Malware Analysis Report

2025-06-15 19:48

Sample ID 240212-ffs78sdb55
Target 1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7
SHA256 1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7
Tags
amadey evasion trojan dcrat djvu redline rhadamanthys risepro sectoprat discovery infostealer persistence ransomware rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7

Threat Level: Known bad

The file 1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7 was found to be: Known bad.

Malicious Activity Summary

amadey evasion trojan dcrat djvu redline rhadamanthys risepro sectoprat discovery infostealer persistence ransomware rat spyware stealer

DcRat

SectopRAT payload

Rhadamanthys

RedLine

RisePro

Amadey

SectopRAT

RedLine payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Djvu Ransomware

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Blocklisted process makes network request

Identifies Wine through registry keys

Reads local data of messenger clients

Reads user/profile data of web browsers

Loads dropped DLL

Checks BIOS information in registry

Drops startup file

Executes dropped EXE

Modifies file permissions

Checks computer location settings

Checks installed software on the system

Looks up external IP address via web service

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Program crash

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Kills process with taskkill

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Modifies registry class

Checks processor information in registry

Creates scheduled task(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-12 04:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-12 04:49

Reported

2024-02-12 04:54

Platform

win7-20231129-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe"

Signatures

Amadey

trojan amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorgu.job C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe

"C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe"

Network

N/A

Files

memory/3028-0-0x0000000001200000-0x00000000016BA000-memory.dmp

memory/3028-1-0x0000000077740000-0x0000000077742000-memory.dmp

memory/3028-13-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

memory/3028-12-0x0000000000A80000-0x0000000000A81000-memory.dmp

memory/3028-11-0x0000000000FD0000-0x0000000000FD1000-memory.dmp

memory/3028-10-0x0000000000C80000-0x0000000000C81000-memory.dmp

memory/3028-9-0x0000000000A90000-0x0000000000A91000-memory.dmp

memory/3028-8-0x0000000000E30000-0x0000000000E31000-memory.dmp

memory/3028-7-0x00000000008D0000-0x00000000008D1000-memory.dmp

memory/3028-6-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

memory/3028-5-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

memory/3028-4-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

memory/3028-3-0x0000000000F40000-0x0000000000F41000-memory.dmp

memory/3028-2-0x0000000001200000-0x00000000016BA000-memory.dmp

memory/3028-18-0x00000000008E0000-0x00000000008E1000-memory.dmp

memory/3028-19-0x00000000011D0000-0x00000000011D1000-memory.dmp

memory/3028-17-0x0000000000FF0000-0x0000000000FF1000-memory.dmp

memory/3028-23-0x0000000001200000-0x00000000016BA000-memory.dmp

memory/3028-16-0x0000000001040000-0x0000000001041000-memory.dmp

memory/3028-15-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-12 04:49

Reported

2024-02-12 04:54

Platform

win10-20231220-en

Max time kernel

300s

Max time network

303s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe"

Signatures

Amadey

trojan amadey

DcRat

rat infostealer dcrat
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\198d3483-247c-4a29-937a-8877ccf351ae\\DDF3.exe\" --AutoStart" C:\Users\Admin\AppData\Local\Temp\DDF3.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Djvu Ransomware

ransomware djvu

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Rhadamanthys

stealer rhadamanthys

RisePro

stealer risepro

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 9396 created 2476 N/A C:\Users\Admin\AppData\Local\Temp\1000246001\newfilelunacy.exe c:\windows\system32\sihost.exe

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000237001\dayroc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000238001\monetkamoya.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000244001\goldpricem12334.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000245001\daissss.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000246001\newfilelunacy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000247001\lumma123142124.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000248001\new.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\C394.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DDF3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DDF3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DDF3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DDF3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9723.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A5AB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ADCB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000250001\for.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\configurationValue\bott.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\asdjijjjjj.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000252001\Amadey.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads local data of messenger clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\fu.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000031001\\fu.exe" C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\ladas.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000032001\\ladas.exe" C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\dota.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000225001\\dota.exe" C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\198d3483-247c-4a29-937a-8877ccf351ae\\DDF3.exe\" --AutoStart" C:\Users\Admin\AppData\Local\Temp\DDF3.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 8112 set thread context of 8776 N/A C:\Users\Admin\AppData\Local\Temp\1000244001\goldpricem12334.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 9560 set thread context of 6872 N/A C:\Users\Admin\AppData\Local\Temp\1000245001\daissss.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 9904 set thread context of 1480 N/A C:\Users\Admin\AppData\Local\Temp\1000247001\lumma123142124.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 6260 set thread context of 8452 N/A C:\Users\Admin\AppData\Local\Temp\1000238001\monetkamoya.exe C:\Windows\explorer.exe
PID 9264 set thread context of 9736 N/A C:\Users\Admin\AppData\Local\Temp\DDF3.exe C:\Users\Admin\AppData\Local\Temp\DDF3.exe
PID 9500 set thread context of 7332 N/A C:\Users\Admin\AppData\Local\Temp\DDF3.exe C:\Users\Admin\AppData\Local\Temp\DDF3.exe
PID 7088 set thread context of 7296 N/A C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe
PID 5680 set thread context of 8220 N/A C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe
PID 6100 set thread context of 9296 N/A C:\Users\Admin\AppData\Local\Temp\A5AB.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 8696 set thread context of 8360 N/A C:\Users\Admin\AppData\Local\Temp\1000250001\for.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
PID 7624 set thread context of 6388 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
PID 7276 set thread context of 8756 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\Tasks\explorgu.job C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\Tasks\chrosha.job C:\Users\Admin\AppData\Local\Temp\1000252001\Amadey.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\C394.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\C394.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\C394.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\C394.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub1.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\toolspub1.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521870188905237" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000ebaa8665030aba95a508a7c78cb8ba211ba59f5d67eb803e90f45c451445b9be930f83c9087c79a2abd2cad1e083ce8737c9175d8429d9bdca32 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{C9F1D08F-F35D-4F02-8D6F-BA842B88DE97} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fe5dca0f6f5dda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "414478379" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "414494975" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub1.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\toolspub1.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 600 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 600 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 600 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 600 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
PID 600 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
PID 600 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
PID 4260 wrote to memory of 2916 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4260 wrote to memory of 2916 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 3416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 3416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2916 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe

"C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe"

c:\windows\system32\sihost.exe

sihost.exe

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1"

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

"C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1828 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe

"C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.linkedin.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4632 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3708 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.0.1071053009\3201" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 1604 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec10d61-9e8d-4d43-bcfa-6d1f7647db9a} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 1708 240ce004158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.1.2022123896\570702520" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aae4717d-31df-4726-b6d0-0b925e64e60a} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 2120 240ccde5958 socket

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.2.811881810\1072582847" -childID 1 -isForBrowser -prefsHandle 2616 -prefMapHandle 2732 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af26404b-5eac-4273-a8eb-318d8050b336} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 2632 240d1205058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.3.1931902710\621263356" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 2772 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a1d7651-6c96-41fc-bde2-93572b373ac4} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 2636 240d23b8458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login

C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe

"C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.4.1538742624\559055011" -childID 3 -isForBrowser -prefsHandle 4544 -prefMapHandle 4580 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24ae46d9-1b48-431e-9229-50633b44a962} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 4568 240d3b85458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3748 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5180 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\934047325409_Desktop.zip' -CompressionLevel Optimal

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.5.1489405356\1937382299" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4896 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e8a56e0-28c3-4b27-991b-c8efd3fa663d} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 4920 240d4006258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5812 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.6.1197233136\2104071982" -childID 5 -isForBrowser -prefsHandle 4204 -prefMapHandle 2796 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6077a25e-b596-4b15-a24c-ab6d626fbb1f} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 3060 240ce76b058 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0xe0,0xe4,0xb8,0xe8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.9.1527763561\1856744300" -childID 8 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f488c62-689a-4ae7-be43-753cb85fd3f4} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 5388 240d4659558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6212 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6248 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6392 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5288 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5292 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.8.1016206294\1430938429" -childID 7 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f50d9109-1674-49dc-871b-2b32595e956e} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 5196 240d4659258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.7.1651630910\2107510510" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ebe1bea-f8e6-4c8b-81bd-030ecc2ef3c2} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 4028 240d130af58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x1e4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.11.1782226\215028370" -childID 10 -isForBrowser -prefsHandle 5956 -prefMapHandle 5960 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0ae52d3-55e5-4461-a3cc-be23711aa68e} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 5944 240bb369f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.10.1570433658\937665099" -childID 9 -isForBrowser -prefsHandle 5516 -prefMapHandle 5656 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {635e3cce-3185-4acc-a40a-6a9cc0ca9ac2} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 5636 240ce8b5158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.12.897284582\1735899075" -childID 11 -isForBrowser -prefsHandle 6008 -prefMapHandle 1596 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e98f66b-bd93-47bd-a592-61c7ae29a8a8} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 6000 240d3af9758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.13.1803365649\1164986923" -parentBuildID 20221007134813 -prefsHandle 6180 -prefMapHandle 6332 -prefsLen 26689 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f0f3eca-e61e-4a11-ae39-8d4e818bccf7} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 6320 240d49b7258 rdd

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.14.1639110273\1832157298" -childID 12 -isForBrowser -prefsHandle 4468 -prefMapHandle 6424 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b75dd8f-4123-401c-bb32-a0d95c4071ba} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 4576 240d3bc8c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.15.1000567967\55913740" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6760 -prefMapHandle 6748 -prefsLen 26689 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c668888-69aa-44c6-9893-6e6f7ed64609} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 6772 240d53d5258 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.16.1242893195\510791296" -childID 13 -isForBrowser -prefsHandle 7000 -prefMapHandle 6996 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60193a0c-f12d-4826-b6e7-a34bab5d1c3d} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 7012 240d5787e58 tab

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.17.687339367\467527790" -childID 14 -isForBrowser -prefsHandle 6956 -prefMapHandle 4576 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ae19609-1dac-4813-a506-555517e74d6e} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 6120 240d3bc8358 tab

C:\Users\Admin\AppData\Local\Temp\1000237001\dayroc.exe

"C:\Users\Admin\AppData\Local\Temp\1000237001\dayroc.exe"

C:\Users\Admin\AppData\Local\Temp\nine.exe

"C:\Users\Admin\AppData\Local\Temp\nine.exe"

C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe

"C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 384

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 364

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 400

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 620

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 692

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 724

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 752

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 592

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 796

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 796

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 808

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 808

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 792

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 728

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 824

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 600

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 840

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 892

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\1000238001\monetkamoya.exe

"C:\Users\Admin\AppData\Local\Temp\1000238001\monetkamoya.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "nine.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\nine.exe" & exit

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "nine.exe" /f

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 984

C:\Users\Admin\AppData\Local\Temp\1000244001\goldpricem12334.exe

"C:\Users\Admin\AppData\Local\Temp\1000244001\goldpricem12334.exe"

C:\Users\Admin\AppData\Local\Temp\1000245001\daissss.exe

"C:\Users\Admin\AppData\Local\Temp\1000245001\daissss.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000246001\newfilelunacy.exe

"C:\Users\Admin\AppData\Local\Temp\1000246001\newfilelunacy.exe"

C:\Users\Admin\AppData\Local\Temp\1000247001\lumma123142124.exe

"C:\Users\Admin\AppData\Local\Temp\1000247001\lumma123142124.exe"

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Users\Admin\AppData\Local\Temp\1000248001\new.exe

"C:\Users\Admin\AppData\Local\Temp\1000248001\new.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 1132

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"

C:\Users\Admin\AppData\Local\Temp\C394.exe

C:\Users\Admin\AppData\Local\Temp\C394.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 492

C:\Users\Admin\AppData\Local\Temp\DDF3.exe

C:\Users\Admin\AppData\Local\Temp\DDF3.exe

C:\Users\Admin\AppData\Local\Temp\DDF3.exe

C:\Users\Admin\AppData\Local\Temp\DDF3.exe

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\198d3483-247c-4a29-937a-8877ccf351ae" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Users\Admin\AppData\Local\Temp\DDF3.exe

"C:\Users\Admin\AppData\Local\Temp\DDF3.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\DDF3.exe

"C:\Users\Admin\AppData\Local\Temp\DDF3.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe

"C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe"

C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe

"C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 2040

C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe

"C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe"

C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe

"C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe"

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Users\Admin\AppData\Local\Temp\9723.exe

C:\Users\Admin\AppData\Local\Temp\9723.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\A03C.bat" "

C:\Windows\system32\reg.exe

reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1

C:\Users\Admin\AppData\Local\Temp\A5AB.exe

C:\Users\Admin\AppData\Local\Temp\A5AB.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\ADCB.exe

C:\Users\Admin\AppData\Local\Temp\ADCB.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\1000250001\for.exe

"C:\Users\Admin\AppData\Local\Temp\1000250001\for.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Roaming\configurationValue\bott.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\bott.exe"

C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe"

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\asdjijjjjj.exe

"C:\Users\Admin\AppData\Local\Temp\asdjijjjjj.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"

C:\Windows\SysWOW64\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Windows\SysWOW64\schtasks.exe

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

C:\Users\Admin\AppData\Local\Temp\1000252001\Amadey.exe

"C:\Users\Admin\AppData\Local\Temp\1000252001\Amadey.exe"

Network

Country Destination Domain Proto
RU 185.215.113.32:80 185.215.113.32 tcp
RU 193.233.132.167:80 193.233.132.167 tcp
US 8.8.8.8:53 32.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 167.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.178.10:443 tcp
GB 216.58.204.67:443 tcp
US 8.8.8.8:53 udp
GB 142.250.179.234:443 tcp
US 8.8.8.8:53 accounts.google.com udp
FR 152.199.21.118:443 tcp
FR 152.199.21.118:443 tcp
FR 152.199.21.118:443 tcp
FR 152.199.21.118:443 tcp
FR 152.199.21.118:443 tcp
FR 152.199.21.118:443 static.licdn.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
FI 109.107.182.3:80 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 udp
GB 163.70.151.35:443 udp
GB 216.58.213.22:443 tcp
GB 216.58.213.22:443 tcp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
FR 152.199.21.118:443 static.licdn.com tcp
FR 152.199.21.118:443 tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
GB 88.221.135.104:443 platform.linkedin.com tcp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 13.107.42.14:443 tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.169.42:443 tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 udp
GB 163.70.147.35:443 m.facebook.com tcp
GB 163.70.147.35:443 m.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 static.licdn.com udp
GB 172.217.169.42:443 udp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
GB 88.221.135.104:443 static.licdn.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 13.107.42.14:443 tcp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 l-0005.l-msedge.net udp
GB 142.250.200.14:443 clients2.google.com udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 8.8.8.8:53 rr1---sn-q4fl6nd7.googlevideo.com udp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 8.8.8.8:53 udp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
US 173.194.140.198:443 rr1---sn-q4fl6nd7.googlevideo.com tcp
FR 152.199.21.118:443 tcp
FR 152.199.21.118:443 tcp
FR 152.199.21.118:443 tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
GB 163.70.147.35:443 fbsbx.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 157.240.221.35:443 www.facebook.com udp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
GB 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
GB 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 facebook.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
GB 163.70.147.35:443 fbsbx.com udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
GB 216.58.213.22:443 udp
GB 163.70.147.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 16.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 rr3---sn-q4flrnlz.googlevideo.com udp
GB 172.217.16.238:443 www.youtube.com udp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 8.8.8.8:53 136.3.125.74.in-addr.arpa udp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
US 74.125.3.136:443 rr3---sn-q4flrnlz.googlevideo.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 216.58.213.22:443 udp
GB 142.250.179.234:443 udp
FI 109.107.182.3:80 tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 142.250.179.234:443 udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr6-1.xx.fbcdn.net udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-2.xx.fbcdn.net udp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net tcp
US 8.8.8.8:53 scontent-lhr8-1.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 157.240.214.11:443 scontent-lhr8-2.xx.fbcdn.net udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 157.240.221.16:443 scontent-lhr8-1.xx.fbcdn.net udp
RU 185.215.113.32:80 185.215.113.32 tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 216.58.213.22:443 tcp
GB 216.58.213.22:443 tcp
RU 185.215.113.32:80 tcp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
GB 216.58.213.22:443 tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
GB 216.58.213.22:443 tcp
GB 216.58.213.22:443 tcp
US 13.107.42.14:443 l-0005.l-msedge.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 ponf.linkedin.com udp
US 8.8.8.8:53 ponf.linkedin.com udp
US 144.2.9.1:443 ponf.linkedin.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ponf.linkedin.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 1.9.2.144.in-addr.arpa udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
NL 142.250.27.84:443 accounts.google.com udp
N/A 224.0.0.251:5353 udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.147.35:443 fbsbx.com tcp
GB 172.217.169.42:443 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:443 youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
FI 109.107.182.3:80 tcp
GB 172.217.16.238:443 www3.l.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 144.2.9.1:443 ponf.linkedin.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
GB 88.221.134.88:443 platform.linkedin.com tcp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 34.107.243.93:443 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 34.149.100.209:443 tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 34.160.144.191:443 tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 platform.linkedin.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
NL 142.250.27.84:443 accounts.google.com udp
GB 88.221.135.104:443 platform.linkedin.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 34.117.237.239:443 tcp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 stun.l.google.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1---sn-4g5e6nzl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5e6nzl.gvt1.com udp
DE 74.125.11.102:443 r1.sn-4g5e6nzl.gvt1.com udp
GB 142.250.144.127:19302 stun.l.google.com udp
GB 142.250.144.127:19302 stun.l.google.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 102.11.125.74.in-addr.arpa udp
US 8.8.8.8:53 127.144.250.142.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:50270 tcp
US 8.8.8.8:53 udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
FI 173.194.221.94:443 beacons2.gvt2.com tcp
DE 142.250.186.99:443 beacons.gvt2.com tcp
DE 142.250.186.99:443 beacons.gvt2.com udp
FI 173.194.221.94:443 beacons2.gvt2.com udp
N/A 127.0.0.1:50287 tcp
US 8.8.8.8:53 99.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.221.194.173.in-addr.arpa udp
US 13.107.42.14:443 l-0005.l-msedge.net tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 142.250.200.14:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 44.227.167.82:443 tcp
PL 93.184.221.240:80 tcp
PL 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
SE 192.229.221.95:80 tcp
US 8.8.8.8:53 udp
PL 93.184.221.240:80 tcp
PL 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 34.149.100.209:443 tcp
US 8.8.8.8:53 udp
GB 216.58.213.22:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
GB 163.70.147.23:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
PL 93.184.221.240:80 tcp
PL 93.184.221.240:80 tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
GB 163.70.147.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 163.70.147.23:443 scontent-lhr6-1.xx.fbcdn.net tcp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
RU 185.215.113.32:80 185.215.113.32 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
RU 193.233.132.167:80 193.233.132.167 tcp
GB 142.250.178.4:443 www.google.com udp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
DE 144.76.1.85:18574 tcp
US 8.8.8.8:53 85.1.76.144.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
FI 109.107.182.3:80 tcp
RU 185.215.113.67:26260 tcp
US 8.8.8.8:53 triangleseasonbenchwj.shop udp
US 104.21.77.52:443 triangleseasonbenchwj.shop tcp
US 8.8.8.8:53 67.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 52.77.21.104.in-addr.arpa udp
US 8.8.8.8:53 gemcreedarticulateod.shop udp
US 172.67.152.52:443 gemcreedarticulateod.shop tcp
US 8.8.8.8:53 secretionsuitcasenioise.shop udp
US 104.21.16.152:443 secretionsuitcasenioise.shop tcp
US 8.8.8.8:53 52.152.67.172.in-addr.arpa udp
US 8.8.8.8:53 claimconcessionrebe.shop udp
US 172.67.199.120:443 claimconcessionrebe.shop tcp
US 8.8.8.8:53 liabilityarrangemenyit.shop udp
US 172.67.182.52:443 liabilityarrangemenyit.shop tcp
US 8.8.8.8:53 152.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 120.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 52.182.67.172.in-addr.arpa udp
US 8.8.8.8:53 pool.hashvault.pro udp
DE 45.76.89.70:80 pool.hashvault.pro tcp
US 8.8.8.8:53 70.89.76.45.in-addr.arpa udp
US 8.8.8.8:53 trad-einmyus.com udp
RU 185.12.126.182:80 trad-einmyus.com tcp
RU 185.12.126.182:80 trad-einmyus.com tcp
RU 185.12.126.182:80 trad-einmyus.com tcp
RU 185.12.126.182:80 trad-einmyus.com tcp
US 8.8.8.8:53 galandskiyher5.com udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 182.126.12.185.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 brusuax.com udp
AR 186.13.17.220:80 brusuax.com tcp
US 8.8.8.8:53 220.17.13.186.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 api.2ip.ua udp
US 172.67.139.220:443 api.2ip.ua tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 172.67.139.220:443 api.2ip.ua tcp
FI 109.107.182.3:80 tcp
US 8.8.8.8:53 220.139.67.172.in-addr.arpa udp
AR 186.13.17.220:80 brusuax.com tcp
US 8.8.8.8:53 habrafa.com udp
KR 211.119.84.111:80 habrafa.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 111.84.119.211.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
KR 211.119.84.111:80 habrafa.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 starozitnictvi-znojmo.cz udp
CZ 62.109.150.108:80 starozitnictvi-znojmo.cz tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
DE 49.12.101.249:9000 49.12.101.249 tcp
DE 49.12.101.249:9000 49.12.101.249 tcp
US 8.8.8.8:53 24.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 249.101.12.49.in-addr.arpa udp
DE 49.12.101.249:9000 49.12.101.249 tcp
DE 49.12.101.249:9000 49.12.101.249 tcp
FI 109.107.182.3:80 tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 m2reg.ulm.ac.id udp
ID 103.23.232.80:80 m2reg.ulm.ac.id tcp
US 8.8.8.8:53 80.232.23.103.in-addr.arpa udp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 mahta-netwotk.click udp
NL 46.175.144.56:443 mahta-netwotk.click tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 56.144.175.46.in-addr.arpa udp
US 8.8.8.8:53 resergvearyinitiani.shop udp
US 104.21.94.2:443 resergvearyinitiani.shop tcp
RU 185.12.126.182:80 galandskiyher5.com tcp
US 8.8.8.8:53 file-file-file1.com udp
RU 185.12.126.182:80 file-file-file1.com tcp
US 8.8.8.8:53 antiuncontemporary.fun udp
US 8.8.8.8:53 reechoingkaolizationp.fun udp
US 8.8.8.8:53 mazumaponyanthus.fun udp
US 8.8.8.8:53 unexaminablespectrall.fun udp
RU 185.12.126.182:80 file-file-file1.com tcp
US 8.8.8.8:53 muggierdragstemmio.fun udp
US 8.8.8.8:53 bicyclesunhygenico.fun udp
US 8.8.8.8:53 pielumchalotpostwo.fun udp
US 8.8.8.8:53 fishboatnurrybeauti.fun udp
RU 185.12.126.182:80 file-file-file1.com tcp
US 8.8.8.8:53 2.94.21.104.in-addr.arpa udp
RU 185.12.126.182:80 file-file-file1.com tcp
NL 45.15.156.174:443 45.15.156.174 tcp
RU 185.12.126.182:80 file-file-file1.com tcp
RU 185.12.126.182:80 file-file-file1.com tcp
US 8.8.8.8:53 174.156.15.45.in-addr.arpa udp
RU 185.12.126.182:80 file-file-file1.com tcp
RU 185.12.126.182:80 file-file-file1.com tcp
BG 93.123.39.68:80 93.123.39.68 tcp
RU 185.12.126.182:80 file-file-file1.com tcp
US 209.23.11.171:4151 tcp
US 8.8.8.8:53 68.39.123.93.in-addr.arpa udp
RU 185.215.113.32:80 185.215.113.32 tcp
RU 193.233.132.167:80 193.233.132.167 tcp
US 8.8.8.8:53 171.11.23.209.in-addr.arpa udp
BG 93.123.39.68:1334 93.123.39.68 tcp
FI 109.107.182.3:80 tcp
RU 5.42.65.31:48396 tcp
DE 185.172.128.33:8924 tcp
US 8.8.8.8:53 api.ip.sb udp
US 8.8.8.8:53 31.65.42.5.in-addr.arpa udp
US 8.8.8.8:53 33.128.172.185.in-addr.arpa udp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 172.75.67.172.in-addr.arpa udp
BG 93.123.39.68:80 93.123.39.68 tcp
BG 93.123.39.68:1334 93.123.39.68 tcp
US 172.67.75.172:443 api.ip.sb tcp
FI 109.107.182.3:80 tcp
FI 109.107.182.3:80 tcp
RU 185.215.113.32:80 185.215.113.32 tcp
RU 193.233.132.167:80 193.233.132.167 tcp

Files

memory/216-0-0x0000000001280000-0x000000000173A000-memory.dmp

memory/216-1-0x0000000077034000-0x0000000077035000-memory.dmp

memory/216-8-0x0000000004960000-0x0000000004961000-memory.dmp

memory/216-7-0x0000000004950000-0x0000000004951000-memory.dmp

memory/216-6-0x00000000049B0000-0x00000000049B1000-memory.dmp

memory/216-5-0x0000000004970000-0x0000000004971000-memory.dmp

memory/216-4-0x0000000004990000-0x0000000004991000-memory.dmp

memory/216-3-0x0000000004980000-0x0000000004981000-memory.dmp

memory/216-2-0x0000000001280000-0x000000000173A000-memory.dmp

memory/216-11-0x00000000049D0000-0x00000000049D1000-memory.dmp

memory/216-10-0x00000000049E0000-0x00000000049E1000-memory.dmp

memory/216-15-0x0000000001280000-0x000000000173A000-memory.dmp

memory/600-18-0x00000000009D0000-0x0000000000E8A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 467c273d4a008a3549e1f6be0947a5b7
SHA1 4717ff166fb1725c75da0d47dd1753e356bc1caf
SHA256 97562aa8ac3d15beaab854acd42dd5eebee74f13e26978e4ddc0d02f541a4518
SHA512 2c5ef81499e52fc8c04f918c8a68994c7b7b2a869b62200fd29ffc480d5847db38369725ac3fe5fea60498a300beb6a413279accd427ab1b026f1e7fdacb8593

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

MD5 4308e3c878d59901c22458f104ecd873
SHA1 8e0e66bb98e0d67d9c08a90734b1ef3c7fc685b8
SHA256 9831275aa3e13f33fc5541f98e35922894c963e42e8238de9beefa9f7575e46c
SHA512 c52d801ffecfc02740edb6a5a41f32bb4805fc7d3a79ed672936dc463ea115017dd6e57b59f3e5aeeff412f6b94b40b3e4aa422fde905d0e5f7a397f3115da61

memory/600-25-0x00000000005F0000-0x00000000005F1000-memory.dmp

memory/600-24-0x00000000005D0000-0x00000000005D1000-memory.dmp

memory/600-23-0x00000000049D0000-0x00000000049D1000-memory.dmp

memory/600-22-0x00000000009C0000-0x00000000009C1000-memory.dmp

memory/600-21-0x00000000049B0000-0x00000000049B1000-memory.dmp

memory/600-20-0x00000000049A0000-0x00000000049A1000-memory.dmp

memory/600-19-0x00000000009D0000-0x0000000000E8A000-memory.dmp

memory/600-27-0x00000000049F0000-0x00000000049F1000-memory.dmp

memory/600-26-0x0000000004A00000-0x0000000004A01000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1

MD5 d769ca0816a72bacb8b3205b4c652b4b
SHA1 4072df351635eb621feb19cc0f47f2953d761c59
SHA256 f4cc3a4606856fd811ecbcdf3fc89fa6418a1b3c8f56ca7ff5717713e8f806a2
SHA512 cf13fd667e71707d63d394391b508f5a1ee5ffa7ac27fe35906e15059e9fccc8ad61e91ce3ffd537e8daa0f6306d130997e9b448a4466407fa0c894917850b64

memory/4260-40-0x00000000066B0000-0x00000000066C0000-memory.dmp

memory/4260-42-0x0000000006CF0000-0x0000000007318000-memory.dmp

memory/4260-41-0x00000000066B0000-0x00000000066C0000-memory.dmp

memory/4260-38-0x0000000004260000-0x0000000004296000-memory.dmp

memory/4260-43-0x0000000007320000-0x0000000007342000-memory.dmp

memory/4260-45-0x0000000007530000-0x0000000007596000-memory.dmp

memory/4260-46-0x00000000075B0000-0x0000000007900000-memory.dmp

memory/4260-44-0x00000000073C0000-0x0000000007426000-memory.dmp

memory/4260-47-0x0000000007960000-0x000000000797C000-memory.dmp

memory/4260-48-0x0000000007FF0000-0x000000000803B000-memory.dmp

memory/4260-39-0x0000000071FE0000-0x00000000726CE000-memory.dmp

memory/4260-49-0x0000000007CE0000-0x0000000007D56000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1ijlotxt.50t.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/4260-71-0x0000000008EF0000-0x0000000008F12000-memory.dmp

memory/4260-70-0x0000000008C90000-0x0000000008CAA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

MD5 68ed3552c3a181b7361f396f647055bd
SHA1 7e1ec23994529c9e7c3b84cb3dcdbb2f26064933
SHA256 d26e452f8398a4f294b9e7bc5b2deb6e1b98c62106b5134fc5aaa1f51c975a68
SHA512 10897774e4f3bc8bff8335c823f36c18e64e958edc707c3789c5e203ea2212633b3c6cb7ee71a19e265331fa1c012bd85e2824c0b8a79c140e1d2bb40fb32a2d

memory/4260-72-0x0000000009590000-0x0000000009A8E000-memory.dmp

memory/4260-95-0x0000000009150000-0x00000000091F5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

MD5 ead3d4cba62cad943dca9fa88139d258
SHA1 244e3c37ab41854f5b221653ac42cf26a4faa97d
SHA256 74228703d2d0dcf060d50f1046edb9d7273d901e50b728afd50a4d42be752674
SHA512 7ed4c73369a9e1c7cababd6bb9e04674fc6e1d0c7fb40f46a129b94bff895f9c65413a4875bbcec91f4dddc9b3cf7fbb344cdc87cc9e636dc6843775204f413b

memory/4260-100-0x00000000066B0000-0x00000000066C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe

MD5 e1efae373c121ca2af7217ea3b5438cc
SHA1 4a55e9d2ef8375be276840f7df863752cc1dd518
SHA256 ee19d3a921d86532a16a44b91e231e1bcb0d4cce18b37c1d3741fd5269996d0d
SHA512 f0b8e455df1ef2c3bc31b680414a3c1c8fc543e3d7e7fe8e6cd54b6821bc95def95152c17ec072c0a709ee355012589123e882b28094f6d95f5bb4ef8da6cabb

memory/4260-90-0x00000000090F0000-0x000000000910E000-memory.dmp

memory/4260-89-0x000000006ECC0000-0x000000006ED0B000-memory.dmp

memory/4260-88-0x0000000009110000-0x0000000009143000-memory.dmp

memory/4260-69-0x0000000008F90000-0x0000000009024000-memory.dmp

memory/2692-185-0x0000018D5A040000-0x0000018D5A050000-memory.dmp

memory/2692-206-0x0000018D59990000-0x0000018D59992000-memory.dmp

memory/4260-332-0x00000000092B0000-0x00000000092CA000-memory.dmp

memory/4260-337-0x0000000009290000-0x0000000009298000-memory.dmp

\??\pipe\crashpad_2916_RHZWFNUPUQIDZOLJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe

MD5 1da3f3b992212fc4da0f55bc3d4e25ac
SHA1 1899b5db906847c2f36d880592bf913aab2a49a3
SHA256 51cc8f43258f415bd5117fb746736a1ba1a974677b4e3697e732bf441652370e
SHA512 dec89cd41d99352d681655a44a6bd3d987e0a96b65a06a4c05594c301f9e60d524b7a2e2910f33ca40c1804b78d4b3db980b7a9b03369c7982c3549642762992

C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe

MD5 81ee75f3d7e6759bd89db0f6da4fedb2
SHA1 af0e007b664733377fc33253cd5f5fedf6d1722e
SHA256 8c937c80235369a3d51dbb1b8a91673a50ca888c548ff8b3d7957c42d5578f68
SHA512 7289f3f3208bf50e07e8e2a0ef580661b750be8a4470b3406227cfc89f77ff361e3ab634d2cca855bba4d97ffc27d89326462b8ca390a314c33c095ded5fc052

memory/5436-408-0x0000000000EF0000-0x00000000014AB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe

MD5 abec32fdfcace29b398c6c4f5497d3b1
SHA1 8cc900525a0cd35625f118710925f072299ae34b
SHA256 35442dd1c531381e422eb7619025bce2a7f670dd1764b3f918bda2780d859839
SHA512 56cc8a484cdc65e56734267dbec524cc2f63815d9bc49263a83e869becaca3215eeb1ef5c3533bd9080667744382dd4b8e9431ada7a858255359f70085b8b925

memory/5436-426-0x0000000004B70000-0x0000000004B71000-memory.dmp

memory/5436-432-0x0000000004BD0000-0x0000000004BD1000-memory.dmp

memory/5436-433-0x0000000000EF0000-0x00000000014AB000-memory.dmp

memory/5436-434-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

memory/5436-436-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

memory/5436-440-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

memory/5436-442-0x0000000004BE0000-0x0000000004BE1000-memory.dmp

memory/5436-444-0x0000000004B90000-0x0000000004B91000-memory.dmp

memory/5436-443-0x0000000004C20000-0x0000000004C22000-memory.dmp

memory/5436-438-0x0000000004B80000-0x0000000004B81000-memory.dmp

memory/5436-428-0x0000000004BA0000-0x0000000004BA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8a018f5df0c818f74ddca85878733868
SHA1 c449236141dfcb55f3b4033c79732710bd97298c
SHA256 e4b33f9fec52af9c7a5eff6489916f3df2956ba5d51612e67230f003e311bfb3
SHA512 ccd48e49f880257b1efdc5ba582b57205e0d747eeaafd70f4618435a0fc1c754e7ca3f58b0b3da35a12ef8ce0448135612f4e0ced3e6bb315ea5ae6d6824fb37

memory/600-424-0x00000000009D0000-0x0000000000E8A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

MD5 97f3c21383ec73382d6e7688afd963e5
SHA1 8d0d9e6d3fafd126ae5b2c4fa647e06171d2949a
SHA256 d700a265c2d281cefda5bb3865b07b333129b26ec4c4891bc81547a0d55079cf
SHA512 566147321229bf44bd9b5e3aeed1b4637c374557d9aae0da445a895d949372e801d1e78fe69f1bbcfe475a5ea023efbe95db3c897dccd7753c39141db061499c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

MD5 bac8da89335e316fc809a834fa9e0828
SHA1 2aae418cb68e700f96871bfd61419c0a60357c20
SHA256 0e59890b093f3cd261e34b36e4ba904f5656315269f11b149c0aaff9929efb6d
SHA512 ab51f0a35af61d2e95fc7d081860ce6a9e69a154dfaf3991ae23efd9f99b80a5ac4f284203b757f988326c08dbaf674acaca114cd54e3728520dda5b20d5f406

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\e0e4024e-e9e3-4f91-acea-d3b55fedddad

MD5 467ef7c0881de77cd07956ef15ab6786
SHA1 129d6854143eb52773e25530942bc197ad5f6ddb
SHA256 fd9f9a4a55ae227af8dcf072df22b134eb0bb0ac18899fdf25f0bc7a58451c3e
SHA512 753ea53ff6ca1bff56b6cccdd8319381777f560118b730b440a0112f8a7af360afe42de1180c0695eddf709f0fcc0438a433f2a91f78fbaf861119477f341f57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\21023e92-7046-46b4-b80c-7aa870c143a4

MD5 5713c9c3971e30bf4be068c758450154
SHA1 e5a6f47a010610c0f85d578124890abd3e538cf9
SHA256 18b097fc9c61e43a266e1525cac902dfca429649034dbb7a3dbf53c1e0b4d3e1
SHA512 5d59ec39871f72c92876729698f2e126c89f5f87ae82df400b207b24f30e7af670690498d5c51cfc00a330f7a3e98343cc9c3440b735ecdafff556396fa16967

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 7ab4725439a12ba0f72585e062b3a801
SHA1 f0fe74bce79d2dec8f2c69aba0ad0ab1edf139fc
SHA256 f9373de9cd4443840fa2514f76dc339ecef4fdc6cb27efc7eb097b60d25baae4
SHA512 b72c6abf60db174c406c9b8a26974d712c2bd8d3787d7ddaebda972acdbde2d6a00292352b7dba2536dc43510a26bb25066f41a60e9fdcc9241eb7364694a577

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 04056c5ef1974dc972a524a78c35b32e
SHA1 f05f7aef0ed5d87a31dde3b4efc21e1fcef483e2
SHA256 2fd5847de3b975e9dc7ab2b484b38cbfa9b9b0d872f4c07d55c5124f881ed50b
SHA512 1fcea3829ae85fba0629a9d083ca23f41da419d4f5cfc54c17d407cc00517bd8d2cfa497b98b869c7e4d30b74f40144a6f7bd2692e029b1fcc4e847d30b5e956

C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe

MD5 900401dd1b109ad90342643fb778263d
SHA1 3a6e7641a73b82f6935ce4d86cd41c3e9f6bee15
SHA256 08b719ca55bcba38447cc866386a6e06f9be6174bc8ca51cea6d032b5284db71
SHA512 21c77b2ef06e01d234ca0d0b02b79b44346416752d4b0a25df2d9e5c5453bb4212089a0c30dbb368afc0541b4f1783638309a1432b975d3db9f54ca822b13e74

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EE18K0LR.cookie

MD5 4172a83f88aad452aa5432b40626434a
SHA1 5a778c5f1f043134e8a1c40b61a2696ad3f5490a
SHA256 ff25a797e29602daa75249b041462e3def0eb1e0bc008dc5a59aadaf2ec14ea6
SHA512 6c33336c558c6386b326951ff9ccb237d0cf3b767f80b196fd8a80dcb301a8771024896430f1ab9f25931b6441bbb5d851db74b768d6812492f74506c2c019f6

C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe

MD5 831f7228559559fbc051cb690e769afd
SHA1 8fd5abf443dd700e2d06cd0974236261434b38e0
SHA256 3d38ec607a3af71f44a9637719ed551785d6a64153f14e3c51f2cbc135ae8e0e
SHA512 5b1c95df2e817090f97ad88a56a3678ad68503561a55a6902169b7f6fe629d24121fd68c1f36285f690d464477404586181caa8d160d5832bc809b1ab5c0dc63

memory/600-631-0x00000000009D0000-0x0000000000E8A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe

MD5 5cdfd3b2d96eca26a8fb3638a58b79ef
SHA1 708df555d102dc33c2945727aa97dd26841714c0
SHA256 4d879075913564bb2edd93c16db20b633b78606308809b9a454f76bac49c832f
SHA512 e48531170f9869eacf38d7dae0431e41aed72f2aca5a34d58bfa432b4db84b8f2db462b2a01950bb2f19872e33a05e75ff5e78efa83cb8213b32e59a36149be3

memory/6624-641-0x0000000000240000-0x0000000000D5E000-memory.dmp

memory/600-627-0x00000000009D0000-0x0000000000E8A000-memory.dmp

memory/4260-644-0x0000000071FE0000-0x00000000726CE000-memory.dmp

memory/6624-651-0x000000007E090000-0x000000007E461000-memory.dmp

memory/6624-659-0x0000000077032000-0x0000000077033000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs.js

MD5 8d59e066991dc03587740c246bf3c58a
SHA1 4bb2ade8e6a1e3610de81b0edfe48ae76644e814
SHA256 81d84eead2f49bc6749c08ff5f4e14238580458171179194412b3d6af45df001
SHA512 6cf5bf22f7dcf23064e127235378f51fc6e273b54d3a83b4069d14709ee437bf46e3252d43cbc39ab1f40915173c410c8104a700bf3aea76cf06ff99b9e48c5b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TVYRE9XS.cookie

MD5 53a829ecb6f96d986c3e7debe7185b93
SHA1 68c25223e82a65c19481c563dcee7c6b6c6fc7c5
SHA256 38f8688d58cde0dc3d51629b3f8e84aa7b78054004f211b824fe65ed16995fd3
SHA512 3b9f6438281acd6c92054ee58b5f3d61dc114e17fbb9c15d2a71aa31825ec1b3bb27d646dd334cc44cc33bae4d072b3e6889ca42f26b7888990169414b347efa

memory/1060-719-0x000001C744AF0000-0x000001C744AF2000-memory.dmp

memory/1060-722-0x000001C755970000-0x000001C755972000-memory.dmp

memory/1060-728-0x000001C7559D0000-0x000001C7559D2000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 bd1cd573ce34a10ac56e6a65a18eb522
SHA1 d5869c17d83acd6c00318f39ddb97db5478ae908
SHA256 f474732813042d7d6ff7cc83f0c12f805490ffa62c23db9e80631b78c5e1a202
SHA512 a9ae8038ca2685c721712452bf8b58563729e84c88651c9bd3bc456cdf68a41cca4ce391648d094f270c3290f2bc76d5c0a41177a3282f0670f241cf477ebbf8

memory/1060-732-0x000001C7559F0000-0x000001C7559F2000-memory.dmp

memory/1060-737-0x000001C755B90000-0x000001C755B92000-memory.dmp

memory/1060-742-0x000001C755C50000-0x000001C755C52000-memory.dmp

memory/1060-752-0x000001C755F40000-0x000001C755F42000-memory.dmp

memory/1060-783-0x000001C7560B0000-0x000001C7560D0000-memory.dmp

memory/1060-818-0x000001C856780000-0x000001C856782000-memory.dmp

memory/1060-792-0x000001C7562E0000-0x000001C7562E2000-memory.dmp

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 7e2a1720b0f21e24a85679cd6379e199
SHA1 5b6f6e7d4eea77182d2344a945ea057105921d07
SHA256 bb58e22c96694617fd98f5b74a0ca94115fab6d83ffa6322ad1b2e8108510343
SHA512 40a35bea691b05c1fa485137c78bc799db19623d2a5e42b1a87903862ad08d7bc8e4d2b97a7b0e69773ad0d1c8bac986f3ea6155fe8df31d720d52f6c13a8437

memory/2988-867-0x000001ADB1580000-0x000001ADB15A0000-memory.dmp

memory/2988-878-0x000001ADA10F0000-0x000001ADA1110000-memory.dmp

memory/1060-891-0x000001C7558A0000-0x000001C7558A2000-memory.dmp

memory/1060-931-0x000001C8572C0000-0x000001C8572C2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A2606STX.cookie

MD5 4006454dba6f4d52af9ab02767b4b883
SHA1 3d3eee3f92d3532138b035676a12ef6645cd42c3
SHA256 4e6ea3f885284f07a23777bb2d27e15c6bdefbcb6aaddf8e505225d9ea697811
SHA512 27847c55cb0112c0d280c220cd37adbf5ff62839a1de88b3a853acd3555deefe748586ced355cdc3652b8a45fa6a555a91573fe72e1a881ad55464404b0b7055

memory/1060-939-0x000001C8572D0000-0x000001C8572D2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 53e1425992ea87582d6952658a793c39
SHA1 75d5ce3eeb1ee501928f221e15b71d98b609a50a
SHA256 249cd66bac325e43445bdc9291b18b882c8eefcfed6caaaa011dcb7e14067657
SHA512 40fa77cef9391e4ba68c3a80d3e0cedeb9214a4d0cd03310d427756e7f4f7dfbb5c478ceffa00700e35d155251c11f63e170ed8791af2b7f60bb79087b0dfc5e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f6d38556e96bdb48719f20d3648283c0
SHA1 669b2a387561e11322bfb9a3824671860512ab40
SHA256 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609
SHA512 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 f751b86a9da8042c3270c2ecd3be6007
SHA1 ed248d72961d64870285aa56e3bad396cf4a1d85
SHA256 4270f04da6c7db4a16598bbe755ebb5b6d5b48ff103407afbffa49ef5b381895
SHA512 4323830c90d69710ddcc2f1b7167d605485ad3d6125aec603e27d96dedae7ef19fc51d3022f46344d60c0b9d2e6752a3fba2baf808718c062d8afb7123e41278

\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 288272e040c562eb7782aad8910f42f8
SHA1 46591804ba26c867f65ca87555dec0e244b15fc3
SHA256 85902a5acab760f9cc596dfc279a6221f70f54fd0baefc79b9e2acbda212851e
SHA512 fe6aca9d861110e052a8479ac9dc8d8708e2954f7f49ac751f2ce7fb01d5e1d60ad1580b2d18a8391748a9627fda6284784da81330e33ef0afade5c237d8826a

\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 cc80a2ad8267533494663fc96626c339
SHA1 698268aa1151a47a4b8e13ab21ce5048e6f55482
SHA256 ba73cab84cae123dcbc3c785227c6094d2c62dc7a604fad82ca978018798260e
SHA512 27cd278411ac765579b2b2e8b70869bc35161f974d1969cf2f8c9df7073dda3b93bba91f607e69cda32a46e0926943e20730e0aae5d60d4432132d6e5cedbcd2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 badedaeccd89362db4f7927e16e57925
SHA1 178620a72d8e4ebf5f59f9a050eb1086b0a65f5a
SHA256 a4484462a4f03c72061dfd78c4545be1dff3e1d58b1c9592016f66538202e335
SHA512 9efb7de2a09648404f1597460c726639b787f453768b057c6c1ba22527a3d24429bdd2044f108c1975b2dc0f76789e1e4a489283518a7414bee3c2fac03febbb

memory/2692-975-0x0000018D60400000-0x0000018D60401000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 54c041ff7fc5afebe9e1c0244d77461f
SHA1 3be9c287163e188e7c27d24e283dacf2d2288808
SHA256 2739968fca08800e315870e47f60bd1fef6d1a8e7479a8d34cefb4619697ca41
SHA512 c95b8ff2d02229ca23cf89f72840a7d8421d6249a35930e6ea767b22c04ad57ff09ed01c4318e413dab2dd7e75a7e848a56c9894fbc6d0191c8671382bf89b0d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SD4HXYCC\9lb1g1kp916tat669q9r5g2kz[1].ico

MD5 3d0e5c05903cec0bc8e3fe0cda552745
SHA1 1b513503c65572f0787a14cc71018bd34f11b661
SHA256 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA512 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e7e80aee58985f2b9bd50ed68dc1f58
SHA1 52a886ae42d5f41b38e6d5a7982561b90e51ed87
SHA256 b14ec5f0053b944a251c2a6e53bcec606bba74e9c0d1a6a2d601a2e011b03c7f
SHA512 939f85de613a8f5089bd12f804c328caed3e1531220cba19e050d2566a3b59a0cbb8f435f357f58834746cb01993b45e83e5341bd3b9bc82846fd543130b70aa

memory/2692-977-0x0000018D60420000-0x0000018D60421000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b6b6d2feda83b57dc412aa8abc9f519a
SHA1 ff604b6efdc7b500ddc5937ce9889b7b86909f84
SHA256 d1a46ac718d6008915e6e9e3892768806a30ea3ea9269a8cddf97f81d0060639
SHA512 d61bea3e49bb54f3e431e3b19bb950dffecd1c76249e110d67b1d2803323990b0eca05a56dac0b0143354375086b388676715ada8e5911a371739f0ea80da9ed

memory/5436-1047-0x0000000000EF0000-0x00000000014AB000-memory.dmp

memory/7172-1083-0x000002005C610000-0x000002005C620000-memory.dmp

memory/7172-1081-0x00007FFBEE230000-0x00007FFBEEC1C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 e082e5a87c160d5ebdf801e31dbdd7ba
SHA1 9ef3a34ac2480e907cbcd1db02bce11817fc1f24
SHA256 b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b
SHA512 d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486

MD5 c078b0d9119ffb73a8de219bcdcf7015
SHA1 bc9ee678e3609e64a0218904318eb3f0fea13755
SHA256 130ae4e37dc4cf6cfbbcd0db426468f7c9c21fe442e6187d0cbb14433e586538
SHA512 ceb25b3745db02909f91142fef52238c79a96a52748f1354e9faf4a31268f9f5b4e4dcb7485aae170e6d1c3783f3e25d7f4a3ee4a837592f8a914d5e8513a05b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2916_1703011654\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

memory/5348-1306-0x000002AF9AEA0000-0x000002AF9AEC0000-memory.dmp

memory/600-1317-0x00000000009D0000-0x0000000000E8A000-memory.dmp

memory/6624-1320-0x0000000000240000-0x0000000000D5E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 000b1642f7520e1a63e8650959107112
SHA1 7b73a62bf7da97eb7d113dfa4c26d6d6583a331e
SHA256 1a675b4760a1b87a5fb3c1c3032f02f55ae473de24ef2838aaa0c58846fd42b5
SHA512 ae72bd276db88236181d3a57e3b88b26c4e673cbaf505ce8e9859d712d787d1aa73ccca1248602ebbb9d5736face3af241b36fdea419c3c84daaa6104790a92a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 72ab30731b9da66d9169ee5114eceb59
SHA1 12813f5780b8a70bbbaff20e6698158b5e15a2e0
SHA256 79ab9507ea382b0acdaa69ed82dcffaa137d37c5669f4e9f7a029d5604e860c8
SHA512 d6f2f6bc1b1f3dc09cba2dc58b46c71a8b3fb591ba9a1f241394c6fc80134868c379f3bd26dba1d604caa5a6d5e004c9f868751358b94edb20a8e902e889c399

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583e4c.TMP

MD5 a5ba443f995ad029d86a66c25f6575a4
SHA1 325c9d76917a97da2bcde4a0be85dd63f303398e
SHA256 1387817ee51e6128409967e5ddb20857fc132bfed2e9e86ac92d3ee2a0079837
SHA512 bf670240089b9f78b90be7e1a539d1a87a50c4dec5b441cbab607a14126f07daab91f0a30024a31f6c580642abcf5902b7d70ada45860108ca7cba4a47218472

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 7deef5b7ffcbfa20a0467ae75e5d116b
SHA1 02c8688f2e2520897d02d0b3305c2d8c05c954b5
SHA256 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e
SHA512 fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 b0a2b624365c4844476ff0681ae3e1b1
SHA1 d1cecd8b2582f9fc29a5f9bd416a6c572749539d
SHA256 45c25995008d7ed66e4c1fd77750fdc28a0ae1658d8a8c6a6b0f7b79992f6a24
SHA512 b0f6b071b9684571b353d7047e905d294b6ba2875059256c8f73334160678e0d788317b773d8424ddac46c6e5b86de693f4854bd7dc51aa7c86a71e356b6c0fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 4700594b7b207537f580e330210a753f
SHA1 8634d003249cc0c4259989dd5cbe9c1865602d23
SHA256 92175541b97c32be432934d39bc3c86bab546d91780616c45c6febfe7e0a0fd1
SHA512 f50066fb29f0f6063b123b5a15e6848d474e882c55915d1d70cfc0aa9d2602f2d1968978c61f916a16fb3bb4f7230914fcc28edc1c8df15ca709f9a985ee0490

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 27f06672c8b08781943b0f443b9edf75
SHA1 0cb821dc97045561a2561aab5f03243cf3d5fca7
SHA256 aa2d097311af0339a476d512884c75ff470784d59e0b163d2e0a74334fcdcf97
SHA512 f2d586ddfad367b33472a4394f06e5d391581ab0cdf65b2baf5feb696ebbc57474944dcfb2bf13f5ef80102a0ed62d264aa38cfee80d2bd231a0e4d08435d3d1

memory/6240-1478-0x000001BA77B20000-0x000001BA77B40000-memory.dmp

memory/5348-1490-0x000002AF9CA00000-0x000002AF9CB00000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 7a204d478c8dfe822bf86f9103bbd9b3
SHA1 7114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256 d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512 f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 d25dbeb674e8df39ad3c4d873b745dac
SHA1 178388e16f9920164fa901178576576afc366ae9
SHA256 dbc048edeb9b068a4a7b348e649226b09d9650a6325b667cb8b2e698bd9a3bca
SHA512 8e254f9c872489d5e51e34c2fa1e74f1e2dedef699766fe594de5cee224cfe5fa419ace2c5edfc2dfd98e207ad9e8dd51a1fb0f8705e77db3a940f67463a3d0b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\xa77bdp\imagestore.dat

MD5 86422eb907501b3591bd2c0a927e57fa
SHA1 eccb1b2c25946bf7cb6fdf6b426fbf4b2699e043
SHA256 bbc73ddc4b4deebc71db39c2dc04f6492b1ce108646c36a3ad006e105f922da2
SHA512 7150c13922541caf8aee7c39ba282c105cbbb2cd9c130d995502c99abf5b4b84d68d196b710909bfaf2e6be3f4aded02f486bc36d1a9f00723a498b093b9b9d1

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 2afdbe3b99a4736083066a13e4b5d11a
SHA1 4d4856cf02b3123ac16e63d4a448cdbcb1633546
SHA256 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee
SHA512 d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c941f5b29032749b3de0917848873752
SHA1 10ea034d57bbc84295175714994abed64e18d252
SHA256 5115df6a57a9f5ed50fe866cc2efbd6e84368ebacc12afd53cc46cf3333919ef
SHA512 78bec87366c8e4201449e9af48c1024a6602f7dad884b546eb59f362a289bfdf7cc15668db78d08f303f79fe9cfbcbfc6ddfe400340cd9e3fe7f9dc093c875fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 c1164ab65ff7e42adb16975e59216b06
SHA1 ac7204effb50d0b350b1e362778460515f113ecc
SHA256 d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA512 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 56735d0d02f58110c95055d28ff1d75e
SHA1 e02842d5d16f0c3a1736feee8618b91458beeb7d
SHA256 d721f074953aeda94bf1cbf78ddf8e380e20b6e64276ed3c96c73c1d24ea95a4
SHA512 527a1742266acdf35d9e0d5eb511f3a9abeeef6ab94e221851bc1f096af817bdfc9df98e7569ee3689713713f72062ea8b2d8a89a9b4d185abdf0a082451e15f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 b63bcace3731e74f6c45002db72b2683
SHA1 99898168473775a18170adad4d313082da090976
SHA256 ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512 d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 3669e98b2ae9734d101d572190d0c90d
SHA1 5e36898bebc6b11d8e985173fd8b401dc1820852
SHA256 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA512 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e0dca74c094c174f7c1268d8403da42
SHA1 2299251d204dd55a618fdf596ad982cfcfce8ba6
SHA256 c633b18acbc6fe42b7d053eca403f9d3c0374db088888a6388b2571ba8d13317
SHA512 0a24421215e098be26fee57824fe93215fc5490798a123cf988662e215f4481bae402b9734627f4c03a2b75f997e0be809aaf5f5f41b092e711834bc97bfc983

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 454cb8d6ad6f5f0275bf4cce439da262
SHA1 332e5af4b0244e04d600d502899abfbacabffb58
SHA256 d2fe7deaf3eeaabdadda18b18bee1492936867fe452d5118a09a3d8fa98392d8
SHA512 c1d3f3cb15fe8b814e4133470fb74f0045e5ce1a59f4cf99dc3d2e34d67daa421a251b4b29fb4daec356af561892cb8057635aa6aee7578d54112201e5d6e840

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70a0834533e0deacda308fb599fdfac5
SHA1 110e44013ad0bdccb7b7b2030f34e7a0b28d0520
SHA256 dbc37d53b5e1cc72f4d27a140d057cf175c6d96600806213293b9a8b6f99d194
SHA512 38ab56268fc3d32cbe4a9e95ca13fa39ef57dde1103baca80399f2a14c2e0176cfc279727b1dbb54f8fda65d518a34d1d0ed142c21d8866d800d22a751fe621f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 063bfb735c2aeccabc8e3f67b18a2827
SHA1 19e144888b97cad508b1ffeef49bbfccc9ba3500
SHA256 285fc91769485480f3f4ee4169cda8b82cfdb43a5f1ceebf427770fdd89b1938
SHA512 c4b8ec4738f89e58a23dfe45a642708de2b4b52364740cc335456f86138f1fb363e6b435cdf4475e14e902af3cffa1095a9950e28cbac37237612768d6a7f39a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\76WUZIPK\4UabrENHsxJlGDuGo1OIlLU94YtzCwY[1].woff2

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\doomed\6539

MD5 66eaacdc689509ba3be2186f576f8c0f
SHA1 7fc51bbcdc914cbadd61125dcedc5c16f7ffa02e
SHA256 ffed6ef3ca19d826cdf2d5b038a1f5cd56ac1401f4006e250361aa51d0f68c74
SHA512 b183afa7b8f1ca6854d038696c47bc39dbfb9b5d0f36795886c68fd36da06dcf951b38984433ba5255ca9c6d4e42e8058a14d162d4c11ec94325fe5f050c67ea

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\036BHZ3G\accounts.google[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4790b051a5500bc2afb8cc2568c5d6c6
SHA1 a0b2dd26d9473eb9279da989ab3cc884add19383
SHA256 570bf1405367dfa62ee80a2680fea666c31cbafbb0b8fa9f27d973d1e4960e86
SHA512 70053158ada2ba90b99b40909480d5270fa0c3c916004d59c0c4195ce55028f8b06fd22339c78175a534a28d697397574c1660fa770f08da7a447786a3597b22

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 c7849450bd66efbb9adb1222cfc431cb
SHA1 bf417fa93ab505215d2c1dc2fe1b5b33e0e9c3cc
SHA256 a46a9790600a1b170d1e405528d90bdd57147466dff143ef1252cd1d213795ee
SHA512 25763a3917d7e0271f63779aadf5b6a84c625ca46d6c7b827feeb8636811bdabc49e2fb7620b2bbc2b803ca122190c68cdc6563aa5bdd1328f098dac7d0273c9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\doomed\239

MD5 8cc9a375ad7f230d833772f02905285d
SHA1 b3620b1ca96b696358a0f87281276ea917bc5426
SHA256 ee8aec93b0596228a2888e8febba542a4dc5fb3cf207fc342025fffb020ecf77
SHA512 62fbfcf6aefc39401dfef103af297083460fb5ab156bd30185c6cf95ddbb8c16133dd80107989eeedfc66e26b0141a2564d4441ef5d1f046af3af927fd61af83

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3LITF917\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\08BF12384BE96F3D4359047C547BA09E62A5DE75

MD5 5f44a2d378cb580fb2931e61ce607c70
SHA1 3fbf6b29d54b1f4ab2c5ede59537455d7c874070
SHA256 8f8df313ead6dcce1643cd660933cfbc82530ff1645c3e15636ad2c51eeefd04
SHA512 ee2401b5a766efcfbea12713bd5adbbfe406809bb27d2238e8ee9901347776849ad3973d4b26c522c0d1ce63d187900e3d7e0d4f66de4aca1649b09731d8a609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0b83a132ade0ba0c9cbe19b55c79ae52
SHA1 99b18f480cc13e1c8350677eb54ca2cd6f630fea
SHA256 a952dd1a7d1d80fd283c8467d2328ca30cedb2f606ae289fe705627d13a89d11
SHA512 1a1dc33c47ca45b1590d6cdaea553f3f15556e0ae4d80f0a01e44554af32c413244f9a1a0846e3156031ad59e32e1c90abb1a1a246f846700901eb3644d6c3c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589a28.TMP

MD5 ac6853216b418cc51d918b9c0c3ef607
SHA1 d46f48c6f2e587851e3594ddae307f93d47a744a
SHA256 eaf44a6752c06d87e0149e6e73f7478647c1d8829c3bc3f49a3b55f33fb562a4
SHA512 1c0dcefefbdba9f902a361399d258a12b427c0823ae5f1bc72c735943c38350f8c115570ca55fee47d18e2e4831a15f47c799dfb8e7af69ead7ca0c03e60b9b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\93\{cb2f7863-46b8-4866-9e4a-90d4c986d65d}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\599ED0EF31CAD4FEF69926D3A322C3A0364B4B00

MD5 b1ac6147a22e79ca1c05da8c9bea9480
SHA1 cf05a0f6cb0515050be3936e013f8fe52f5e73f9
SHA256 a24da0df77e8d5513166cd4f577166881e3af17afc52ce169a55ff4cb3ce5b17
SHA512 17bdb4988fc3fc5aaed4383cde36ad9dd14a82d963dda5b1c19d11c5c6af7a9919f9f34560e3313abe887c7d7e859cf1c8e8000823342e9caf2ac5d7a1943c04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\idb\4200854728yCt7-%iCt7-%rae8sdp8o.sqlite

MD5 e74c288c8bcd14ce5fc68b8bd2441080
SHA1 d8607fa57a316188381a3b1bfbc86f1c939d1a64
SHA256 2abb6dac07020038bf8705711f5483224268bab1917b66143e4e39a4fcafb384
SHA512 3b81ab1607202230d6f6313d5d41e011eeb02df4410a2a173bcba4374feb67cffb2aea214d1191eb935b496e79d43ee5f22797699940b0dcd00ff26c5e7c4fa2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\C70C316DA3599F2A2E36C6AE2D5C4D9991A1CE4A

MD5 21806c33e5b12e1957285690206f2111
SHA1 4f647de512d5879db5173f779602a2f7ffea87ed
SHA256 76df731d593fe1228adfbebeaa6908702ec7a39d133f9ba53638ddd60e00dbe3
SHA512 75e63877ea34c8c437a5ecf5ad77cb2fb87f8c90a1e6cf174daa62a46b842fe158d9259a73eda78f45de0491109949fc5b9bd67256242dbb776d58c08a53229d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\D99632F1A906C944866247FA82705F81634D5CD1

MD5 b871c1a1d201040e461acfb3eb01b03c
SHA1 6145c164abac7977d8a5eae3a8d66e718364915c
SHA256 6c188452ca71493ca4bb9cd20c5a3d7b2fac957b0ce4e34c90a8a9e46a4eb0f5
SHA512 15d0b97431d9c9fe393de503d63c8b723f2b39b55e787135069b3b5fd9daac5d15ff3b725179d04a8f5f99951ae4a355ce3fff62df8bc7d71d0a203695e8fd67

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6NB6O71M\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2347260d51ca4432a4e32c56da8fd8ee
SHA1 4213514ddd51fe8b59081bc50553bb3ca088867e
SHA256 2ed90a272782038569b2c27c16b38262d88d91ac2bf97c0d689bbef4cbf8a5c7
SHA512 d83753764332790e8198b72a7363e2aa4ef3624c7bf34f9758a64a1379e83171408adc9aec6226dbd8a50b41fbbb01b1e379214257beef726144322bc915eceb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 aac9daa9fbd0a896f415cb631da7f954
SHA1 94e7321a4d9cb4f42d662f5685a36920807c8c38
SHA256 c9da818db49a51bb93b938ccaf2941b1b3df40f0d1a8e8710cd14284b5c01715
SHA512 2dae89fdacc8c85ec21603c7ebe3b4f0d8362ea3678670c079745bde82737757c110f5d66ffe53559a8331a49a809005813e12b830941f0f72707ed43ebcc4b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 27a05b77e7bba6c2b279f1a67cd6acef
SHA1 3164de3d460475f745bba673aecd9f7d799d7509
SHA256 71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83
SHA512 5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 05cab42dd8898cb922dff2a4b8d6648a
SHA1 1d65a726de2f788c331931189e9d8b3d999c46ad
SHA256 5e2fc539637859876b6edee8f58a6e4d99f0dfb9226287cc271165613c7b8f7e
SHA512 0db5a855c730e452d86da48e91d5cb407fdef7dad59aec0019e5aa1232b54447b8d3965600571fa93cb55361001543ec77b8681f8878c5b9f97098ec4d49561d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\750F96FAD3E6147BA74D9CDFF4C33D1FDD0D8AB5

MD5 6d94773c60b710ed11c1519ca275e0fb
SHA1 cda85b018965e0088217998e1222f6d54c1fde57
SHA256 48aa2b85deb0fbe50b13bac0689dc560a31bc24db36e3856611b80552f7843ed
SHA512 9491b28572305c3271cdd8a32805a6fde6d4c4beda2166e3836b6cf2704d5daec84c3729e06e57fec4646647905c0639621c14e65c3d4c49f54145eeb710d8e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1f4f378777787099e33de3fbbb1288ad
SHA1 1e7ac6d75f7db29fcc6725fc13d4143d7b1e2d2f
SHA256 3937adb246ec7e3feb755fc11ce4d64c564f9f760b8dff43c83e38ffe74321a5
SHA512 03b51bbd2b06c2c89d98e34a00e4ee27044b932cf8cc1f34e9ad42d337a29c53381f6ed4a2ed244a530bf2560776edbacfc191986dc7b39f92320cb65a79de1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 9f0a32a9c9a5e2aa225b1e004299f881
SHA1 337a81eef269d6885bd4e4806ae751a911970e49
SHA256 22a8782003e60d456152a837be29662a9e0b627f18ca5be0bbd71f48afa728b3
SHA512 f702867dd2810e6cf21484b5db3a896be3626b9f4182ece125fcbddf595b8b9898998f417c78581cec6689059436d56a28d2156b76cd4bd835edd80d79eb730d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5858dacc-ab51-4b25-a5ea-9a3f45afa3ff\index-dir\the-real-index~RFe58ec4f.TMP

MD5 47fe479419d107f6a16505a0d2b9351e
SHA1 05c20393b101bb201f31c940778caff8f1e64dbd
SHA256 6d5288ba21c8158e485cb5bdca0193d1832211dde2bc089956d66aa4839e410f
SHA512 752b9c39876cf94899922e3c6661aa7abcdee22fc6671835042807f57e61a670c1ca78efc4f660b2756e63b16ce4f78ab5300903490954ff271812820ff9809e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5858dacc-ab51-4b25-a5ea-9a3f45afa3ff\index-dir\the-real-index

MD5 ff3f99512b379d78bf2538fde9761374
SHA1 29ab2a9c9c8eab5117658ef33c19f4e6c9311ac1
SHA256 b305978a55320cac91f4a602c47b251db0efd97e66c574cfc6fc8a539ac680ec
SHA512 4b3b5a997aac157dce73ee8f49134dcf79378f4f4b38974e27654aae8aab054dd593cc46fffe5399c321a3c09893490347cbff856c7b72bc920e085335e80416

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cf69305e9b16da3b69a0a56152e95997
SHA1 e0150632e14a59e348099d9d88c21fcbbb8522cd
SHA256 b553f3ab91f75c7a19386f9d42c41a8c20331da0f4c8def2592a4d7d40b23edf
SHA512 2a1a1321fa8bbbcf9de6b678254353b1ef11c83b890d7f1512f6b0741b221f173b7e5dc95709dfc5df0df2e1708dfb15ed615fff8e7e88d1cfaa1a8310c357b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8fdf69ff33c55814d38f4d456bc96d35
SHA1 80550cc08c0d235b1d2be79d95eda015d731d187
SHA256 23d5ea7fb63271bb0491b3d094887a78d3556058253fc731e739bf67dce355e1
SHA512 8b7c7c2290bdf4ac57a53fc2b437f7e0a273059f9464058b2edcd5c5a5337323eb90cd82e1c3eca403de8560607f61c45e3edeb3c29686236fda016eb8e928e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 e606bd8d549ddad7d795e21bc32a9509
SHA1 8bdcdc2ca1b77ee70166f4fce19c32c2209ca7b0
SHA256 4140a9b76b85643c1eec66fbf9e6a81e5085f306d9fb345a1663f7ee77597ff2
SHA512 8e2d81e0509f79540885c42cc704982eb0ffc8e122eb5acfb5beb75cb4e70611c7ccb39096b746b294ca8ca6a85c458be75e018ac62903f9ac0e4cc4ddc8867d

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9b495a66bdaac42e3599c35ebda82844
SHA1 bbcffc0581f1ef0869d5afa0e2dc3577f91c6e42
SHA256 089abf95865ffedac0ae4506b9c584b02a1ed0b3e8a32fac359c3f89f8e44624
SHA512 a99abea48d3a26fc9ab356255e1e6c977b3b8e2598b965b9fb95d1781145c53f86e2ce04603ab02b7449b983222ee3804ea39180b39ebe0fec2080b679aaca33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UNYTHTB8\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\doomed\15122

MD5 ec62c1668be2bbeb10ee8d8e2f0fc307
SHA1 5877fd29d6324f33ef1c5f18d0bfdb159235413c
SHA256 eed26c2d999737d99ceca5ef5f1dba039257e10f848d1b664930ad5d0379ff52
SHA512 6ac127f9078cc77afdada95d12f228e80dcf4f245e54be483ce640239a1e700a33ea74182efa14c734d974ed318395ef240d3274c7575e061a9eca7c64a119af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe592050.TMP

MD5 85bcf5564c4044d23d73048281bcf3b6
SHA1 e921e5acd616473f6ec2bc3571663e20743d0571
SHA256 6794e9ead975c11d28d85898058855cac72dbf0a4a5bea6c558753dd3192eb45
SHA512 c2efbc6270aebd94c1cd6b265de2a0fb037eaef71898a6d644ab28008ad8a0dc95c639a241648c83ac0d2bc135607a77f1e6de40935269f15fe7be7ce4617ca2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 b495f123e16101f030bb236815a8fca6
SHA1 0a60d8597600cfa47f699adcd717a6a6f93e3c72
SHA256 65df22c3b4f3649dde905982dc35fb2b34cbdc39d09494b16460218e1ba608d4
SHA512 5bd40c8a754bec8a0cef2d49724cca3a802a07920b94266d85843a23cb6a76ebd786ae2fb3c8916ef93c003467b205bf98fb08c8ffcc451502dc823be51f98d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 569fa77166a449245d02683f9e807347
SHA1 5e74d1b75062d6ab5431e362cc7c1dc0ab2d7b78
SHA256 f54c3d6c09b3c44e98e9a80b58ab61d22a0eb0aa1e1175d4b7446d00d50f6473
SHA512 993ce1e5bd70e4eb5526b2f8b7ebedd736ac34e8775fc54c0d95ce0e3c8a62d0771fa0e4df3d81a214ed71c2e7a2b16847a5a48e5477b072f1bedb9ec8068049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 22464b604cadfeba564be9d7c36c8f3f
SHA1 d50391baa6c9a24ddc33220511a98684298bf569
SHA256 6d659eb5665edc2e0cdd2b69b77d24b9a38d688e86ab90247f1e96ea85268af6
SHA512 663eed4d28cd9ce98637b7edd085ab32fcb0c116fed307ab3129d93dbbdcb0a71edd1641b9ab3ea15887aa247d7a30bca6167814cc1eaaee335befa4692a3d35

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3f48b5e9439f265801e565cd77648cea
SHA1 9f5b96df8d931396feeb3979dca816818d0ed7fb
SHA256 d8d06d2691cd785a2bea5e8684b435a33471bf10fc80711e5ef0824e363d2feb
SHA512 be9aa90d936cf0fd881dde45da044d0fe361a6a89fbebe16bf2519ab828d796eb32e1248ce86293cf8850f529bcabad9ff04a2d2e8c1a24cc51d03d350d62f81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 24d3a206df8dda8e30e522a2af033287
SHA1 9cc60751f64b746750fcbd3d508b32b2ce269b18
SHA256 d7338250b57da0bfaa53c4b8a418dbb5b0ef25a05d574f792229581fea18e51a
SHA512 f90b3f8a60c8b6b433ee29cddf8a37ea160663bd3a40cc0a3485d55dd0e0d153bfdda5010509f6d3cb43aae9894f2ffde187c50eb0c2ed6d0ede957e96f57e8a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\36\{09964c47-8b20-49e0-a9cf-e42878def524}.final

MD5 51bb0fe00991a2ae6707b3aefc583918
SHA1 21ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA256 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA512 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\21\{6230cc46-ec6f-4065-86f0-6290d3c9ef15}.final

MD5 5b0f165bbdb71faa1bb5b26c4f022e96
SHA1 704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256 b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA512 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{2139f804-7b58-4f1a-9878-0c6922e0acf5}.final

MD5 45e25bb134343fe4a559478cd56f0971
SHA1 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256 dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA512 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\211\{6114a53e-88b7-4ec7-ab1f-68e11870cfd3}.final

MD5 be203547ce77fa7a91259437b55c0d1f
SHA1 cff2ff2c9469ac96eff7baaa308cdc886fab804d
SHA256 e5f9c781a4756c64455652d9b4bd944aab9ecc1eef556814c00b1797209f4840
SHA512 adf00778a63ea8a143f8fbbf61188392a87a376234e17856339036854cff3a5247aed0b1c0b603332e244d348d58402ba58b32f6df6cc8e18f9d8242f6573f71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b37d991cc102cdefcd1f0cc0f395e424
SHA1 ca3f53f5e4a3b93ff7431a4b873b417dc3889aa5
SHA256 c11306236e3d23f8701561ae45112f2eb4e9e6ee5fe2ab4adc2289247a4e3273
SHA512 61f432a5d29959b428df2d57d809c81820975e03f049f5e83df95fa07d2c945585d1c2db088b8974ff541f78866f68cdf9a7d838f554bdf14e80c3a49b0749fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 07a0daaf2a74c4ef4f68d3a32774071b
SHA1 fb820844886bb5926dee72424a0f74af8a115e01
SHA256 50233e29f8234c2d27ac6d6faba24821fb10bd5090b6335523bb4a7edb2775e8
SHA512 91fce812553ed8542760afb323587a3374adf17054d7bb53be44dce50c80ead0cc9efcfab94677cda97ae0ff90d4dc1539549aed8827cdcc712f40f3f9225652

C:\Users\Admin\AppData\Local\Temp\1000237001\dayroc.exe

MD5 9e4d1c2ddddb0bb9ab403a7540fcb44c
SHA1 9d3d818c60aca0d501133497055fe43dd1d8f2c6
SHA256 cb6fd0e4779453133de64e1af45a7489ce2e858f7024b792f03c9be549afb84b
SHA512 15932b3b10c53ee596101085a0df42218f8c94553cb36d2b5bc384a679288b82eacc5bb52c18ae565426bbccc7c8d4a7a9cbd3df6ee3e60e968de28c0ef8812e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d12375086897a404d242f81077b7f231
SHA1 e2fc27b13c66eecb82eaaf34ff0a45995e78bd68
SHA256 fba7de9c6289f1ccc399dda3b3741c24840753daa1e9e5adaab24e53fe862f0c
SHA512 31f193b17a1754af881241555703ec5c0ea1434c1bd4a149991e10aab7543e88a2607a8e49a47b967c75bfd45c870b11f30ffb4750b107a5b9694306c8015d83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 14cf62bd859f208fa13c13062b8c5db0
SHA1 b3840a3ab6c0f569d3cea5f5402afa9cc2bea2f1
SHA256 7631a9806c63730035c7c47fccb5313c50860164950a986e719e78ec507e096e
SHA512 77a77ade4d966372ac8a6e13096b54eb4164c6c9c63649118d2f141a1a24846d5ca640f30105d063336585037c1c120579e2352ebf5b4d6a09f6412b6540db8b

C:\Users\Admin\AppData\Local\Temp\1000238001\monetkamoya.exe

MD5 e9adf3fcd6efd04ad2d9fcbb0c652a5d
SHA1 bfe3f7167266c6e17572e801394517513d4b7501
SHA256 1e97aba3bea70cedc575c7a181f1782ba7d8a3bd5859960bd46ea3a0663a95a2
SHA512 6e0be0d272eea1ca92ea164549b0a4c26f7a89ecdbc85c6998a278eb961c406e43964eb13cd3d573fe063aeb64e8d38a984cee8706747f82610a56a716c0b255

C:\Users\Admin\AppData\Local\Temp\1000244001\goldpricem12334.exe

MD5 68777645a0968e2fca74a2fd06eaa2ff
SHA1 f181c91a08e1b85d866a3c3e497ef1a1e298903d
SHA256 df952743ff04bc19bb4e1a3d7e9bb1a172fb60653aa73f9ae619fd5367b8e63b
SHA512 d06acb0ac1465d5b16f3853c940502085946d192547c1912561255e476b9452281abab2ff1e2f29c0937c1367f0581839dccc6816dce2d8cd73a091b4c4beced

C:\Users\Admin\AppData\Local\Temp\1000245001\daissss.exe

MD5 10a331a12ca40f3293dfadfcecb8d071
SHA1 ada41586d1366cf76c9a652a219a0e0562cc41af
SHA256 b58eec6e5aabc701404d5b5556c86fff5cc103c69eeda00061e838c4f122288f
SHA512 1a5b8e77ddbab97bb4c848adbcd7dbfb9ca84307d1844dba9572fcea48a2cbb091a3fc52663b87568416adf18a1338adc07aab0bd5f1ab36a03c8ff8a035d399

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 585c94375bdb9ff01a6abacd6bd80067
SHA1 a282a25553d3c50dec8412eedd437a445811981a
SHA256 994ba99a6d48c87d905bf3e473cab5c9a07501313a5d3d611602dc8af0456873
SHA512 8f1f3c0279cf2c861513c4846a8e58a63447480954615b1e3838e0c2e9f37902cadc1ad072883b430d65cff0866e3be26181492046357e0274a14e1f6ec523c6

C:\Users\Admin\AppData\Local\Temp\1000246001\newfilelunacy.exe

MD5 c1982b0fb28f525d86557b71a6f81591
SHA1 e47df5873305fbcdb21097936711442921cd2c3b
SHA256 3bab5e1befbdc895d9e36e76cb9a40e59de61a34109c36ed26d7dedcd5db3080
SHA512 46dcabbfb57b3665faa76bc6f58b6f252934788acabbf2ba75263d42cac8c013f6feb5992a7043123842a609bdd1b3084f2f0c8b192c2b219b87274d29f8c432

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

MD5 f39ad0d585ceb5713a354b63a4fbd156
SHA1 3e3f7464bca47a59aba81910c464bd1e7e88be0d
SHA256 c7407a62f0b5dd5b132b75d0895c9cac6e4151113a2384799a124c0350aa04a5
SHA512 0de6438d34492d397d7d73f77f85f4ee30d89921452dc22e1fba929010e009bec56d38ff8c68eea5d9792f56afd3b59448976a5ed18fdc9caf3aa6a333e7af30

C:\Users\Admin\AppData\Local\Temp\1000247001\lumma123142124.exe

MD5 cad41f50c144c92747eee506f5c69a05
SHA1 f08fd5ec92fd22ba613776199182b3b1edb4f7b2
SHA256 1ac5eed2f7fc98b3d247240faa30f221f5692b15ea5b5c1eba3390709cb025c6
SHA512 64b89f3a3b667cd81f33985db9c76ffd0bb716ce8ed93f97c24d3c20e7236d91d02af9371a26d41f55b564702bd1f6fd7489055868fcd1610c04beb79ae8c045

C:\Users\Admin\AppData\Local\Temp\1000248001\new.exe

MD5 f7df4f6867414bb68132b8815f010e4a
SHA1 ff3b43447568de645671afb2214b26901ad7a4fc
SHA256 2c9490406c7ea631dddcd60f862445faef37c036651636e4bf5e6fe0837c4b42
SHA512 0ad9b1544c25ae7814fe1ecdb1cfd466fd14603a6d55749e63ce6b90926ad239f134aef1bcaa0910b79235b8a3873ad11698e17dbd0cfee92fb909f4daf0412e

C:\Users\Admin\AppData\Roaming\fgwggif

MD5 55f8359ef2f889e04fe418c80bc952ed
SHA1 b2ac224b69c20b721ef9810b79003b513823e55f
SHA256 732cb080fb5e27e98728c42f77b5dd865faa1f5e840d8113c9f30fa2c3f550c8
SHA512 42bfba12e19f399beb54d65dfdb8767584c75264a1f321aee68cb85880d7ac606b3022bb0ab7df72075d3f2271e7d4918c9c7bae7acf6675856bcd21f6fe46b8

C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe

MD5 41b883a061c95e9b9cb17d4ca50de770
SHA1 1daf96ec21d53d9a4699cea9b4db08cda6fbb5ad
SHA256 fef2c8ca07c500e416fd7700a381c39899ee26ce1119f62e7c65cf922ce8b408
SHA512 cdd1bb3a36182575cd715a52815765161eeaa3849e72c1c2a9a4e84cc43af9f8ec4997e642702bb3de41f162d2e8fd8717f6f8302bba5306821ee4d155626319

C:\Users\Admin\AppData\Local\Temp\1000250001\for.exe

MD5 8c281571c5fdaf40aa847d90e5a81075
SHA1 041fa6e79e9027350c1f241375687de7f8cba367
SHA256 0182e73c39240c0e660bbdd4262209f08d767562d4794b7ed5e36a4d4f36b409
SHA512 b0e481681b02e4cc4f95deff2fa21354f94ad34e6611d97de3a127ae285038164df724f3db27bbf03caa217c3d8dabf77bfdadeaf9af8a1915edacbd35c1c862

C:\Users\Admin\AppData\Local\Temp\tmpD402.tmp

MD5 33c32ec1b1a0e4f6df7b671b8d95a056
SHA1 9b3c51f765bb28e619001eedccc9fb753c52f41a
SHA256 90052ce4464d45e82342461b7cfe0bf47627914bb5359b307f40de540513917d
SHA512 9da8412ccedcdaa847a247e79ab22922cab87ac37b2e69b320967292ea16ba0aab5e5cca0c7bf1cd8a610919628a926d4fd16b41aaf5469eb9b66ced8bb78296

C:\Users\Admin\AppData\Local\Temp\tmpD3EC.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\tmpD48B.tmp

MD5 fcc664e3d8d3c8d4ff5bd07b51de86ef
SHA1 9a65056a528d81d2bdbf142910e8e6a67e03a6b1
SHA256 7b9b709ca851141b8eebdd6373971acbf3b28fc19b5305bf35fd57b2d0ca2ea0
SHA512 776f9b6d2a31c95bc80abd16622d862fdd53a555c81658544467e4162ef05e9d5a68b841a1efc81dd4172e24c8f8dd6e9d00f627a79c73d9cb5f615bb1cb9c70

C:\Users\Admin\AppData\Local\Temp\asdjijjjjj.exe

MD5 57935225dcb95b6ed9894d5d5e8b46a8
SHA1 1daf36a8db0b79be94a41d27183e4904a1340990
SHA256 79d7b0f170471f44ed6c07ddb4c4c9bb20c97235aef23ac052e692cb558a156d
SHA512 1b6362bdb7f6b177773357f5fe8e7d7ee44716fd8e63e663e446f4e204af581491d05345c12cd9cca91fd249383817da21ef2241011cdc251b7e299560ea48c0

C:\Users\Admin\AppData\Local\Temp\1000252001\Amadey.exe

MD5 d467222c3bd563cb72fa49302f80b079
SHA1 9335e2a36abb8309d8a2075faf78d66b968b2a91
SHA256 fedb08b3ec7034a15e9dee7ed4dec1a854fb78e74285e1ee05c90f9e9e4f8b3e
SHA512 484b6c427e28193ddb73dd7062e2bfbd132ddc72ce4811bfe08784669de30e4b92bc27140373f62a4ce651401000a3c505188620c43da410bf6b0799a0791fa7