000000007F06000-memory.dmp

memory/2792-47-0x0000000007FD0000-0x0000000008320000-memory.dmp

memory/2792-48-0x0000000007F30000-0x0000000007F4C000-memory.dmp

memory/2792-49-0x00000000088D0000-0x000000000891B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

MD5 2ae3a5940e91aabf2831a04328ea72ee
SHA1 02df1cc1b60823c86bd7313b039962d7f9ac5836
SHA256 13b9de759661f6b7023ef14a7303581d280521e8a19da8fc8330a5564b973f22
SHA512 7806acfec0e2a1cae975a050330e3c16c952cde01c3239f73c745abb9d29324c4c4df22c8a89db33be6934300afa66674c03b18f4f66346c730895fbfb0fdab4

memory/2792-59-0x0000000008690000-0x0000000008706000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sgy5hswk.01f.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/3056-97-0x000001B3DC5E0000-0x000001B3DC5F0000-memory.dmp

memory/2792-106-0x0000000009670000-0x0000000009704000-memory.dmp

memory/2792-108-0x00000000095A0000-0x00000000095BA000-memory.dmp

memory/2792-111-0x0000000009600000-0x0000000009622000-memory.dmp

memory/2792-116-0x0000000009EB0000-0x000000000A3AE000-memory.dmp

memory/3056-124-0x000001B3DC7D0000-0x000001B3DC7D2000-memory.dmp

memory/2792-130-0x000000007ECC0000-0x000000007ECD0000-memory.dmp

memory/2792-131-0x000000006F930000-0x000000006F97B000-memory.dmp

memory/2792-129-0x0000000009A30000-0x0000000009A63000-memory.dmp

memory/2792-132-0x0000000009A10000-0x0000000009A2E000-memory.dmp

memory/2792-137-0x0000000009A70000-0x0000000009B15000-memory.dmp

memory/2792-138-0x0000000006F80000-0x0000000006F90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe

MD5 49063af5562d3b5b35226f42bd49c164
SHA1 ff1b9f53c934060ee7def159f486f892fdde1bce
SHA256 118bc7f8dcc8423bd4e25b4e49397a8b65f012a28afeaaf70adaca7c89708bbd
SHA512 ce028067282bc1761dd5ef5c54ae4bae879f14ea2586e606976d706eb3ebe8bafdef9a2effef2592f598ee57c4b2579e6633518b145ff792f71c4f726d07b2fb

memory/380-225-0x0000000000F30000-0x00000000014D6000-memory.dmp

memory/4332-238-0x00000000003E0000-0x00000000008A8000-memory.dmp

memory/380-241-0x0000000004B90000-0x0000000004B91000-memory.dmp

memory/380-243-0x0000000004B60000-0x0000000004B61000-memory.dmp

memory/380-245-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

memory/380-246-0x0000000000F30000-0x00000000014D6000-memory.dmp

memory/380-248-0x0000000004B50000-0x0000000004B51000-memory.dmp

memory/380-250-0x0000000004BA0000-0x0000000004BA1000-memory.dmp

memory/380-254-0x0000000004B70000-0x0000000004B71000-memory.dmp

memory/380-253-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

memory/380-261-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

memory/380-257-0x0000000004B80000-0x0000000004B81000-memory.dmp

memory/380-259-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

memory/380-263-0x0000000004C20000-0x0000000004C22000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000121001\Amadey.exe

MD5 d467222c3bd563cb72fa49302f80b079
SHA1 9335e2a36abb8309d8a2075faf78d66b968b2a91
SHA256 fedb08b3ec7034a15e9dee7ed4dec1a854fb78e74285e1ee05c90f9e9e4f8b3e
SHA512 484b6c427e28193ddb73dd7062e2bfbd132ddc72ce4811bfe08784669de30e4b92bc27140373f62a4ce651401000a3c505188620c43da410bf6b0799a0791fa7

memory/2792-387-0x0000000007220000-0x000000000723A000-memory.dmp

memory/2792-395-0x0000000007210000-0x0000000007218000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MBTY1HA6.cookie

MD5 b75e0a8c863047ee3c76bcb6fd6ddd7b
SHA1 82a79b1061757bd755db6726df5fb32d7de05572
SHA256 74ebafc0211a7a4da2762ece6280aefd3d9ed629af6339b0aa010769900b6c7c
SHA512 348c25333c06881883d98be4237c7948aafde4de856de4269d0a083204e1a399a2b8c54a7356b7f55e9f06071415ce93310e462c450d3c22792c62c6d7d1d66d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KJHQWHIA.cookie

MD5 41aaf7d281dc54cbd974228352e4ce3b
SHA1 8bb7913e2aef0c4c37563931b82362a9a94c0c95
SHA256 b2761e67e679626cb22e9a521c5c0dab3ef548461abe655476b8ea360e3f6e47
SHA512 e4ac37d0ad6efd879c6d10a7398e7b9e22dec7ce9cad94bcd588b41d444c1ba78984fbeb6a62edf561021602dd6262cdbe81c80758b1cd2bd4cc74dc2ea6323a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LEMJ2MGM.cookie

MD5 cc58d83b5de892095bba29cca5c92df3
SHA1 5402399f97f9afa2e1beab804b895a7251e50172
SHA256 8dce5b37c354661463fe8bdd2e6580fb29514bb047cababa2306050759a6608a
SHA512 ca94aa0e3e112d2bf206a0d26e073b1777c5648244278b7ba7a072a4b538acede9211ba0d3835989b6540edccdec88deec74c67324d5a0a302e4e76c58490736

memory/3316-485-0x000001E4728C0000-0x000001E4728E0000-memory.dmp

memory/3316-499-0x000001E472AC0000-0x000001E472AE0000-memory.dmp

memory/5084-522-0x0000024958020000-0x0000024958040000-memory.dmp

memory/5084-528-0x0000024958560000-0x0000024958660000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000148001\dota.exe

MD5 0a7f5a1c69694106a8ad84409cb206e9
SHA1 46ddf17309ca881b9abf02fd45a3442ff658a741
SHA256 30d258954df9b657bacd05e68b877592e96b7ab614142c08217d5b1a102ee599
SHA512 bcb71482582ed12c9cab7df0b99a6ad78e2ad1cbd41aa3f979c0bd8d1054015e33bd901072a3439495229810f058c2e9c9099789144d10c71b15741b949f681f

memory/4332-586-0x00000000003E0000-0x00000000008A8000-memory.dmp

memory/4332-588-0x00000000003E0000-0x00000000008A8000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 92fbdfccf6a63acef2743631d16652a7
SHA1 971968b1378dd89d59d7f84bf92f16fc68664506
SHA256 b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72
SHA512 b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117

memory/4628-598-0x00000000009C0000-0x0000000000F66000-memory.dmp

\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 62f2378ca9d8cd4faf385923236f4f94
SHA1 3ba95ccfa935fe75aa3c50923b453cf1e3cfe53b
SHA256 ab33a3e5b5e3f4bb990f4e92859bbf152417010d50b58e749d1ed674082fbaa7
SHA512 0ec6521e5eac42f892444a33c90e507b518c9a0c952a8001cd0c23f26b3f189057e1de171c90bb6c2e372583ce08c02b5722a2f0dd130dd3cc14c88bac7db18b

memory/4628-609-0x00000000052E0000-0x00000000052E1000-memory.dmp

memory/2792-606-0x0000000072C50000-0x000000007333E000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 dc465c3f92e487f50294cde03fd39629
SHA1 b7acf90f6eed7c52cd4420095d660f26a8e932cb
SHA256 14005e6b19ba5fb971533af4c0fab3072c375e06569cc5de36c6360679dfcfc2
SHA512 e7c480ff8a1274adc391df51422947b8e50f50aa2864cf21c9d317c883eee621ac3df6925bb6031ffcb627b56102e8715700ef42eb3ba329906eb59fbb744fc2

\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 d2cd757a3fae7b7be0d4810c93e12097
SHA1 0832b7b9f4625a438427508f8d50b5bd41ec7c4f
SHA256 6504feebc3eb4c05e98e45bf88e14fbf61a01be7a1bf18645291907c7d167d1d
SHA512 623da45694aa994bda7ac1e613f0f8b030f8bd0df145ae1366c81310928741367530e79a061aaf5dfa3bf9468f4d2aa9a97ac76524803fcfb85cb5b71a47448a

\??\pipe\crashpad_5372_LEOPIPFXUZAQDGEB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2f4d3fe7aa640d06de181cc6c2babebc
SHA1 b73522a906d29b1e64a68427a32ab17907f0d462
SHA256 0b2fdb56ff8840f7ac266ae38fd44ff2a7181ec174033ff60d5cdbd720397a50
SHA512 a9ce7bc89e5639f09e27d7c3466c0df746d1fcf89d9ac7ba23218e50ba0de6c750afae4ddd6c7ef48d14cfcc72f27674e1cb2a7181431216dba9e5d4cb9bbe11

C:\Users\Admin\AppData\Local\Temp\1000149001\File300un.exe

MD5 739030881c5314d72c7af19cc86a46f0
SHA1 b3f747902722a5200397bf41c5c1eabc4bf13068
SHA256 0266692ff90d1166e43a2fcc6d6648b9c5f9c74b8d7d93c03669dac57bec6507
SHA512 faa3f026303ab7753361a5cb562163ea8664de991261560405698832e4c443065efbbd870f2772bfb5b3dc36016ee3b0f3193c4289763496a03d38db4f9164d9

memory/3056-725-0x000001B3E33D0000-0x000001B3E33D1000-memory.dmp

memory/3056-735-0x000001B3E33E0000-0x000001B3E33E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000150001\newfilelunacy.exe

MD5 c1982b0fb28f525d86557b71a6f81591
SHA1 e47df5873305fbcdb21097936711442921cd2c3b
SHA256 3bab5e1befbdc895d9e36e76cb9a40e59de61a34109c36ed26d7dedcd5db3080
SHA512 46dcabbfb57b3665faa76bc6f58b6f252934788acabbf2ba75263d42cac8c013f6feb5992a7043123842a609bdd1b3084f2f0c8b192c2b219b87274d29f8c432

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WRFPUFQD\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

memory/380-775-0x0000000000F30000-0x00000000014D6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000151001\daissss.exe

MD5 10a331a12ca40f3293dfadfcecb8d071
SHA1 ada41586d1366cf76c9a652a219a0e0562cc41af
SHA256 b58eec6e5aabc701404d5b5556c86fff5cc103c69eeda00061e838c4f122288f
SHA512 1a5b8e77ddbab97bb4c848adbcd7dbfb9ca84307d1844dba9572fcea48a2cbb091a3fc52663b87568416adf18a1338adc07aab0bd5f1ab36a03c8ff8a035d399

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b0c8dc15a3f5dde4e410ebd36b3c6545
SHA1 3e6559ce1dfacb4a71452f72ddc9de6d37fc862f
SHA256 325b5bf1f39c52f44d08ecf821cc47365a2fdc52334f213b106b607e559642fd
SHA512 e0f1b04cd6adaebb719ddf0b08d2ba3b542dc8c6299e728539b0514f8465408db1111781c2099711b8f77ce54948bdfc5b27821f8110201bd8870b808d72e641

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5d6c3d51e425a8aa9fa29e8481d109f1
SHA1 2050a6b55fbd9815491f7f7985f952c5a6a7cd03
SHA256 bbded025e227ed27315af9b1c842efce20b92b21d9ca17b66f52f421e7b2925e
SHA512 4aded231d8bda0ff06897e6c7f84df2f6fe80931d4ef48bd8996902615d0908e0a52ac56416a603451e7d60febe6e081faf9ae028b8ccfd493725ad92c7bc5f2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9493326ba22eb162c55b2f01bd839528
SHA1 b97d4c1573b8b59f4aa889fe6cee434552a24881
SHA256 60d029ce3f89de29c9998ef7f2b9fc5f2ba4366fbfe8de073deab17a99f8827b
SHA512 cb970772ea72fa58867a8ddfe6e8834aeb4264280b384bbe84e6992d0cf8ca5648613ab6dc3d47f650131d53aa36b540cfda1e95000e2537f8c126cb6ae18766

memory/4332-827-0x00000000003E0000-0x00000000008A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000152001\lumma123142124.exe

MD5 cad41f50c144c92747eee506f5c69a05
SHA1 f08fd5ec92fd22ba613776199182b3b1edb4f7b2
SHA256 1ac5eed2f7fc98b3d247240faa30f221f5692b15ea5b5c1eba3390709cb025c6
SHA512 64b89f3a3b667cd81f33985db9c76ffd0bb716ce8ed93f97c24d3c20e7236d91d02af9371a26d41f55b564702bd1f6fd7489055868fcd1610c04beb79ae8c045

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 276c995d54ec41b62dafae4483967adb
SHA1 8cb173bbbb6d9fe434ce45801f22b97954791299
SHA256 57c11bff0193d2ccc24de3eba0668d9982503461da3c7efa5c38d8b1f067bd76
SHA512 25e1e8a71949891f7c6a78aba7c47090f91635ff40c39d1f372b559400caac0754ef7afbd7bf785b5d418667b0202301419e07ab31f7796ddadb681d87e773f4

C:\Users\Admin\AppData\Local\Temp\1000151001\daissss.exe

MD5 ecb322da7d4def37a3773c9a90ab808a
SHA1 faef97557afab2b342985466e621310c5454bb22
SHA256 19cfee8ec9953158607508cde3ccbb1e5db865136e33c4638e7440a4549d7b7d
SHA512 2c1a42d3bf5d343206114f39363554fee6975beaae5252df407931ca25163f56af19e1e117126d6e0ba561a7fc7134c41a7d8da797cf614567cf96803d6dd8b2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OZZ2QH44.cookie

MD5 44873c8a7942da9cfdf56ff2f53bd4ce
SHA1 c029ad4cf6d41abd4feea0823989a8c0c5b631dd
SHA256 6871f93db1f4dc957d2ba3f67ad4d35e9b4ca566029e719c66d685c794329ede
SHA512 c5122d43304e4a5c760f5ee8cd21ee9bf83c159cb94e31b7c5d06c25f5f9ba35965c335f7ec1a28319eabfec7612a60b774d6ac2010e83221cd7c6406507d199

memory/4628-968-0x00000000009C0000-0x0000000000F66000-memory.dmp

memory/6704-967-0x00000000031A0000-0x00000000035A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e1a780984945de3b7302d82a09d299f9
SHA1 72e433300ddf461138dffdb71f93a39cbea2a31e
SHA256 fde7f7eb2a6045e082d1f70b7d5546b60f65355e3d8de9ed3644ce2ccb11ea44
SHA512 fbb71c9a331f094bd9d657cbf90041bfe78e5450b059d22718f5ac74f6ee31e5f48373e103d7cc3f7095231c0c22c077dba2601fc24e93d1780ee098b64061e0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 9efa3638f703b8227b06f03640158f6d
SHA1 7e253e12edd01949192c909dcb39494ae1ec84da
SHA256 bffdcf421d5544214347816eb2e31f24d8a7471f9c571813cc6690b63f334fbe
SHA512 e6c880282f05d9341c3d7fbbb1b76dbe885f9fc8928a7e46e7ffa0e134424ce47a76659e0addd559879a74833793f349a08c6c6e9315a064ce5bc1c343e7d884

memory/6704-974-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

memory/6704-947-0x00000000031A0000-0x00000000035A0000-memory.dmp

memory/6704-976-0x00007FFF3FDD0000-0x00007FFF3FE7E000-memory.dmp

memory/5084-977-0x0000024957B90000-0x0000024957C90000-memory.dmp

memory/6704-978-0x00007FFF3DF20000-0x00007FFF3E169000-memory.dmp

memory/8048-982-0x0000022F72F00000-0x0000022F72F09000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000152001\lumma123142124.exe

MD5 c1b96317f2ad4cca9e733848af6f94b7
SHA1 6d167066dc1759151eea9c75f1663583921e6632
SHA256 22f30dfcc75b82bf3a0f66617bbff7b11eb82eae66cbb97120c3a8167f951365
SHA512 4bf2c156b3e6a64720715d4d1669e907e4eaf09d954ca4a0cb514133ece0581a008c3f428b9784ae5fac0022f5e72f59fd6f82012809fac03ec51682be5af21a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9c824d3815da3ff6b7dd4e940c868837
SHA1 fafb205b8ff5084bad9dc816707e4fb44196ad6f
SHA256 c48b1534aa89df6887aa95d0b606b4af2459416b15da5832a0f67907371bfbf1
SHA512 cfa4c8ee740c2ae990e5b074a7fee2e317324bb69067c66307b8dad6e79942dc4779032247b368c031873858ff2ca8fab7eb1e8010ff1e0dc9fe9661c71781ba

memory/8048-1008-0x0000022F749D0000-0x0000022F74DD0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7b1b910b1448ae14cf0b2c1a335b800c
SHA1 eeb458fae9cf3f3b22698fe7de51439ca95bb906
SHA256 9a9fac475fb52cfcdff7124b03d8a63833a1c914d7094947cbb8394008a2843d
SHA512 c94afaf64dc6833ad5be625b569398485ff01d645978d2df64a750c7df0a8a0f16de3d5c2b41e58c826a15473609291778cf40ba70574ad7fe4b4d1514fb3bb7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 034135825fc8396b6f521e7c1c1b29ff
SHA1 748305f788dcb35328992879a5c362d0504d2c66
SHA256 c4088b653704e7a35b7ab63c1e5068e0fc5c0418d1ccd092bb59a122178b719c
SHA512 a712d5ec000f8b0214a955ce84a7341c03c20dea835e145f5718c41c27a6214570093774ab32454ec7d5fc5232cffc50ba640eafc4fd4ddd27c800691015f166

memory/8048-1022-0x00007FFF41060000-0x00007FFF4123B000-memory.dmp

memory/8048-1025-0x00007FFF3FDD0000-0x00007FFF3FE7E000-memory.dmp

memory/8048-1026-0x00007FFF3DF20000-0x00007FFF3E169000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 2afdbe3b99a4736083066a13e4b5d11a
SHA1 4d4856cf02b3123ac16e63d4a448cdbcb1633546
SHA256 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee
SHA512 d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae18aa3060153b6599ebe1d08e05fd4c
SHA1 4208fd5cd723605f41bab31d5daacea428034ef1
SHA256 1128bc4e2661089a3370870375dc7081228cd31a40e353feaa4903b2c77aa516
SHA512 dc3b76574a4a25cac7d8d033438c829e22b930b58906f537f9fe095c3c3a5128d49d50d842ff6781f9ea4f7bea6da32d0b87057bfde0b7954533719b396e1e96

C:\Users\Admin\AppData\Local\Temp\1000153001\for.exe

MD5 cc3150f85eed6302b9559898d6e836c8
SHA1 b6439650bfcae44c6f047a3e3fd57d4f8950e92f
SHA256 aa0da9fb4fc24713610aed72611e01197cdbae594e0370dda9a7b45bc3bd0137
SHA512 b057481dcace3f78155dc094124e4f7d4108c09a079e03dd40487a2eb04b3e69f042580a15cf83dc44b3017cf272bc900bd820a279349d3f084f9f1fc4fb4202

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 08d08e9a756111e61c64d7d1bf177f94
SHA1 f296dde0b56d01aed50a7f7413e63a3cc340884b
SHA256 db1c0c536e438669728f41acd34a15314e6c779d4e61db5a6fb36fd34f21c4b0
SHA512 789b567b783e49bc722d5823af6b057dece3ff125604659b1cc5d7e8cbd5eb6e338ccd49cbc0fa9169e433a5e2bf41027f6ee7dfd10bd6369daa1f7f35e1b7be

C:\Users\Admin\AppData\Local\Temp\1000153001\for.exe

MD5 053747739296e82aea409ec3720d0bcc
SHA1 7be2167a0586a20e0162f27ff22a908628e8907a
SHA256 19f97e30f611e53583b19cf30a64a744377c6e53912551c5636e614c25175da3
SHA512 964a957783aca4e2309b70212588156588984f185a4704f3b7f303855f0231ef255d457e8f7000b4f9b0133b55c3f2ceb010c9291fa4fd50accaeb9d238a4aa1

memory/8688-1165-0x0000000000400000-0x0000000000442000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000154001\Goldprime.exe

MD5 7e9e39a623a04307eb499ff6617b9746
SHA1 8d96a7b6464765f32a86e9103955ec74b9b87da9
SHA256 88cb62dfdf42ef1b6c083b8c25df0a383476a274ae1e1f0043585d4bdfd1217a
SHA512 bae1719b17d910ae001e0e81f9b5af535d844243ff9974da4794e73e73db115f46cc6d9053cedd4dab1b04416ec444774490cbab9b5dac8310aad43fde7c32a1

C:\Users\Admin\AppData\Local\Temp\1000153001\for.exe

MD5 2cf60793a6413ade017b6e6a889d4de5
SHA1 a3549a6002f89d7fe693deddc58677a888506691
SHA256 a66527a8e6f27e9104d6f47fa9a019c638816d20bf0c220476a1abb8dc3a5227
SHA512 0cca7f0691337478c48f213373e42981965b1a1f7156b7ee0ddc433ab2d3eb00ca7310e3af2454cef0f978ec109e7e2a6db0623cb43700aa8d72441d521f7239

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 9c1fedc159d5b7f7bce142dc577f7143
SHA1 1917d1cbdaa3dd61711a9a0435a1770cb3003359
SHA256 2334a0639e3000c07c141043f7588fb3ab70598c9163b1ac201c8ac4ef4f46fa
SHA512 1ba3310863fb704172e701ae4cd6b86a75e3b0e51e246874f54d3eb6cf91a4201ff6dfe5ebd3c228a442b75ae38214d40de3370f8bc73161270fcd9a794fef7a

C:\Users\Admin\AppData\Local\Temp\1000154001\Goldprime.exe

MD5 c60b77e17e6c4f0933db17b77995cff6
SHA1 fd398501e495f6d750ffa5c727ed1954dcb1c9d4
SHA256 926ef9cd2bf5fb1eb9b5e65544421a06048c96ceac397c0a4715afd81f8b34aa
SHA512 efb28e986c2fd6ff25a71b9f0b9272f048426ddac470ca0c6e1582ae49cee8899e0b3a0a580ca0abb0dccb4e8973d84a27a2ec7e8dffdef6951cbac1f345aea8

memory/380-1137-0x0000000000F30000-0x00000000014D6000-memory.dmp

memory/1896-1233-0x0000020403CB0000-0x0000020403CD0000-memory.dmp

memory/8224-1263-0x0000000000400000-0x0000000000495000-memory.dmp

memory/8224-1275-0x0000000000400000-0x0000000000495000-memory.dmp

memory/4332-1262-0x00000000003E0000-0x00000000008A8000-memory.dmp

memory/1896-1295-0x0000020418F40000-0x0000020418F60000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\1000155001\mrk1234.exe

MD5 ab2ca5e2d80a7055c55b3d8bd49ae5c4
SHA1 dbf8f563c8e5fce7d9acee12d068a45c96304a1b
SHA256 d8354f498e9f7706553307fc860a3b453e6303df39a2f87651fe61085b3e7c4c
SHA512 1544b44d273fdb71b833d4c4a62f6bf3fca0c9612f053fa559469ae603d1a832b0d183195fda9afa40500621730b3fd7e080f92a63f74c9028695b50c73f327e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 cd204f9a0e3229541081ac1110d2b9e4
SHA1 fe2c19332e4733b5c9c58d72dab84e01923cba80
SHA256 4e4098ec38a987a2635ce80b035719216d214b27a832172fc8cb43ee11d1a5b1
SHA512 95213519798344eedddf32a4991a478a776f868af3e269e4de340d58bcc0fce40bd9a4787c7e356190c6b96ade994f90f75d42faa1cff4e495d380380c1771c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\storage\default\https+++www.linkedin.com\idb\301792106ttes.sqlite

MD5 ad4827ced1207948fb0c3b2709416b60
SHA1 9db2ef8aaa7cca0376a9a7e3154eff9ae3c4d294
SHA256 75084c30ab3482f2745d9638a2569a6df7786733f5cb365fecaeaaee1b662960
SHA512 b75826cb2838f113b240bf8825f47b5a7929f08c5552e0c8e28288cafa0cdc808a436b4c9d8faca9428ee268e637f35cc1b6e61b96551741d1f3999eae6ce106

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e6c09066fd1af16e2b7fd2c521916e11
SHA1 c79771441e84877c1aeb754084a1a1bb2c839d37
SHA256 430fc91df963875d64694d0d6169a8764d34698f8e2ebc6315e0e4a04974da23
SHA512 a3dbbd6b8d85fb81e2d618b10300160690eedada0d93fb86874a36c9c771edadab3f542377afe74842d95f066f46797304e84451d31095779b49fe247b229c1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 167b134ace5255fa30a9891005c9c3f3
SHA1 0e2114c442b9a30269f4c49cbced1f6400ecf072
SHA256 c97bd04519174a90770f87dcb255c4df5d8e0503d479224b1cf84db6744bb64f
SHA512 4dde61017bdc42063c524baf19c8472c377f78546dc40d97db93b38d3555489f60f9f712964e13fc1eafe10e88858ce5abde89e93f2408aa75d1db15c04b11d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b79f2fae437e4cf9d9d3af26bad31fed
SHA1 e1422727ee4d7da601fa486b3784296a2ca23fe6
SHA256 c01359ec89d024755edb3d48438c0f2b2c44b85c0b41cf786fd8f007dfab3170
SHA512 03c9e0f8859ce5f7ff63ede7d7fab900c1cb16b3f105279cc59d545733aa6d2febda07c7940c8357c5cc013a06187892aa48dffeeb7b939c458c4bb8d8859436

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583a35.TMP

MD5 e304c81ef35aaa78f90e8a16a91430f6
SHA1 023d78f7b11164f19497d3c653de1bc479b52e3f
SHA256 96606334b2e105503f3ee519a96627aeb03f65a6a482beddc1cfb999f651fbc3
SHA512 262dae99e55ee69a175198964ed79ef76a83962b26e478a0e9156700157efeeb13d28af8c1cdccfd3de29dc887a2bb5075815e15716fd52b07c7648fb228d986

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81668ceb9ab410b120906326f1495487
SHA1 28f96dea7437cae0ef1eba2824472666a0f30829
SHA256 ad17c8a0da63fcccab79d403908cb5a82ebaa451ab919aad68be6d90b051bb5b
SHA512 5e8c3bc01012945e566c1ad7c2cb4bd9732269c7da3b6461fa581f49b8e5460eec90d4956fa28cab0ee22372d12bd52864e89a46d00a55c829aff4417faad077

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NUNNRJTM\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5372_1945920873\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Temp\1000156001\dayroc.exe

MD5 64736cc89005ae6bf41787ddd09cbf3d
SHA1 3c542b77e4e222417882453b94cd2ce38db72cfb
SHA256 243f73d6fa11c66a6f2a58b130eab424dbdcb4c76421781efabf5d33e4602b23
SHA512 cb47f6e730299c2372b26ce82ceaff95c28c82b504069731c5ef37f7dca75a37f5e0c4d27ef37f86897bd778e23a58a27a4fb85aebf6a41545467145f635fab9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 717cf99f39471c4f12f7923c8382390a
SHA1 680023afb52a34d034565f5e6f6084783b3c0c7f
SHA256 264a66c3eddcdb8b5637ffc582a1d1e8d38ef205d040f383927f613bd921c4e6
SHA512 e78fdf5b9cd1b2ac911a44ac661d6009aec74a98373c27f750f2fd27bcadc0dab78e575facaeff4ce7b5558cab7fbdacce9b147d7820b49b274190de45566133

C:\Users\Admin\AppData\Local\Temp\1000157001\RDX.exe

MD5 f733785f9d088490b784d4dc5584ebfb
SHA1 6c073d4208fee7cc88a235a3759b586889b91adf
SHA256 e7216d8b7084c0c36d90aefaf30bb7b6d10ae2ecae700889d459ed5ab1b26a59
SHA512 43589b18333b0edcd6e300577f86de685058df5533bcbfdd3e30497aa76176008125fbd28deecaca5e6132c42cc5c0a583c34497f40dbe4ea577333eaebab899

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\o57kiy9\imagestore.dat

MD5 21f791e41bd12557645c2682bde7eb15
SHA1 ffbf0f16293e0ba673436fb3a2d25e5d9622fc55
SHA256 89995a548f7f5aaaea92cefac541978a9645d0baabe30f5bf7d9c20921206d3e
SHA512 f8efbbf28f0f9a0aad319c8e8b01fa3ae870b6d58ebd33c11ca3b10adb9c7253c1cc04c43741830faa2de3f5e2b916e0f82bd502e76f9282dbefc84b35b6c31e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\62286ECD\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 93e60f71ba78b3fc638e56bb861be838
SHA1 76b4264cc7807a60de62f8ca02c83743c1b1105a
SHA256 4436d3e84a07b51c388e8ffa5a91408a5f2520715c855312b92755c34b5046b0
SHA512 356fe5b70f1186f4b96553d397b0ed0268555f63d552d40bfbdcf1ac6e054789d26b17b48f67ebe59e771782405e1c6f93118664970926170642b77c8a11c551

C:\Users\Admin\AppData\Local\Temp\1000158001\redline1234.exe

MD5 9eb75f17e86d6a366a71f605e5795685
SHA1 d35e5e5d378a6c860fd1af9150d157c057d276a1
SHA256 c4ef98292bd27a8071383f4dd4bbde3a55ddde91e9b35218e09afa7b158153da
SHA512 d7f47bc822d23fd8a455d40a8eb9c2d9e49d6891e6cdfbc0972519012790e78d6323ae8dd1eaa1be60b8fafea3e011bcdb7ca2daf1de8518f3b10bc7599ee8c9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QF2KPWP8\gB76kJXPYJV[1].png

MD5 389dfa18be34d8cf767e06fd5cde4ec6
SHA1 47b751cffab47d076816c63ce08d3e84600376ee
SHA256 3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512 c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6dafec39c5c7cb0249253844ff0364bb
SHA1 c036bd524138f2c45b389a6aabd5fbbd0c816a92
SHA256 7add26bb630de8f9b98e4fd010d900e2d01d0415ccdf6cf2f6252c056df284b9
SHA512 19ce3a6b268f448a814d40613a02bc6fc7046bab8d1f6f0195326497b80b574f5d8ff8345e97dd6871f89e3ddbc154cf671cd56073517e77088b800b59167d0d

C:\Users\Admin\AppData\Local\Temp\1000159001\new.exe

MD5 558ab48bf915cc82f57dc611c2e5f79c
SHA1 a0d5016b15854532f0b16b2084e96acc01262cd4
SHA256 9e320caf80cf6611b4d090b91ee392b35b3731876bc327c6d523b77b3467b0fb
SHA512 d48cdf069202ef320ffb62cbc146299b87d3e341e1b83b27ee4f557480399c04ab45b49a1954346b74e75d05b3113388d542c8c394fe37086119eadf9fe798b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\prefs-1.js

MD5 180ef5fc5ee5bbc34e21701ded937b6e
SHA1 45889ac82c1d56b8a1512ba5adf3afa0ee61bb5f
SHA256 b7f266c7bdd9ee0824b6083dc723b8d3505b26ec31a6165fc4f60227901a3261
SHA512 ade477ddb7e466fc0e4b7f84f5c0c25dff12df22016507ddc2dc2a4a8dc7763ebec9fcbe6dd16c64068bf5bad190efa177ec2fbfef6c03d33cb9b0a23910dab5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6ab666cd0e040a4927af27593c49554
SHA1 ba841635f9c2ef1525f79541ac888f7c4ee42cdc
SHA256 2829e2c5269c74a18e035b27b2b918b0fef873a67ba671fdfded6255dd57c9ec
SHA512 1de273d74a3f5722f76663fb8801bd0f77a9d0c4e9fa168c896385974ddde3e89b9430e7e0cfdbc5ec3a4550d4aeba716787f10d488896329515c0bf259830b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cef690445feb6d4e9730b34c8ae93182
SHA1 d29de0e0d36bc1a3aaae7416b6d76a067b3eb513
SHA256 e8cbfa5363d30142d73f35d111877844be0df5dc6c3950323c400d6fc218c602
SHA512 a14f5a8d4abd52f4372bc1ce5b49bbfa1e3abd8006fbb2d86f998d74c15314861e21c604f5c67518d3142a36ea2c582d0970e31214a246f7b1eef63f550954e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cb01f4e97ee1918c797d17f1cb4d6f3b
SHA1 3d7d5f90ddf262700b8196609bba49c33b782f7e
SHA256 9c99132226452075dd74b3ba3a37b3e07cbc5d894b5f2a215393bf504386e7ae
SHA512 08514477c2b548054d5f85ea79aee1c85b62891a29f4cb6313bbf8b225f52303b0b90fdb655111b246572a34f84d630e4ed2d52c09042c843d78789726f73a5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 74fc9006cfd7a2711b4a3f3a3142c54b
SHA1 78c86e8ceb4dd62e8f4d3d3139471cf069e5c41b
SHA256 98c9eaabbe231c0864105cf51f8aaec19ce2302fd83ae65ed6ceeab3308760e9
SHA512 ccc49e6e9b14e61b5203c86f94b8531378de416661ef1ba6e8ed21778f251f33c7ac416c923038a25d503009d1279de1420f5cd27617711e0488611b410eb774

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5a969ff56f937589a66b88eea23bf549
SHA1 fdf851134ebb78f3a669b817e55ded4d01b8b192
SHA256 ed7f06ea20f79513579b416ee006774067dd601c327b5ca2c1f29fef21df009e
SHA512 81bf0a9c04488fe50eebca303b4994fe7ac4a9d8ce5724e99588e0da49db8e0a762f345040157261a59d58d3be33526e9eae36172fbd7c2d497d02a16f56e0b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5898b1.TMP

MD5 0c664978919f5811e8c196888b73d71f
SHA1 92d605be3d40ed4f11aee12f9c6d4a9fa578f948
SHA256 dd152b0dc256c7bf1629dae294e1ba8b28f0889e5d1563b36f4aa4fbab68b810
SHA512 bbc513d7e178a675a2477f11bd9064728001ab7ac1e3e6e0de1b9cfec1d251d884cc56eefc0ef2a2a3fbb381e933816dda90e7f6e4d26c11f1ccd4e425a8298d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ab5faaf382f929a78d7eefb6e654a53
SHA1 1264efff6cd98000196385455932a60695510d78
SHA256 0d299544dff82cdfcb87d4ef141f12e2f9e8b719ae1516eac682ae4eab41b537
SHA512 7dc04106e5538ca80477b8c1cd8ea98cddccfc675217dd1a88b9d4a14197e3c4b19fbe1a764b1795620fe955e6a9556b691d685c90523da7524071f5552877a2

C:\Users\Admin\AppData\Local\Temp\1000015001\Khdgbygo.exe

MD5 7f7296369a079844677e4fece4eceed8
SHA1 aed6463bdc4c3a97c488077d9a997da08417dc74
SHA256 36381d6604d09effa38f48cff2adea21ebb1fb9750d0b31ecf6f961188089741
SHA512 35298be1f240d9931a67cd068fba7479c299e7fc52f5ebd079e5b9b243cb36f46c114b9c931db8be55bad08a9c8682db3b9d42f6e569c9763970740e30464864

C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll

MD5 f35b671fda2603ec30ace10946f11a90
SHA1 059ad6b06559d4db581b1879e709f32f80850872
SHA256 83e3df5bec15d5333935bea8b719a6d677e2fb3dc1cf9e18e7b82fd0438285c7
SHA512 b5fa27d08c64727cef7fdda5e68054a4359cd697df50d70d1d90da583195959a139066a6214531bbc5f20cd4f9bc1ca3e4244396547381291a6a1d2df9cf8705

C:\Users\Admin\AppData\Local\Temp\1000016001\ohmcryp.exe

MD5 aaf7c77a7850e5227ab25336c215d5c2
SHA1 9601e2278ef44e4f38413c576251d46bba120d15
SHA256 359c71ed3f9ae3d46956c7af03cc95efd032c56659d80e9eb44b7516b2980bfe
SHA512 1c33b64494569045df3bff7d8b5e79352eb6ac7d9024ddf1e8507b0c302e8822dc7c926a3e72b46ac6f1081c6c7d324457da84b6f9ed4a6cf4f6d56aee382cb9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\28jjyjhp.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll

MD5 154c3f1334dd435f562672f2664fea6b
SHA1 51dd25e2ba98b8546de163b8f26e2972a90c2c79
SHA256 5f431129f97f3d56929f1e5584819e091bd6c854d7e18503074737fc6d79e33f
SHA512 1bca69bbcdb7ecd418769e9d4befc458f9f8e3cee81feb7316bb61e189e2904f4431e4cc7d291e179a5dec441b959d428d8e433f579036f763bbad6460222841

C:\Users\Admin\AppData\Local\Temp\1000017001\akrbuil.exe

MD5 ff8c2572f6e42b1fc6ef10fdcc64b702
SHA1 cb0fb34083fc7ae438f44d3b49b10f5c6ff2395b
SHA256 85b73c084b3a66a56dd1de050720ff8877dfb2009a0bf658eaf88d61df8abc54
SHA512 668e2da88999a7310220288fd7a6b3089ee1ae8eb7675bab5e8571c00300ecc74c425f37c6dfe2c7df4fba08e1c154de073967e6ca199beb74980a92909e3bf0

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\ffmpeg.dll

MD5 0d492000f6f66e9915cf4b3c8aeac265
SHA1 3f818b02e33cddd8786ba6c5fc5aa56b6a89b80a
SHA256 28a1d66c702c1c2fd5a325fc5d5e0b83c77dbeeeebb136e54d232fef53f3a9e0
SHA512 93e0584168eb7db4d4aba52ed40670ef340e14877162d236bf9632d5f86710cf3f8391f80ff7e230c638883fc5ddda732f5fc09787c405b5f1fafdb50bee9962

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\libGLESv2.dll

MD5 d582bf691d96ef28344f8f71ce2a18b5
SHA1 287cebaccfdc177f4b14bfbe892fe6e9c8f74aa7
SHA256 5ee08d68cf159bd5ddf13f9ef1a417722783b07accbc6746363a1350ffead659
SHA512 63324442cf8fd1a6d3d55e1bfe0f4fb8698a57125eb7b51d351b25dfdecf6e6e720e60e5af64ee1981b7761c5de4e841d53b2180eeb8ae082bc80433f2485082

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\LICENSES.chromium.html

MD5 cbfef830b4313e6be318bcd15c23bc86
SHA1 8628e032c1e9eb2a31a80abf511c6204e63831ef
SHA256 b6d427c12884f6647b98ac87f50afe486dd943d278881d2435a8a3078e0eda2c
SHA512 67e1f6659fd9a12b9820fc9c8296d2a6911bc352f473f916ebf888470c014c4919e960b005d43f9ef3922e72d7a501f2a840e22c333ebb173c0c95dc08a45b2e

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\libEGL.dll

MD5 efdccbb5c150b0415157ced057233303
SHA1 1474527e1fcd3d7afba607abac1c640e8efc4aba
SHA256 4dc75cd9e51a58070fd4a7a0cd5fa13435803cf5bd83eb875e1c8d338ab4a2d6
SHA512 9b7e7bc305416d56ce78f9ecb839ae92f9aa998935089b2214035da2708f768dd32a6c049841f4d1bf246a5eb7ec73ab109c307c7ad66ed9c34a5b7e6be0282c

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\icudtl.dat

MD5 e48406796a80fdba5d0eb937ced6a315
SHA1 f2d0cdd174abe90bdcb658f89a8fa46135ebcedc
SHA256 ab8ebe1d1a3b07fa68d7664be3a0e41ad437ec83e9ceb2a6953593cf3b926fcb
SHA512 98b445e9b89084341b7837910e0dd9a39db4645275b11391e901ac7e9fa3beb48991039b050b2d0356cbf8aea40104ea0787872d737b53f15a2755d49dc3d1b6

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\d3dcompiler_47.dll

MD5 40176abb42e88020c476faecbf4e96f3
SHA1 02ba59276bf42fe5576ca57a2e38d71f24e2937a
SHA256 aa90bc3d8ef4119276efd9a6ac4c08f371cd0e4bb6fd568c3e074673004e064b
SHA512 e4d62fb8b913e14120e309f66d08323bb9b4b96c110c8e38d102b7974f5c05d21e0f75f98b454b1b28e2130293dda09f59fd6bb8d85b06409189764190327e74

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\chrome_200_percent.pak

MD5 48515d600258d60019c6b9c6421f79f6
SHA1 0ef0b44641d38327a360aa6954b3b6e5aab2af16
SHA256 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce
SHA512 b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\chrome_100_percent.pak

MD5 8626e1d68e87f86c5b4dabdf66591913
SHA1 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c
SHA256 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59
SHA512 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\zh-CN.pak

MD5 82326e465e3015c64ca1db77dc6a56bc
SHA1 e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d
SHA256 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb
SHA512 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\vi.pak

MD5 db0eb3183007de5aae10f934fffacc59
SHA1 e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9
SHA256 ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897
SHA512 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ur.pak

MD5 1ca4fa13bd0089d65da7cd2376feb4c6
SHA1 b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c
SHA256 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f
SHA512 d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\tr.pak

MD5 5ff2e5c95067a339e3d6b8985156ec1f
SHA1 7525b25c7b07f54b63b6459a0d8c8c720bd8a398
SHA256 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582
SHA512 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\th.pak

MD5 a32ba63feeed9b91f6d6800b51e5aeae
SHA1 2fbf6783996e8315a4fb94b7d859564350ee5918
SHA256 e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6
SHA512 adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\te.pak

MD5 a17f16d7a038b0fa3a87d7b1b8095766
SHA1 b2f845e52b32c513e6565248f91901ab6874e117
SHA256 d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e
SHA512 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\sw.pak

MD5 67a443a5c2eaad32625edb5f8deb7852
SHA1 a6137841e8e7736c5ede1d0dc0ce3a44dc41013f
SHA256 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd
SHA512 e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\sv.pak

MD5 272f8a8b517c7283eab83ba6993eea63
SHA1 ad4175331b948bd4f1f323a4938863472d9b700c
SHA256 d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968
SHA512 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\sr.pak

MD5 c68c235d8e696c098cf66191e648196b
SHA1 5c967fbbd90403a755d6c4b2411e359884dc8317
SHA256 ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b
SHA512 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\sk.pak

MD5 b7e97cc98b104053e5f1d6a671c703b7
SHA1 0f7293f1744ae2cd858eb3431ee016641478ae7d
SHA256 b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f
SHA512 ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ru.pak

MD5 2885bde990ee3b30f2c54a4067421b68
SHA1 ae16c4d534b120fdd68d33c091a0ec89fd58793f
SHA256 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca
SHA512 f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ro.pak

MD5 d2758f6adbaeea7cd5d95f4ad6dde954
SHA1 d7476db23d8b0e11bbabf6a59fde7609586bdc8a
SHA256 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c
SHA512 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\pt-PT.pak

MD5 b4954b064e3f6a9ba546dda5fa625927
SHA1 584686c6026518932991f7de611e2266d8523f9d
SHA256 ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1
SHA512 cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\pt-BR.pak

MD5 8e931ffbded8933891fb27d2cca7f37d
SHA1 ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473
SHA256 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d
SHA512 cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ms.pak

MD5 aee105366a1870b9d10f0f897e9295db
SHA1 eee9d789a8eeafe593ce77a7c554f92a26a2296f
SHA256 c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939
SHA512 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ml.pak

MD5 1c81104ac2cbf7f7739af62eb77d20d5
SHA1 0f0d564f1860302f171356ea35b3a6306c051c10
SHA256 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108
SHA512 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\lv.pak

MD5 a8cbd741a764f40b16afea275f240e7e
SHA1 317d30bbad8fd0c30de383998ea5be4eec0bb246
SHA256 a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086
SHA512 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\lt.pak

MD5 64b08ffc40a605fe74ecc24c3024ee3b
SHA1 516296e8a3114ddbf77601a11faf4326a47975ab
SHA256 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e
SHA512 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ko.pak

MD5 d6194fc52e962534b360558061de2a25
SHA1 98ed833f8c4beac685e55317c452249579610ff8
SHA256 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21
SHA512 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\kn.pak

MD5 caab4deb1c40507848f9610d849834cf
SHA1 1bc87ff70817ba1e1fdd1b5cb961213418680cbe
SHA256 7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4
SHA512 dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ja.pak

MD5 38cd3ef9b7dff9efbbe086fa39541333
SHA1 321ef69a298d2f9830c14140b0b3b0b50bd95cb0
SHA256 d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337
SHA512 40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\it.pak

MD5 745f16ca860ee751f70517c299c4ab0e
SHA1 54d933ad839c961dd63a47c92a5b935eef208119
SHA256 10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c
SHA512 238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\id.pak

MD5 b6fcd5160a3a1ae1f65b0540347a13f2
SHA1 4cf37346318efb67908bba7380dbad30229c4d3d
SHA256 7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313
SHA512 a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\hr.pak

MD5 255f808210dbf995446d10ff436e0946
SHA1 1785d3293595f0b13648fb28aec6936c48ea3111
SHA256 4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b
SHA512 8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\hi.pak

MD5 b5dfce8e3ba0aec2721cc1692b0ad698
SHA1 c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3
SHA256 b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b
SHA512 facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\gu.pak

MD5 308619d65b677d99f48b74ccfe060567
SHA1 9f834df93fd48f4fb4ca30c4058e23288cf7d35e
SHA256 e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4
SHA512 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\fi.pak

MD5 21e534869b90411b4f9ea9120ffb71c8
SHA1 cc91ffbd19157189e44172392b2752c5f73984c5
SHA256 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b
SHA512 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\et.pak

MD5 ccc71f88984a7788c8d01add2252d019
SHA1 6a87752eac3044792a93599428f31d25debea369
SHA256 d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944
SHA512 d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\es.pak

MD5 04a9ba7316dc81766098e238a667de87
SHA1 24d7eb4388ecdfecada59c6a791c754181d114de
SHA256 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03
SHA512 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\el.pak

MD5 e66a75680f21ce281995f37099045714
SHA1 d553e80658ee1eea5b0912db1ecc4e27b0ed4790
SHA256 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f
SHA512 d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\de.pak

MD5 cf22ec11a33be744a61f7de1a1e4514f
SHA1 73e84848c6d9f1a2abe62020eb8c6797e4c49b36
SHA256 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641
SHA512 c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495

C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\locales\da.pak

MD5 e7ba94c827c2b04e925a76cb5bdd262c
SHA1 abba6c7fcec8b6c396a6374331993c8502c80f91
SHA256 d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b
SHA512 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ca.pak

MD5 4cd6b3a91669ddcfcc9eef9b679ab65c
SHA1 43c41cb00067de68d24f72e0f5c77d3b50b71f83
SHA256 56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6
SHA512 699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\bn.pak

MD5 9340520696e7cb3c2495a78893e50add
SHA1 eed5aeef46131e4c70cd578177c527b656d08586
SHA256 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39
SHA512 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ar.pak

MD5 fdbad4c84ac66ee78a5c8dd16d259c43
SHA1 3ce3cd751bb947b19d004bd6916b67e8db5017ac
SHA256 a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b
SHA512 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\af.pak

MD5 464e5eeaba5eff8bc93995ba2cb2d73f
SHA1 3b216e0c5246c874ad0ad7d3e1636384dad2255d
SHA256 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1
SHA512 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\v8_context_snapshot.bin

MD5 a373d83d4c43ba957693ad57172a251b
SHA1 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86
SHA256 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c
SHA512 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\snapshot_blob.bin

MD5 8fef5a96dbcc46887c3ff392cbdb1b48
SHA1 ed592d75222b7828b7b7aab97b83516f60772351
SHA256 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece
SHA512 e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\uk.pak

MD5 361a0e1f665b9082a457d36209b92a25
SHA1 3c89e1b70b51820bb6baa64365c64da6a9898e2f
SHA256 bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a
SHA512 d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\ta.pak

MD5 18ec8ff3c0701a6a8c48f341d368bab5
SHA1 8bff8aee26b990cf739a29f83efdf883817e59d8
SHA256 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9
SHA512 a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\sl.pak

MD5 ca763e801de642e4d68510900ff6fabb
SHA1 c32a871831ce486514f621b3ab09387548ee1cff
SHA256 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de
SHA512 e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\pl.pak

MD5 f1d48a7dcd4880a27e39b7561b6eb0ab
SHA1 353c3ba213cd2e1f7423c6ba857a8d8be40d8302
SHA256 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85
SHA512 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\nl.pak

MD5 0f04bac280035fab018f634bcb5f53ae
SHA1 4cad76eaecd924b12013e98c3a0e99b192be8936
SHA256 be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b
SHA512 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\nb.pak

MD5 55d5ad4eacb12824cfcd89470664c856
SHA1 f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673
SHA256 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261
SHA512 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\mr.pak

MD5 2cf9f07ddf7a3a70a48e8b524a5aed43
SHA1 974c1a01f651092f78d2d20553c3462267ddf4e9
SHA256 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7
SHA512 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2

C:\Users\Admin\AppData\Local\Temp\2c0OLKqRyLfv8YKQpGXuB9qfSXL\locales\hu.pak

MD5 2aa0a175df21583a68176742400c6508
SHA1 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a
SHA256 b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72
SHA512 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\he.pak

MD5 fc84ea7dc7b9408d1eea11beeb72b296
SHA1 de9118194952c2d9f614f8e0868fb273ddfac255
SHA256 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c
SHA512 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\fr.pak

MD5 3ee48a860ecf45bafa63c9284dfd63e2
SHA1 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6
SHA256 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807
SHA512 eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\fil.pak

MD5 d7df2ea381f37d6c92e4f18290c6ffe0
SHA1 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4
SHA256 db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a
SHA512 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\fa.pak

MD5 2e37fd4e23a1707a1eccea3264508dff
SHA1 e00e58ed06584b19b18e9d28b1d52dbfc36d70f3
SHA256 b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e
SHA512 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\es-419.pak

MD5 7da3e8aa47ba35d014e1d2a32982a5bb
SHA1 8e35320b16305ad9f16cb0f4c881a89818cd75bb
SHA256 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c
SHA512 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\en-US.pak

MD5 19d18f8181a4201d542c7195b1e9ff81
SHA1 7debd3cf27bbe200c6a90b34adacb7394cb5929c
SHA256 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb
SHA512 af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\en-GB.pak

MD5 825ed4c70c942939ffb94e77a4593903
SHA1 7a3faee9bf4c915b0f116cb90cec961dda770468
SHA256 e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16
SHA512 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\cs.pak

MD5 eeee212072ea6589660c9eb216855318
SHA1 d50f9e6ca528725ced8ac186072174b99b48ea05
SHA256 de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43
SHA512 ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\bg.pak

MD5 38bcabb6a0072b3a5f8b86b693eb545d
SHA1 d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89
SHA256 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1
SHA512 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\locales\am.pak

MD5 2c933f084d960f8094e24bee73fa826c
SHA1 91dfddc2cff764275872149d454a8397a1a20ab1
SHA256 fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450
SHA512 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\vulkan-1.dll

MD5 0e4e0f481b261ea59f196e5076025f77
SHA1 c73c1f33b5b42e9d67d819226db69e60d2262d7b
SHA256 f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a
SHA512 e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\vk_swiftshader.dll

MD5 a0845e0774702da9550222ab1b4fded7
SHA1 65d5bd6c64090f0774fd0a4c9b215a868b48e19b
SHA256 6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810
SHA512 4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\resources.pak

MD5 7971a016aed2fb453c87eb1b8e3f5eb2
SHA1 92b91e352be8209fadcf081134334dea147e23b8
SHA256 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06
SHA512 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013

C:\Users\Admin\AppData\Local\Temp\nshBB48.tmp\7z-out\main.exe

MD5 5801fce7a00f4b56fcbdf68d68e14591
SHA1 7400ed0ba901bc15f9829231501e9b64834ab33a
SHA256 15832b9841374e9d493e8ed0fa1646d9d4a1d8b7d45e1925fa618b00d6495ea2
SHA512 5434e0f501883a67176eb0717b5ca207feb4b5e6f95a8d73097951ded9633af11ea1cae0adf5d8dd6bf714eb25d88a0b4d040252a2993c6b504e5411d67d34c7

C:\Users\Admin\AppData\Roaming\bcirweg

MD5 55f8359ef2f889e04fe418c80bc952ed
SHA1 b2ac224b69c20b721ef9810b79003b513823e55f
SHA256 732cb080fb5e27e98728c42f77b5dd865faa1f5e840d8113c9f30fa2c3f550c8
SHA512 42bfba12e19f399beb54d65dfdb8767584c75264a1f321aee68cb85880d7ac606b3022bb0ab7df72075d3f2271e7d4918c9c7bae7acf6675856bcd21f6fe46b8

C:\Users\Admin\AppData\Local\Temp\pyth\cffi-1.15.1.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\pyth\cryptography\hazmat\bindings\openssl\__init__.py

MD5 fce95ff49e7ad344d9381226ee6f5b90
SHA1 c00c73d5fb997fc6a8e19904b909372824304c27
SHA256 b3da0a090db2705757a0445d4b58a669fb9e4a406c2fd92f6f27e085a6ae67d6
SHA512 a1e8e1788bd96057e2dbef14e48dd5ea620ae0753dbc075d1a0397fbb7a36b1beb633d274081300914a80c95922cf6eab0f5e709b709158645e17b16583233dd

C:\Users\Admin\AppData\Local\Temp\pyth\jsonschema-4.19.1.dist-info\WHEEL

MD5 c3c172be777b2014a95410712715e881
SHA1 bcefa60eddbaeea633eb25b68b386c9b7d378291
SHA256 f5006e1e183a14d5bb969a5ba05daf2956c2193573b05ca48114238e56a3ae10
SHA512 60959e71903cefac495241d68d98ef76edad8d3a2247904b2528918a4702ee332ca614a026b8e7ef8527b1a563cdccd7e4ba66a63c5ae6d2445fbd0bcef947ea

C:\Users\Admin\AppData\Local\Temp\pyth\pyasn1\codec\ber\__init__.py

MD5 0fc1b4d3e705f5c110975b1b90d43670
SHA1 14a9b683b19e8d7d9cb25262cdefcb72109b5569
SHA256 1040e52584b5ef6107dfd19489d37ff056e435c598f4e555f1edf4015e7ca67d
SHA512 8a147c06c8b0a960c9a3fa6da3b30a3b18d3612af9c663ee24c8d2066f45419a2ff4aa3a636606232eca12d7faef3da0cbbd3670a2d72a3281544e1c0b8edf81

C:\Users\Admin\AppData\Local\Temp\pyth\pyperclip-1.8.2.dist-info\WHEEL

MD5 18f1a484771c3f3a3d3b90df42acfbbe
SHA1 cab34a71bd14a5eede447eeb4cfa561e5b976a94
SHA256 c903798389a0e00c9b4639208bef72cb889010589b1909a5cfbf0f8a4e4eafe0
SHA512 3efaf71d54fc3c3102090e0d0f718909564242079de0aa92dacab91c50421f80cbf30a71136510d161caac5dc2733d00eb33a4094de8604e5ca5d307245158aa

C:\Users\Admin\AppData\Local\Temp\pyth\pythonwin\pywin\tools\__init__.py

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

C:\Users\Admin\AppData\Local\Temp\pyth\pywin32-306.dist-info\WHEEL

MD5 00a3c7a59753cb624182601a561702a8
SHA1 729ccd40e8eb812c92ea53e40ab1a8050d3cd281
SHA256 f70be13bee4d8638c3f189a6c40bd74cf417303399e745b9be49737a8a85b643
SHA512 8652ff4001f12abb53a95ae5bd97499273ee690e48fd27cb3d08a1f3b8f3f977e4b8a97ef74fa5eb07b1e945c286d1f6b1395a49052a7bfb12757f056dfb344c

C:\Users\Admin\AppData\Local\Temp\pyth\win32\license.txt

MD5 f01a936bb1c9702b8425b5d4d1339a6c
SHA1 61f4d008c2d8de8d971c48888b227ecf9cfcaf1c
SHA256 113cd3cf784e586885f01f93e5df78f7c7c00b34d76cc4101e029cd2fd622113
SHA512 090adb1405c6a70dde49632e63b836756899ea75f7adc222ff879d3706096a8b69b0e7a21c575aa6d6b6d9a999c377a1e40aec76d49f3364b94de3e599610270

C:\Users\Admin\AppData\Local\Temp\pyth\win32\lib\afxres.py

MD5 370beb77c36c0b2e840e6ab850fce757
SHA1 0a87a029ca417daa03d22be6eddfddbac0b54d7a
SHA256 462659f2891d1d767ea4e7a32fc1dbbd05ec9fcfa9310ecdc0351b68f4c19ed5
SHA512 4e274071ca052ca0d0ef5297d61d06914f0bfb3161843b3cdcfde5a2ea0368974fd2209732a4b00a488c84a80a5ab94ad4fd430ff1e4524c6425baa59e4da289

C:\Users\Admin\AppData\Local\Temp\pyth\win32comext\axscript\Demos\client\ie\pycom_blowing.gif

MD5 50bceb72abb5fa92a1b13a615288ea2e
SHA1 5c3a6324856dcbe7d1a11f3f5e440bb131551784
SHA256 b3c652073b3c75f5ac81381b6f44b8deead065c635c63771a0806e48778bafaa
SHA512 c52c9db12def0226c21105ab818db403efb666265ac745c830d66018437f8ac3e98307e94736a84bcab9ad7895b2183d6c4b9ccec0fc43517e433ac50bcaf351

C:\Users\Admin\AppData\Local\Temp\pyth\win32comext\bits\__init__.py

MD5 3d90a8bdf51de0d7fae66fc1389e2b45
SHA1 b1d30b405f4f6fce37727c9ec19590b42de172ee
SHA256 7d1a6fe54dc90c23b0f60a0f0b3f9d5cae9ac1afecb9d6578f75b501cde59508
SHA512 bd4ea236807a3c128c1ec228a19f75a0a6ef2b29603c571ee5d578847b20b395fec219855d66a409b5057b5612e924edcd5983986bef531f1309aba2fe7f0636

C:\Users\Admin\AppData\Local\Temp\pyth\win32comext\axdebug\__init__.py

MD5 f45c606ffc55fd2f41f42012d917bce9
SHA1 ca93419cc53fb4efef251483abe766da4b8e2dfd
SHA256 f0bb50af1caea5b284bd463e5938229e7d22cc610b2d767ee1778e92a85849b4
SHA512 ba7bebe62a6c2216e68e2d484c098662ba3d5217b39a3156b30e776d2bb3cf5d4f31dcdc48a2eb99bc5d80fffe388b212ec707b7d10b48df601430a07608fd46

C:\Users\Admin\AppData\Local\Temp\pyth\wsproto-1.2.0.dist-info\WHEEL

MD5 40c30724e4d957d3b27cb3926dbb72fa
SHA1 40a2b8d62232140e022876da90b2c784970b715b
SHA256 7b0c04b9e8a8d42d977874ef4f5ee7f1d6542603afc82582b7459534b0a53fda
SHA512 1be185bcb43aa3708c16d716369158bbb6216e4bfbfa8c847baadd5adf8c23c5e8ceacde818c9b275d009ae31a9e1d3a84c3d46aaf51a0aa6251848d7defc802

C:\Users\Admin\AppData\Local\Temp\pyth\Crypto\Util\astor.py

MD5 dfabad2d4be86cbe993418b5a7e37b5a
SHA1 e1b960bb346559685e20981d8adca03d57ad9c12
SHA256 f954965d0df4355fd48c02da871ff9272c1ad5e98489dbe7a0ed445a7fc4df77
SHA512 8623c478f597cddecdde8300d13bd3670f71303736bf57f50862db6ebfbcf28d3181c2a1690dc803b1b5d7a7ac3fa7777bdbcf3a222ad5fd42557242c416a3a6