Analysis Overview
SHA256
1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7
Threat Level: Known bad
The file 1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7 was found to be: Known bad.
Malicious Activity Summary
DcRat
SectopRAT payload
Rhadamanthys
RedLine
RisePro
Amadey
SectopRAT
RedLine payload
Suspicious use of NtCreateUserProcessOtherParentProcess
Djvu Ransomware
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Blocklisted process makes network request
Identifies Wine through registry keys
Reads local data of messenger clients
Reads user/profile data of web browsers
Loads dropped DLL
Checks BIOS information in registry
Drops startup file
Executes dropped EXE
Modifies file permissions
Checks computer location settings
Checks installed software on the system
Looks up external IP address via web service
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Drops file in Windows directory
Unsigned PE
Program crash
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Kills process with taskkill
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Modifies registry class
Checks processor information in registry
Creates scheduled task(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-12 04:49
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-12 04:49
Reported
2024-02-12 04:54
Platform
win7-20231129-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorgu.job | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe
"C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe"
Network
Files
memory/3028-0-0x0000000001200000-0x00000000016BA000-memory.dmp
memory/3028-1-0x0000000077740000-0x0000000077742000-memory.dmp
memory/3028-13-0x0000000000AE0000-0x0000000000AE1000-memory.dmp
memory/3028-12-0x0000000000A80000-0x0000000000A81000-memory.dmp
memory/3028-11-0x0000000000FD0000-0x0000000000FD1000-memory.dmp
memory/3028-10-0x0000000000C80000-0x0000000000C81000-memory.dmp
memory/3028-9-0x0000000000A90000-0x0000000000A91000-memory.dmp
memory/3028-8-0x0000000000E30000-0x0000000000E31000-memory.dmp
memory/3028-7-0x00000000008D0000-0x00000000008D1000-memory.dmp
memory/3028-6-0x0000000000FE0000-0x0000000000FE1000-memory.dmp
memory/3028-5-0x0000000000CD0000-0x0000000000CD1000-memory.dmp
memory/3028-4-0x0000000000FA0000-0x0000000000FA1000-memory.dmp
memory/3028-3-0x0000000000F40000-0x0000000000F41000-memory.dmp
memory/3028-2-0x0000000001200000-0x00000000016BA000-memory.dmp
memory/3028-18-0x00000000008E0000-0x00000000008E1000-memory.dmp
memory/3028-19-0x00000000011D0000-0x00000000011D1000-memory.dmp
memory/3028-17-0x0000000000FF0000-0x0000000000FF1000-memory.dmp
memory/3028-23-0x0000000001200000-0x00000000016BA000-memory.dmp
memory/3028-16-0x0000000001040000-0x0000000001041000-memory.dmp
memory/3028-15-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-12 04:49
Reported
2024-02-12 04:54
Platform
win10-20231220-en
Max time kernel
300s
Max time network
303s
Command Line
Signatures
Amadey
DcRat
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\198d3483-247c-4a29-937a-8877ccf351ae\\DDF3.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\DDF3.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Rhadamanthys
RisePro
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 9396 created 2476 | N/A | C:\Users\Admin\AppData\Local\Temp\1000246001\newfilelunacy.exe | c:\windows\system32\sihost.exe |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads local data of messenger clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\fu.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000031001\\fu.exe" | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\ladas.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000032001\\ladas.exe" | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\dota.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000225001\\dota.exe" | C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\198d3483-247c-4a29-937a-8877ccf351ae\\DDF3.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\DDF3.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Drops file in Windows directory
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\C394.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\C394.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\C394.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub1.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub1.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521870188905237" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\m.facebook.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000ebaa8665030aba95a508a7c78cb8ba211ba59f5d67eb803e90f45c451445b9be930f83c9087c79a2abd2cad1e083ce8737c9175d8429d9bdca32 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{C9F1D08F-F35D-4F02-8D6F-BA842B88DE97} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fe5dca0f6f5dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "414478379" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "414494975" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe
"C:\Users\Admin\AppData\Local\Temp\1b386767d4fc9e6af99d59f4ec847783c254e88b1195aea57ffeb0991ce4a8a7.exe"
c:\windows\system32\sihost.exe
sihost.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1"
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
"C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1828 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe
"C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.linkedin.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4632 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3708 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.0.1071053009\3201" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 1604 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec10d61-9e8d-4d43-bcfa-6d1f7647db9a} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 1708 240ce004158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.1.2022123896\570702520" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aae4717d-31df-4726-b6d0-0b925e64e60a} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 2120 240ccde5958 socket
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.2.811881810\1072582847" -childID 1 -isForBrowser -prefsHandle 2616 -prefMapHandle 2732 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af26404b-5eac-4273-a8eb-318d8050b336} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 2632 240d1205058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.3.1931902710\621263356" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 2772 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a1d7651-6c96-41fc-bde2-93572b373ac4} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 2636 240d23b8458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe
"C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.4.1538742624\559055011" -childID 3 -isForBrowser -prefsHandle 4544 -prefMapHandle 4580 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24ae46d9-1b48-431e-9229-50633b44a962} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 4568 240d3b85458 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3748 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5180 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\934047325409_Desktop.zip' -CompressionLevel Optimal
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.5.1489405356\1937382299" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4896 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e8a56e0-28c3-4b27-991b-c8efd3fa663d} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 4920 240d4006258 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5812 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.6.1197233136\2104071982" -childID 5 -isForBrowser -prefsHandle 4204 -prefMapHandle 2796 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6077a25e-b596-4b15-a24c-ab6d626fbb1f} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 3060 240ce76b058 tab
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0xe0,0xe4,0xb8,0xe8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.9.1527763561\1856744300" -childID 8 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f488c62-689a-4ae7-be43-753cb85fd3f4} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 5388 240d4659558 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6212 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6248 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6392 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5288 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc00749758,0x7ffc00749768,0x7ffc00749778
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5292 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.8.1016206294\1430938429" -childID 7 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f50d9109-1674-49dc-871b-2b32595e956e} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 5196 240d4659258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.7.1651630910\2107510510" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ebe1bea-f8e6-4c8b-81bd-030ecc2ef3c2} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 4028 240d130af58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1e4
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.11.1782226\215028370" -childID 10 -isForBrowser -prefsHandle 5956 -prefMapHandle 5960 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0ae52d3-55e5-4461-a3cc-be23711aa68e} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 5944 240bb369f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.10.1570433658\937665099" -childID 9 -isForBrowser -prefsHandle 5516 -prefMapHandle 5656 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {635e3cce-3185-4acc-a40a-6a9cc0ca9ac2} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 5636 240ce8b5158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.12.897284582\1735899075" -childID 11 -isForBrowser -prefsHandle 6008 -prefMapHandle 1596 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e98f66b-bd93-47bd-a592-61c7ae29a8a8} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 6000 240d3af9758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.13.1803365649\1164986923" -parentBuildID 20221007134813 -prefsHandle 6180 -prefMapHandle 6332 -prefsLen 26689 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f0f3eca-e61e-4a11-ae39-8d4e818bccf7} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 6320 240d49b7258 rdd
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.14.1639110273\1832157298" -childID 12 -isForBrowser -prefsHandle 4468 -prefMapHandle 6424 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b75dd8f-4123-401c-bb32-a0d95c4071ba} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 4576 240d3bc8c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.15.1000567967\55913740" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6760 -prefMapHandle 6748 -prefsLen 26689 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c668888-69aa-44c6-9893-6e6f7ed64609} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 6772 240d53d5258 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.16.1242893195\510791296" -childID 13 -isForBrowser -prefsHandle 7000 -prefMapHandle 6996 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60193a0c-f12d-4826-b6e7-a34bab5d1c3d} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 7012 240d5787e58 tab
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 --field-trial-handle=1432,i,4901574039650150741,12970997700311158691,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5836.17.687339367\467527790" -childID 14 -isForBrowser -prefsHandle 6956 -prefMapHandle 4576 -prefsLen 27380 -prefMapSize 233444 -jsInitHandle 948 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ae19609-1dac-4813-a506-555517e74d6e} 5836 "\\.\pipe\gecko-crash-server-pipe.5836" 6120 240d3bc8358 tab
C:\Users\Admin\AppData\Local\Temp\1000237001\dayroc.exe
"C:\Users\Admin\AppData\Local\Temp\1000237001\dayroc.exe"
C:\Users\Admin\AppData\Local\Temp\nine.exe
"C:\Users\Admin\AppData\Local\Temp\nine.exe"
C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe
"C:\Users\Admin\AppData\Local\Temp\d21cbe21e38b385a41a68c5e6dd32f4c.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 384
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 364
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 400
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 620
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 692
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 724
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 752
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 592
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 796
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 796
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 808
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 808
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 792
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 824
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 600
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 840
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 892
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\1000238001\monetkamoya.exe
"C:\Users\Admin\AppData\Local\Temp\1000238001\monetkamoya.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /im "nine.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\nine.exe" & exit
C:\Windows\SysWOW64\taskkill.exe
taskkill /im "nine.exe" /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 984
C:\Users\Admin\AppData\Local\Temp\1000244001\goldpricem12334.exe
"C:\Users\Admin\AppData\Local\Temp\1000244001\goldpricem12334.exe"
C:\Users\Admin\AppData\Local\Temp\1000245001\daissss.exe
"C:\Users\Admin\AppData\Local\Temp\1000245001\daissss.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 572
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000246001\newfilelunacy.exe
"C:\Users\Admin\AppData\Local\Temp\1000246001\newfilelunacy.exe"
C:\Users\Admin\AppData\Local\Temp\1000247001\lumma123142124.exe
"C:\Users\Admin\AppData\Local\Temp\1000247001\lumma123142124.exe"
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Users\Admin\AppData\Local\Temp\1000248001\new.exe
"C:\Users\Admin\AppData\Local\Temp\1000248001\new.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 1132
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
C:\Users\Admin\AppData\Local\Temp\C394.exe
C:\Users\Admin\AppData\Local\Temp\C394.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 492
C:\Users\Admin\AppData\Local\Temp\DDF3.exe
C:\Users\Admin\AppData\Local\Temp\DDF3.exe
C:\Users\Admin\AppData\Local\Temp\DDF3.exe
C:\Users\Admin\AppData\Local\Temp\DDF3.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\198d3483-247c-4a29-937a-8877ccf351ae" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\DDF3.exe
"C:\Users\Admin\AppData\Local\Temp\DDF3.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\DDF3.exe
"C:\Users\Admin\AppData\Local\Temp\DDF3.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe
"C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe"
C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe
"C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build2.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 2040
C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe
"C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe"
C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe
"C:\Users\Admin\AppData\Local\6e7e9738-e48d-4e3b-8ab5-72f57b8917ae\build3.exe"
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Users\Admin\AppData\Local\Temp\9723.exe
C:\Users\Admin\AppData\Local\Temp\9723.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\A03C.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\A5AB.exe
C:\Users\Admin\AppData\Local\Temp\A5AB.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\ADCB.exe
C:\Users\Admin\AppData\Local\Temp\ADCB.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\1000250001\for.exe
"C:\Users\Admin\AppData\Local\Temp\1000250001\for.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\bott.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\bott.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe"
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\asdjijjjjj.exe
"C:\Users\Admin\AppData\Local\Temp\asdjijjjjj.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Local\Temp\1000252001\Amadey.exe
"C:\Users\Admin\AppData\Local\Temp\1000252001\Amadey.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| US | 8.8.8.8:53 | 32.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.10:443 | tcp | |
| GB | 216.58.204.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 152.199.21.118:443 | tcp | |
| FR | 152.199.21.118:443 | tcp | |
| FR | 152.199.21.118:443 | tcp | |
| FR | 152.199.21.118:443 | tcp | |
| FR | 152.199.21.118:443 | tcp | |
| FR | 152.199.21.118:443 | static.licdn.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| FI | 109.107.182.3:80 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.23:443 | udp | |
| GB | 163.70.151.35:443 | udp | |
| GB | 216.58.213.22:443 | tcp | |
| GB | 216.58.213.22:443 | tcp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| FR | 152.199.21.118:443 | static.licdn.com | tcp |
| FR | 152.199.21.118:443 | tcp | |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| GB | 88.221.135.104:443 | platform.linkedin.com | tcp |
| GB | 88.221.135.104:443 | platform.linkedin.com | tcp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 13.107.42.14:443 | tcp | |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.169.42:443 | tcp | |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | udp | |
| GB | 163.70.147.35:443 | m.facebook.com | tcp |
| GB | 163.70.147.35:443 | m.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | static.licdn.com | udp |
| GB | 172.217.169.42:443 | udp | |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| GB | 88.221.135.104:443 | static.licdn.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 13.107.42.14:443 | tcp | |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| US | 8.8.8.8:53 | rr1---sn-q4fl6nd7.googlevideo.com | udp |
| US | 173.194.140.198:443 | rr1---sn-q4fl6nd7.googlevideo.com | tcp |
| US | 173.194.140.198:443 | rr1---sn-q4fl6nd7.googlevideo.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 173.194.140.198:443 | rr1---sn-q4fl6nd7.googlevideo.com | tcp |
| US | 173.194.140.198:443 | rr1---sn-q4fl6nd7.googlevideo.com | tcp |
| US | 173.194.140.198:443 | rr1---sn-q4fl6nd7.googlevideo.com | tcp |
| US | 173.194.140.198:443 | rr1---sn-q4fl6nd7.googlevideo.com | tcp |
| FR | 152.199.21.118:443 | tcp | |
| FR | 152.199.21.118:443 | tcp | |
| FR | 152.199.21.118:443 | tcp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| GB | 163.70.147.35:443 | fbsbx.com | tcp |
| GB | 163.70.147.35:443 | fbsbx.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.35:443 | fbsbx.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.147.35:443 | fbsbx.com | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| GB | 216.58.213.22:443 | udp | |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent-lhr6-1.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent-lhr8-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent-lhr8-2.xx.fbcdn.net | udp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 16.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | rr3---sn-q4flrnlz.googlevideo.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| US | 74.125.3.136:443 | rr3---sn-q4flrnlz.googlevideo.com | tcp |
| US | 74.125.3.136:443 | rr3---sn-q4flrnlz.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 136.3.125.74.in-addr.arpa | udp |
| US | 74.125.3.136:443 | rr3---sn-q4flrnlz.googlevideo.com | tcp |
| US | 74.125.3.136:443 | rr3---sn-q4flrnlz.googlevideo.com | tcp |
| US | 74.125.3.136:443 | rr3---sn-q4flrnlz.googlevideo.com | tcp |
| US | 74.125.3.136:443 | rr3---sn-q4flrnlz.googlevideo.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 216.58.213.22:443 | udp | |
| GB | 142.250.179.234:443 | udp | |
| FI | 109.107.182.3:80 | tcp | |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| GB | 142.250.179.234:443 | udp | |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.187.238:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | scontent-lhr6-1.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent-lhr6-1.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent-lhr8-2.xx.fbcdn.net | udp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent-lhr8-2.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent-lhr8-1.xx.fbcdn.net | udp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent-lhr8-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 157.240.221.16:443 | scontent-lhr8-1.xx.fbcdn.net | udp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 20.42.65.92:443 | watson.telemetry.microsoft.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 216.58.213.22:443 | tcp | |
| GB | 216.58.213.22:443 | tcp | |
| RU | 185.215.113.32:80 | tcp | |
| US | 20.42.65.92:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| GB | 216.58.213.22:443 | tcp | |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 52.182.143.212:443 | watson.telemetry.microsoft.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| GB | 216.58.213.22:443 | tcp | |
| GB | 216.58.213.22:443 | tcp | |
| US | 13.107.42.14:443 | l-0005.l-msedge.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | ponf.linkedin.com | udp |
| US | 8.8.8.8:53 | ponf.linkedin.com | udp |
| US | 144.2.9.1:443 | ponf.linkedin.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ponf.linkedin.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 52.182.143.212:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 1.9.2.144.in-addr.arpa | udp |
| US | 52.182.143.212:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | fbsbx.com | tcp |
| GB | 172.217.169.42:443 | tcp | |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.187.238:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.187.238:443 | youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| FI | 109.107.182.3:80 | tcp | |
| GB | 172.217.16.238:443 | www3.l.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 144.2.9.1:443 | ponf.linkedin.com | tcp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| GB | 88.221.134.88:443 | platform.linkedin.com | tcp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 88.134.221.88.in-addr.arpa | udp |
| US | 34.107.243.93:443 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 34.149.100.209:443 | tcp | |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 34.160.144.191:443 | tcp | |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 88.221.135.104:443 | platform.linkedin.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 34.117.237.239:443 | tcp | |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5e6nzl.gvt1.com | udp |
| DE | 74.125.11.102:443 | r1---sn-4g5e6nzl.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-4g5e6nzl.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5e6nzl.gvt1.com | udp |
| DE | 74.125.11.102:443 | r1.sn-4g5e6nzl.gvt1.com | udp |
| GB | 142.250.144.127:19302 | stun.l.google.com | udp |
| GB | 142.250.144.127:19302 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.11.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.144.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:50270 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| FI | 173.194.221.94:443 | beacons2.gvt2.com | tcp |
| DE | 142.250.186.99:443 | beacons.gvt2.com | tcp |
| DE | 142.250.186.99:443 | beacons.gvt2.com | udp |
| FI | 173.194.221.94:443 | beacons2.gvt2.com | udp |
| N/A | 127.0.0.1:50287 | tcp | |
| US | 8.8.8.8:53 | 99.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.221.194.173.in-addr.arpa | udp |
| US | 13.107.42.14:443 | l-0005.l-msedge.net | tcp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 44.227.167.82:443 | tcp | |
| PL | 93.184.221.240:80 | tcp | |
| PL | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| SE | 192.229.221.95:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| PL | 93.184.221.240:80 | tcp | |
| PL | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 34.149.100.209:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| GB | 216.58.213.22:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| GB | 163.70.147.23:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| PL | 93.184.221.240:80 | tcp | |
| PL | 93.184.221.240:80 | tcp | |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | tcp |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | tcp |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| DE | 144.76.1.85:18574 | tcp | |
| US | 8.8.8.8:53 | 85.1.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| FI | 109.107.182.3:80 | tcp | |
| RU | 185.215.113.67:26260 | tcp | |
| US | 8.8.8.8:53 | triangleseasonbenchwj.shop | udp |
| US | 104.21.77.52:443 | triangleseasonbenchwj.shop | tcp |
| US | 8.8.8.8:53 | 67.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.77.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gemcreedarticulateod.shop | udp |
| US | 172.67.152.52:443 | gemcreedarticulateod.shop | tcp |
| US | 8.8.8.8:53 | secretionsuitcasenioise.shop | udp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 8.8.8.8:53 | 52.152.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | claimconcessionrebe.shop | udp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 8.8.8.8:53 | liabilityarrangemenyit.shop | udp |
| US | 172.67.182.52:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | 152.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.182.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | 70.89.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | trad-einmyus.com | udp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| RU | 185.12.126.182:80 | trad-einmyus.com | tcp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | 182.126.12.185.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | brusuax.com | udp |
| AR | 186.13.17.220:80 | brusuax.com | tcp |
| US | 8.8.8.8:53 | 220.17.13.186.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 172.67.139.220:443 | api.2ip.ua | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 172.67.139.220:443 | api.2ip.ua | tcp |
| FI | 109.107.182.3:80 | tcp | |
| US | 8.8.8.8:53 | 220.139.67.172.in-addr.arpa | udp |
| AR | 186.13.17.220:80 | brusuax.com | tcp |
| US | 8.8.8.8:53 | habrafa.com | udp |
| KR | 211.119.84.111:80 | habrafa.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | 111.84.119.211.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| KR | 211.119.84.111:80 | habrafa.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | starozitnictvi-znojmo.cz | udp |
| CZ | 62.109.150.108:80 | starozitnictvi-znojmo.cz | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| DE | 49.12.101.249:9000 | 49.12.101.249 | tcp |
| DE | 49.12.101.249:9000 | 49.12.101.249 | tcp |
| US | 8.8.8.8:53 | 24.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.101.12.49.in-addr.arpa | udp |
| DE | 49.12.101.249:9000 | 49.12.101.249 | tcp |
| DE | 49.12.101.249:9000 | 49.12.101.249 | tcp |
| FI | 109.107.182.3:80 | tcp | |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | m2reg.ulm.ac.id | udp |
| ID | 103.23.232.80:80 | m2reg.ulm.ac.id | tcp |
| US | 8.8.8.8:53 | 80.232.23.103.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | mahta-netwotk.click | udp |
| NL | 46.175.144.56:443 | mahta-netwotk.click | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | 56.144.175.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 104.21.94.2:443 | resergvearyinitiani.shop | tcp |
| RU | 185.12.126.182:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | file-file-file1.com | udp |
| RU | 185.12.126.182:80 | file-file-file1.com | tcp |
| US | 8.8.8.8:53 | antiuncontemporary.fun | udp |
| US | 8.8.8.8:53 | reechoingkaolizationp.fun | udp |
| US | 8.8.8.8:53 | mazumaponyanthus.fun | udp |
| US | 8.8.8.8:53 | unexaminablespectrall.fun | udp |
| RU | 185.12.126.182:80 | file-file-file1.com | tcp |
| US | 8.8.8.8:53 | muggierdragstemmio.fun | udp |
| US | 8.8.8.8:53 | bicyclesunhygenico.fun | udp |
| US | 8.8.8.8:53 | pielumchalotpostwo.fun | udp |
| US | 8.8.8.8:53 | fishboatnurrybeauti.fun | udp |
| RU | 185.12.126.182:80 | file-file-file1.com | tcp |
| US | 8.8.8.8:53 | 2.94.21.104.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | file-file-file1.com | tcp |
| NL | 45.15.156.174:443 | 45.15.156.174 | tcp |
| RU | 185.12.126.182:80 | file-file-file1.com | tcp |
| RU | 185.12.126.182:80 | file-file-file1.com | tcp |
| US | 8.8.8.8:53 | 174.156.15.45.in-addr.arpa | udp |
| RU | 185.12.126.182:80 | file-file-file1.com | tcp |
| RU | 185.12.126.182:80 | file-file-file1.com | tcp |
| BG | 93.123.39.68:80 | 93.123.39.68 | tcp |
| RU | 185.12.126.182:80 | file-file-file1.com | tcp |
| US | 209.23.11.171:4151 | tcp | |
| US | 8.8.8.8:53 | 68.39.123.93.in-addr.arpa | udp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| US | 8.8.8.8:53 | 171.11.23.209.in-addr.arpa | udp |
| BG | 93.123.39.68:1334 | 93.123.39.68 | tcp |
| FI | 109.107.182.3:80 | tcp | |
| RU | 5.42.65.31:48396 | tcp | |
| DE | 185.172.128.33:8924 | tcp | |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 8.8.8.8:53 | 31.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.128.172.185.in-addr.arpa | udp |
| US | 172.67.75.172:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 172.75.67.172.in-addr.arpa | udp |
| BG | 93.123.39.68:80 | 93.123.39.68 | tcp |
| BG | 93.123.39.68:1334 | 93.123.39.68 | tcp |
| US | 172.67.75.172:443 | api.ip.sb | tcp |
| FI | 109.107.182.3:80 | tcp | |
| FI | 109.107.182.3:80 | tcp | |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
Files
memory/216-0-0x0000000001280000-0x000000000173A000-memory.dmp
memory/216-1-0x0000000077034000-0x0000000077035000-memory.dmp
memory/216-8-0x0000000004960000-0x0000000004961000-memory.dmp
memory/216-7-0x0000000004950000-0x0000000004951000-memory.dmp
memory/216-6-0x00000000049B0000-0x00000000049B1000-memory.dmp
memory/216-5-0x0000000004970000-0x0000000004971000-memory.dmp
memory/216-4-0x0000000004990000-0x0000000004991000-memory.dmp
memory/216-3-0x0000000004980000-0x0000000004981000-memory.dmp
memory/216-2-0x0000000001280000-0x000000000173A000-memory.dmp
memory/216-11-0x00000000049D0000-0x00000000049D1000-memory.dmp
memory/216-10-0x00000000049E0000-0x00000000049E1000-memory.dmp
memory/216-15-0x0000000001280000-0x000000000173A000-memory.dmp
memory/600-18-0x00000000009D0000-0x0000000000E8A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | 467c273d4a008a3549e1f6be0947a5b7 |
| SHA1 | 4717ff166fb1725c75da0d47dd1753e356bc1caf |
| SHA256 | 97562aa8ac3d15beaab854acd42dd5eebee74f13e26978e4ddc0d02f541a4518 |
| SHA512 | 2c5ef81499e52fc8c04f918c8a68994c7b7b2a869b62200fd29ffc480d5847db38369725ac3fe5fea60498a300beb6a413279accd427ab1b026f1e7fdacb8593 |
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
| MD5 | 4308e3c878d59901c22458f104ecd873 |
| SHA1 | 8e0e66bb98e0d67d9c08a90734b1ef3c7fc685b8 |
| SHA256 | 9831275aa3e13f33fc5541f98e35922894c963e42e8238de9beefa9f7575e46c |
| SHA512 | c52d801ffecfc02740edb6a5a41f32bb4805fc7d3a79ed672936dc463ea115017dd6e57b59f3e5aeeff412f6b94b40b3e4aa422fde905d0e5f7a397f3115da61 |
memory/600-25-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/600-24-0x00000000005D0000-0x00000000005D1000-memory.dmp
memory/600-23-0x00000000049D0000-0x00000000049D1000-memory.dmp
memory/600-22-0x00000000009C0000-0x00000000009C1000-memory.dmp
memory/600-21-0x00000000049B0000-0x00000000049B1000-memory.dmp
memory/600-20-0x00000000049A0000-0x00000000049A1000-memory.dmp
memory/600-19-0x00000000009D0000-0x0000000000E8A000-memory.dmp
memory/600-27-0x00000000049F0000-0x00000000049F1000-memory.dmp
memory/600-26-0x0000000004A00000-0x0000000004A01000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000030041\do.ps1
| MD5 | d769ca0816a72bacb8b3205b4c652b4b |
| SHA1 | 4072df351635eb621feb19cc0f47f2953d761c59 |
| SHA256 | f4cc3a4606856fd811ecbcdf3fc89fa6418a1b3c8f56ca7ff5717713e8f806a2 |
| SHA512 | cf13fd667e71707d63d394391b508f5a1ee5ffa7ac27fe35906e15059e9fccc8ad61e91ce3ffd537e8daa0f6306d130997e9b448a4466407fa0c894917850b64 |
memory/4260-40-0x00000000066B0000-0x00000000066C0000-memory.dmp
memory/4260-42-0x0000000006CF0000-0x0000000007318000-memory.dmp
memory/4260-41-0x00000000066B0000-0x00000000066C0000-memory.dmp
memory/4260-38-0x0000000004260000-0x0000000004296000-memory.dmp
memory/4260-43-0x0000000007320000-0x0000000007342000-memory.dmp
memory/4260-45-0x0000000007530000-0x0000000007596000-memory.dmp
memory/4260-46-0x00000000075B0000-0x0000000007900000-memory.dmp
memory/4260-44-0x00000000073C0000-0x0000000007426000-memory.dmp
memory/4260-47-0x0000000007960000-0x000000000797C000-memory.dmp
memory/4260-48-0x0000000007FF0000-0x000000000803B000-memory.dmp
memory/4260-39-0x0000000071FE0000-0x00000000726CE000-memory.dmp
memory/4260-49-0x0000000007CE0000-0x0000000007D56000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1ijlotxt.50t.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/4260-71-0x0000000008EF0000-0x0000000008F12000-memory.dmp
memory/4260-70-0x0000000008C90000-0x0000000008CAA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | 68ed3552c3a181b7361f396f647055bd |
| SHA1 | 7e1ec23994529c9e7c3b84cb3dcdbb2f26064933 |
| SHA256 | d26e452f8398a4f294b9e7bc5b2deb6e1b98c62106b5134fc5aaa1f51c975a68 |
| SHA512 | 10897774e4f3bc8bff8335c823f36c18e64e958edc707c3789c5e203ea2212633b3c6cb7ee71a19e265331fa1c012bd85e2824c0b8a79c140e1d2bb40fb32a2d |
memory/4260-72-0x0000000009590000-0x0000000009A8E000-memory.dmp
memory/4260-95-0x0000000009150000-0x00000000091F5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | ead3d4cba62cad943dca9fa88139d258 |
| SHA1 | 244e3c37ab41854f5b221653ac42cf26a4faa97d |
| SHA256 | 74228703d2d0dcf060d50f1046edb9d7273d901e50b728afd50a4d42be752674 |
| SHA512 | 7ed4c73369a9e1c7cababd6bb9e04674fc6e1d0c7fb40f46a129b94bff895f9c65413a4875bbcec91f4dddc9b3cf7fbb344cdc87cc9e636dc6843775204f413b |
memory/4260-100-0x00000000066B0000-0x00000000066C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000031001\fu.exe
| MD5 | e1efae373c121ca2af7217ea3b5438cc |
| SHA1 | 4a55e9d2ef8375be276840f7df863752cc1dd518 |
| SHA256 | ee19d3a921d86532a16a44b91e231e1bcb0d4cce18b37c1d3741fd5269996d0d |
| SHA512 | f0b8e455df1ef2c3bc31b680414a3c1c8fc543e3d7e7fe8e6cd54b6821bc95def95152c17ec072c0a709ee355012589123e882b28094f6d95f5bb4ef8da6cabb |
memory/4260-90-0x00000000090F0000-0x000000000910E000-memory.dmp
memory/4260-89-0x000000006ECC0000-0x000000006ED0B000-memory.dmp
memory/4260-88-0x0000000009110000-0x0000000009143000-memory.dmp
memory/4260-69-0x0000000008F90000-0x0000000009024000-memory.dmp
memory/2692-185-0x0000018D5A040000-0x0000018D5A050000-memory.dmp
memory/2692-206-0x0000018D59990000-0x0000018D59992000-memory.dmp
memory/4260-332-0x00000000092B0000-0x00000000092CA000-memory.dmp
memory/4260-337-0x0000000009290000-0x0000000009298000-memory.dmp
\??\pipe\crashpad_2916_RHZWFNUPUQIDZOLJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe
| MD5 | 1da3f3b992212fc4da0f55bc3d4e25ac |
| SHA1 | 1899b5db906847c2f36d880592bf913aab2a49a3 |
| SHA256 | 51cc8f43258f415bd5117fb746736a1ba1a974677b4e3697e732bf441652370e |
| SHA512 | dec89cd41d99352d681655a44a6bd3d987e0a96b65a06a4c05594c301f9e60d524b7a2e2910f33ca40c1804b78d4b3db980b7a9b03369c7982c3549642762992 |
C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe
| MD5 | 81ee75f3d7e6759bd89db0f6da4fedb2 |
| SHA1 | af0e007b664733377fc33253cd5f5fedf6d1722e |
| SHA256 | 8c937c80235369a3d51dbb1b8a91673a50ca888c548ff8b3d7957c42d5578f68 |
| SHA512 | 7289f3f3208bf50e07e8e2a0ef580661b750be8a4470b3406227cfc89f77ff361e3ab634d2cca855bba4d97ffc27d89326462b8ca390a314c33c095ded5fc052 |
memory/5436-408-0x0000000000EF0000-0x00000000014AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000032001\ladas.exe
| MD5 | abec32fdfcace29b398c6c4f5497d3b1 |
| SHA1 | 8cc900525a0cd35625f118710925f072299ae34b |
| SHA256 | 35442dd1c531381e422eb7619025bce2a7f670dd1764b3f918bda2780d859839 |
| SHA512 | 56cc8a484cdc65e56734267dbec524cc2f63815d9bc49263a83e869becaca3215eeb1ef5c3533bd9080667744382dd4b8e9431ada7a858255359f70085b8b925 |
memory/5436-426-0x0000000004B70000-0x0000000004B71000-memory.dmp
memory/5436-432-0x0000000004BD0000-0x0000000004BD1000-memory.dmp
memory/5436-433-0x0000000000EF0000-0x00000000014AB000-memory.dmp
memory/5436-434-0x0000000000EE0000-0x0000000000EE1000-memory.dmp
memory/5436-436-0x0000000004BF0000-0x0000000004BF1000-memory.dmp
memory/5436-440-0x0000000004BB0000-0x0000000004BB1000-memory.dmp
memory/5436-442-0x0000000004BE0000-0x0000000004BE1000-memory.dmp
memory/5436-444-0x0000000004B90000-0x0000000004B91000-memory.dmp
memory/5436-443-0x0000000004C20000-0x0000000004C22000-memory.dmp
memory/5436-438-0x0000000004B80000-0x0000000004B81000-memory.dmp
memory/5436-428-0x0000000004BA0000-0x0000000004BA1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 8a018f5df0c818f74ddca85878733868 |
| SHA1 | c449236141dfcb55f3b4033c79732710bd97298c |
| SHA256 | e4b33f9fec52af9c7a5eff6489916f3df2956ba5d51612e67230f003e311bfb3 |
| SHA512 | ccd48e49f880257b1efdc5ba582b57205e0d747eeaafd70f4618435a0fc1c754e7ca3f58b0b3da35a12ef8ce0448135612f4e0ced3e6bb315ea5ae6d6824fb37 |
memory/600-424-0x00000000009D0000-0x0000000000E8A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 97f3c21383ec73382d6e7688afd963e5 |
| SHA1 | 8d0d9e6d3fafd126ae5b2c4fa647e06171d2949a |
| SHA256 | d700a265c2d281cefda5bb3865b07b333129b26ec4c4891bc81547a0d55079cf |
| SHA512 | 566147321229bf44bd9b5e3aeed1b4637c374557d9aae0da445a895d949372e801d1e78fe69f1bbcfe475a5ea023efbe95db3c897dccd7753c39141db061499c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin
| MD5 | bac8da89335e316fc809a834fa9e0828 |
| SHA1 | 2aae418cb68e700f96871bfd61419c0a60357c20 |
| SHA256 | 0e59890b093f3cd261e34b36e4ba904f5656315269f11b149c0aaff9929efb6d |
| SHA512 | ab51f0a35af61d2e95fc7d081860ce6a9e69a154dfaf3991ae23efd9f99b80a5ac4f284203b757f988326c08dbaf674acaca114cd54e3728520dda5b20d5f406 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\e0e4024e-e9e3-4f91-acea-d3b55fedddad
| MD5 | 467ef7c0881de77cd07956ef15ab6786 |
| SHA1 | 129d6854143eb52773e25530942bc197ad5f6ddb |
| SHA256 | fd9f9a4a55ae227af8dcf072df22b134eb0bb0ac18899fdf25f0bc7a58451c3e |
| SHA512 | 753ea53ff6ca1bff56b6cccdd8319381777f560118b730b440a0112f8a7af360afe42de1180c0695eddf709f0fcc0438a433f2a91f78fbaf861119477f341f57 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\21023e92-7046-46b4-b80c-7aa870c143a4
| MD5 | 5713c9c3971e30bf4be068c758450154 |
| SHA1 | e5a6f47a010610c0f85d578124890abd3e538cf9 |
| SHA256 | 18b097fc9c61e43a266e1525cac902dfca429649034dbb7a3dbf53c1e0b4d3e1 |
| SHA512 | 5d59ec39871f72c92876729698f2e126c89f5f87ae82df400b207b24f30e7af670690498d5c51cfc00a330f7a3e98343cc9c3440b735ecdafff556396fa16967 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 7ab4725439a12ba0f72585e062b3a801 |
| SHA1 | f0fe74bce79d2dec8f2c69aba0ad0ab1edf139fc |
| SHA256 | f9373de9cd4443840fa2514f76dc339ecef4fdc6cb27efc7eb097b60d25baae4 |
| SHA512 | b72c6abf60db174c406c9b8a26974d712c2bd8d3787d7ddaebda972acdbde2d6a00292352b7dba2536dc43510a26bb25066f41a60e9fdcc9241eb7364694a577 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 04056c5ef1974dc972a524a78c35b32e |
| SHA1 | f05f7aef0ed5d87a31dde3b4efc21e1fcef483e2 |
| SHA256 | 2fd5847de3b975e9dc7ab2b484b38cbfa9b9b0d872f4c07d55c5124f881ed50b |
| SHA512 | 1fcea3829ae85fba0629a9d083ca23f41da419d4f5cfc54c17d407cc00517bd8d2cfa497b98b869c7e4d30b74f40144a6f7bd2692e029b1fcc4e847d30b5e956 |
C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe
| MD5 | 900401dd1b109ad90342643fb778263d |
| SHA1 | 3a6e7641a73b82f6935ce4d86cd41c3e9f6bee15 |
| SHA256 | 08b719ca55bcba38447cc866386a6e06f9be6174bc8ca51cea6d032b5284db71 |
| SHA512 | 21c77b2ef06e01d234ca0d0b02b79b44346416752d4b0a25df2d9e5c5453bb4212089a0c30dbb368afc0541b4f1783638309a1432b975d3db9f54ca822b13e74 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EE18K0LR.cookie
| MD5 | 4172a83f88aad452aa5432b40626434a |
| SHA1 | 5a778c5f1f043134e8a1c40b61a2696ad3f5490a |
| SHA256 | ff25a797e29602daa75249b041462e3def0eb1e0bc008dc5a59aadaf2ec14ea6 |
| SHA512 | 6c33336c558c6386b326951ff9ccb237d0cf3b767f80b196fd8a80dcb301a8771024896430f1ab9f25931b6441bbb5d851db74b768d6812492f74506c2c019f6 |
C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe
| MD5 | 831f7228559559fbc051cb690e769afd |
| SHA1 | 8fd5abf443dd700e2d06cd0974236261434b38e0 |
| SHA256 | 3d38ec607a3af71f44a9637719ed551785d6a64153f14e3c51f2cbc135ae8e0e |
| SHA512 | 5b1c95df2e817090f97ad88a56a3678ad68503561a55a6902169b7f6fe629d24121fd68c1f36285f690d464477404586181caa8d160d5832bc809b1ab5c0dc63 |
memory/600-631-0x00000000009D0000-0x0000000000E8A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000225001\dota.exe
| MD5 | 5cdfd3b2d96eca26a8fb3638a58b79ef |
| SHA1 | 708df555d102dc33c2945727aa97dd26841714c0 |
| SHA256 | 4d879075913564bb2edd93c16db20b633b78606308809b9a454f76bac49c832f |
| SHA512 | e48531170f9869eacf38d7dae0431e41aed72f2aca5a34d58bfa432b4db84b8f2db462b2a01950bb2f19872e33a05e75ff5e78efa83cb8213b32e59a36149be3 |
memory/6624-641-0x0000000000240000-0x0000000000D5E000-memory.dmp
memory/600-627-0x00000000009D0000-0x0000000000E8A000-memory.dmp
memory/4260-644-0x0000000071FE0000-0x00000000726CE000-memory.dmp
memory/6624-651-0x000000007E090000-0x000000007E461000-memory.dmp
memory/6624-659-0x0000000077032000-0x0000000077033000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs.js
| MD5 | 8d59e066991dc03587740c246bf3c58a |
| SHA1 | 4bb2ade8e6a1e3610de81b0edfe48ae76644e814 |
| SHA256 | 81d84eead2f49bc6749c08ff5f4e14238580458171179194412b3d6af45df001 |
| SHA512 | 6cf5bf22f7dcf23064e127235378f51fc6e273b54d3a83b4069d14709ee437bf46e3252d43cbc39ab1f40915173c410c8104a700bf3aea76cf06ff99b9e48c5b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TVYRE9XS.cookie
| MD5 | 53a829ecb6f96d986c3e7debe7185b93 |
| SHA1 | 68c25223e82a65c19481c563dcee7c6b6c6fc7c5 |
| SHA256 | 38f8688d58cde0dc3d51629b3f8e84aa7b78054004f211b824fe65ed16995fd3 |
| SHA512 | 3b9f6438281acd6c92054ee58b5f3d61dc114e17fbb9c15d2a71aa31825ec1b3bb27d646dd334cc44cc33bae4d072b3e6889ca42f26b7888990169414b347efa |
memory/1060-719-0x000001C744AF0000-0x000001C744AF2000-memory.dmp
memory/1060-722-0x000001C755970000-0x000001C755972000-memory.dmp
memory/1060-728-0x000001C7559D0000-0x000001C7559D2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js
| MD5 | bd1cd573ce34a10ac56e6a65a18eb522 |
| SHA1 | d5869c17d83acd6c00318f39ddb97db5478ae908 |
| SHA256 | f474732813042d7d6ff7cc83f0c12f805490ffa62c23db9e80631b78c5e1a202 |
| SHA512 | a9ae8038ca2685c721712452bf8b58563729e84c88651c9bd3bc456cdf68a41cca4ce391648d094f270c3290f2bc76d5c0a41177a3282f0670f241cf477ebbf8 |
memory/1060-732-0x000001C7559F0000-0x000001C7559F2000-memory.dmp
memory/1060-737-0x000001C755B90000-0x000001C755B92000-memory.dmp
memory/1060-742-0x000001C755C50000-0x000001C755C52000-memory.dmp
memory/1060-752-0x000001C755F40000-0x000001C755F42000-memory.dmp
memory/1060-783-0x000001C7560B0000-0x000001C7560D0000-memory.dmp
memory/1060-818-0x000001C856780000-0x000001C856782000-memory.dmp
memory/1060-792-0x000001C7562E0000-0x000001C7562E2000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 7e2a1720b0f21e24a85679cd6379e199 |
| SHA1 | 5b6f6e7d4eea77182d2344a945ea057105921d07 |
| SHA256 | bb58e22c96694617fd98f5b74a0ca94115fab6d83ffa6322ad1b2e8108510343 |
| SHA512 | 40a35bea691b05c1fa485137c78bc799db19623d2a5e42b1a87903862ad08d7bc8e4d2b97a7b0e69773ad0d1c8bac986f3ea6155fe8df31d720d52f6c13a8437 |
memory/2988-867-0x000001ADB1580000-0x000001ADB15A0000-memory.dmp
memory/2988-878-0x000001ADA10F0000-0x000001ADA1110000-memory.dmp
memory/1060-891-0x000001C7558A0000-0x000001C7558A2000-memory.dmp
memory/1060-931-0x000001C8572C0000-0x000001C8572C2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A2606STX.cookie
| MD5 | 4006454dba6f4d52af9ab02767b4b883 |
| SHA1 | 3d3eee3f92d3532138b035676a12ef6645cd42c3 |
| SHA256 | 4e6ea3f885284f07a23777bb2d27e15c6bdefbcb6aaddf8e505225d9ea697811 |
| SHA512 | 27847c55cb0112c0d280c220cd37adbf5ff62839a1de88b3a853acd3555deefe748586ced355cdc3652b8a45fa6a555a91573fe72e1a881ad55464404b0b7055 |
memory/1060-939-0x000001C8572D0000-0x000001C8572D2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 53e1425992ea87582d6952658a793c39 |
| SHA1 | 75d5ce3eeb1ee501928f221e15b71d98b609a50a |
| SHA256 | 249cd66bac325e43445bdc9291b18b882c8eefcfed6caaaa011dcb7e14067657 |
| SHA512 | 40fa77cef9391e4ba68c3a80d3e0cedeb9214a4d0cd03310d427756e7f4f7dfbb5c478ceffa00700e35d155251c11f63e170ed8791af2b7f60bb79087b0dfc5e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f6d38556e96bdb48719f20d3648283c0 |
| SHA1 | 669b2a387561e11322bfb9a3824671860512ab40 |
| SHA256 | 45a081b2a78d7804f147e4e9e7f362737d40bda2f17f8119dc4fc5645cd0e609 |
| SHA512 | 6103203deb0ddf8307bf1ba06a81f200babcc73b228168b1a3c3309d4b01680c51c627921db0b43b8025ec4b91489a7a8574cccf786299850c387dba0e7f8190 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | f751b86a9da8042c3270c2ecd3be6007 |
| SHA1 | ed248d72961d64870285aa56e3bad396cf4a1d85 |
| SHA256 | 4270f04da6c7db4a16598bbe755ebb5b6d5b48ff103407afbffa49ef5b381895 |
| SHA512 | 4323830c90d69710ddcc2f1b7167d605485ad3d6125aec603e27d96dedae7ef19fc51d3022f46344d60c0b9d2e6752a3fba2baf808718c062d8afb7123e41278 |
\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 288272e040c562eb7782aad8910f42f8 |
| SHA1 | 46591804ba26c867f65ca87555dec0e244b15fc3 |
| SHA256 | 85902a5acab760f9cc596dfc279a6221f70f54fd0baefc79b9e2acbda212851e |
| SHA512 | fe6aca9d861110e052a8479ac9dc8d8708e2954f7f49ac751f2ce7fb01d5e1d60ad1580b2d18a8391748a9627fda6284784da81330e33ef0afade5c237d8826a |
\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | cc80a2ad8267533494663fc96626c339 |
| SHA1 | 698268aa1151a47a4b8e13ab21ce5048e6f55482 |
| SHA256 | ba73cab84cae123dcbc3c785227c6094d2c62dc7a604fad82ca978018798260e |
| SHA512 | 27cd278411ac765579b2b2e8b70869bc35161f974d1969cf2f8c9df7073dda3b93bba91f607e69cda32a46e0926943e20730e0aae5d60d4432132d6e5cedbcd2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | badedaeccd89362db4f7927e16e57925 |
| SHA1 | 178620a72d8e4ebf5f59f9a050eb1086b0a65f5a |
| SHA256 | a4484462a4f03c72061dfd78c4545be1dff3e1d58b1c9592016f66538202e335 |
| SHA512 | 9efb7de2a09648404f1597460c726639b787f453768b057c6c1ba22527a3d24429bdd2044f108c1975b2dc0f76789e1e4a489283518a7414bee3c2fac03febbb |
memory/2692-975-0x0000018D60400000-0x0000018D60401000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 54c041ff7fc5afebe9e1c0244d77461f |
| SHA1 | 3be9c287163e188e7c27d24e283dacf2d2288808 |
| SHA256 | 2739968fca08800e315870e47f60bd1fef6d1a8e7479a8d34cefb4619697ca41 |
| SHA512 | c95b8ff2d02229ca23cf89f72840a7d8421d6249a35930e6ea767b22c04ad57ff09ed01c4318e413dab2dd7e75a7e848a56c9894fbc6d0191c8671382bf89b0d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SD4HXYCC\9lb1g1kp916tat669q9r5g2kz[1].ico
| MD5 | 3d0e5c05903cec0bc8e3fe0cda552745 |
| SHA1 | 1b513503c65572f0787a14cc71018bd34f11b661 |
| SHA256 | 42a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023 |
| SHA512 | 3d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1e7e80aee58985f2b9bd50ed68dc1f58 |
| SHA1 | 52a886ae42d5f41b38e6d5a7982561b90e51ed87 |
| SHA256 | b14ec5f0053b944a251c2a6e53bcec606bba74e9c0d1a6a2d601a2e011b03c7f |
| SHA512 | 939f85de613a8f5089bd12f804c328caed3e1531220cba19e050d2566a3b59a0cbb8f435f357f58834746cb01993b45e83e5341bd3b9bc82846fd543130b70aa |
memory/2692-977-0x0000018D60420000-0x0000018D60421000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b6b6d2feda83b57dc412aa8abc9f519a |
| SHA1 | ff604b6efdc7b500ddc5937ce9889b7b86909f84 |
| SHA256 | d1a46ac718d6008915e6e9e3892768806a30ea3ea9269a8cddf97f81d0060639 |
| SHA512 | d61bea3e49bb54f3e431e3b19bb950dffecd1c76249e110d67b1d2803323990b0eca05a56dac0b0143354375086b388676715ada8e5911a371739f0ea80da9ed |
memory/5436-1047-0x0000000000EF0000-0x00000000014AB000-memory.dmp
memory/7172-1083-0x000002005C610000-0x000002005C620000-memory.dmp
memory/7172-1081-0x00007FFBEE230000-0x00007FFBEEC1C000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486
| MD5 | e082e5a87c160d5ebdf801e31dbdd7ba |
| SHA1 | 9ef3a34ac2480e907cbcd1db02bce11817fc1f24 |
| SHA256 | b432d58bf3cc22aede82954c453003ccba729d9787d026aa6a71778f5eb0af3b |
| SHA512 | d8ed3ee1331aecea0f489f929b901c66f7cc3e20670c1e3eefaf5aa768c041d4b083676005ddb58085c2144c558453cb6fffe63e1456fbdf6f8faf7c32e7077e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486
| MD5 | c078b0d9119ffb73a8de219bcdcf7015 |
| SHA1 | bc9ee678e3609e64a0218904318eb3f0fea13755 |
| SHA256 | 130ae4e37dc4cf6cfbbcd0db426468f7c9c21fe442e6187d0cbb14433e586538 |
| SHA512 | ceb25b3745db02909f91142fef52238c79a96a52748f1354e9faf4a31268f9f5b4e4dcb7485aae170e6d1c3783f3e25d7f4a3ee4a837592f8a914d5e8513a05b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2916_1703011654\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
memory/5348-1306-0x000002AF9AEA0000-0x000002AF9AEC0000-memory.dmp
memory/600-1317-0x00000000009D0000-0x0000000000E8A000-memory.dmp
memory/6624-1320-0x0000000000240000-0x0000000000D5E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 000b1642f7520e1a63e8650959107112 |
| SHA1 | 7b73a62bf7da97eb7d113dfa4c26d6d6583a331e |
| SHA256 | 1a675b4760a1b87a5fb3c1c3032f02f55ae473de24ef2838aaa0c58846fd42b5 |
| SHA512 | ae72bd276db88236181d3a57e3b88b26c4e673cbaf505ce8e9859d712d787d1aa73ccca1248602ebbb9d5736face3af241b36fdea419c3c84daaa6104790a92a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 72ab30731b9da66d9169ee5114eceb59 |
| SHA1 | 12813f5780b8a70bbbaff20e6698158b5e15a2e0 |
| SHA256 | 79ab9507ea382b0acdaa69ed82dcffaa137d37c5669f4e9f7a029d5604e860c8 |
| SHA512 | d6f2f6bc1b1f3dc09cba2dc58b46c71a8b3fb591ba9a1f241394c6fc80134868c379f3bd26dba1d604caa5a6d5e004c9f868751358b94edb20a8e902e889c399 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583e4c.TMP
| MD5 | a5ba443f995ad029d86a66c25f6575a4 |
| SHA1 | 325c9d76917a97da2bcde4a0be85dd63f303398e |
| SHA256 | 1387817ee51e6128409967e5ddb20857fc132bfed2e9e86ac92d3ee2a0079837 |
| SHA512 | bf670240089b9f78b90be7e1a539d1a87a50c4dec5b441cbab607a14126f07daab91f0a30024a31f6c580642abcf5902b7d70ada45860108ca7cba4a47218472 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
| MD5 | 7deef5b7ffcbfa20a0467ae75e5d116b |
| SHA1 | 02c8688f2e2520897d02d0b3305c2d8c05c954b5 |
| SHA256 | 05273955b75f660f7c1d3e4771d8bf225ab72b80dae864ff905640dfb1a52d3e |
| SHA512 | fe7f9fd07ae24a980037ab93f05cd61e832e64ccdc2b646430acc706373e892dae57c13ef6a3626bdb12e58aa1c4bc48c0407f2e263f57f9d37946fadfd58d90 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
| MD5 | b0a2b624365c4844476ff0681ae3e1b1 |
| SHA1 | d1cecd8b2582f9fc29a5f9bd416a6c572749539d |
| SHA256 | 45c25995008d7ed66e4c1fd77750fdc28a0ae1658d8a8c6a6b0f7b79992f6a24 |
| SHA512 | b0f6b071b9684571b353d7047e905d294b6ba2875059256c8f73334160678e0d788317b773d8424ddac46c6e5b86de693f4854bd7dc51aa7c86a71e356b6c0fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 4700594b7b207537f580e330210a753f |
| SHA1 | 8634d003249cc0c4259989dd5cbe9c1865602d23 |
| SHA256 | 92175541b97c32be432934d39bc3c86bab546d91780616c45c6febfe7e0a0fd1 |
| SHA512 | f50066fb29f0f6063b123b5a15e6848d474e882c55915d1d70cfc0aa9d2602f2d1968978c61f916a16fb3bb4f7230914fcc28edc1c8df15ca709f9a985ee0490 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 27f06672c8b08781943b0f443b9edf75 |
| SHA1 | 0cb821dc97045561a2561aab5f03243cf3d5fca7 |
| SHA256 | aa2d097311af0339a476d512884c75ff470784d59e0b163d2e0a74334fcdcf97 |
| SHA512 | f2d586ddfad367b33472a4394f06e5d391581ab0cdf65b2baf5feb696ebbc57474944dcfb2bf13f5ef80102a0ed62d264aa38cfee80d2bd231a0e4d08435d3d1 |
memory/6240-1478-0x000001BA77B20000-0x000001BA77B40000-memory.dmp
memory/5348-1490-0x000002AF9CA00000-0x000002AF9CB00000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 7a204d478c8dfe822bf86f9103bbd9b3 |
| SHA1 | 7114b36ea1588d9372d730b2ee5dec7a3aee36d1 |
| SHA256 | d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb |
| SHA512 | f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | d25dbeb674e8df39ad3c4d873b745dac |
| SHA1 | 178388e16f9920164fa901178576576afc366ae9 |
| SHA256 | dbc048edeb9b068a4a7b348e649226b09d9650a6325b667cb8b2e698bd9a3bca |
| SHA512 | 8e254f9c872489d5e51e34c2fa1e74f1e2dedef699766fe594de5cee224cfe5fa419ace2c5edfc2dfd98e207ad9e8dd51a1fb0f8705e77db3a940f67463a3d0b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\xa77bdp\imagestore.dat
| MD5 | 86422eb907501b3591bd2c0a927e57fa |
| SHA1 | eccb1b2c25946bf7cb6fdf6b426fbf4b2699e043 |
| SHA256 | bbc73ddc4b4deebc71db39c2dc04f6492b1ce108646c36a3ad006e105f922da2 |
| SHA512 | 7150c13922541caf8aee7c39ba282c105cbbb2cd9c130d995502c99abf5b4b84d68d196b710909bfaf2e6be3f4aded02f486bc36d1a9f00723a498b093b9b9d1 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 2afdbe3b99a4736083066a13e4b5d11a |
| SHA1 | 4d4856cf02b3123ac16e63d4a448cdbcb1633546 |
| SHA256 | 8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee |
| SHA512 | d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | c941f5b29032749b3de0917848873752 |
| SHA1 | 10ea034d57bbc84295175714994abed64e18d252 |
| SHA256 | 5115df6a57a9f5ed50fe866cc2efbd6e84368ebacc12afd53cc46cf3333919ef |
| SHA512 | 78bec87366c8e4201449e9af48c1024a6602f7dad884b546eb59f362a289bfdf7cc15668db78d08f303f79fe9cfbcbfc6ddfe400340cd9e3fe7f9dc093c875fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | c1164ab65ff7e42adb16975e59216b06 |
| SHA1 | ac7204effb50d0b350b1e362778460515f113ecc |
| SHA256 | d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb |
| SHA512 | 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 56735d0d02f58110c95055d28ff1d75e |
| SHA1 | e02842d5d16f0c3a1736feee8618b91458beeb7d |
| SHA256 | d721f074953aeda94bf1cbf78ddf8e380e20b6e64276ed3c96c73c1d24ea95a4 |
| SHA512 | 527a1742266acdf35d9e0d5eb511f3a9abeeef6ab94e221851bc1f096af817bdfc9df98e7569ee3689713713f72062ea8b2d8a89a9b4d185abdf0a082451e15f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | b63bcace3731e74f6c45002db72b2683 |
| SHA1 | 99898168473775a18170adad4d313082da090976 |
| SHA256 | ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085 |
| SHA512 | d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 3669e98b2ae9734d101d572190d0c90d |
| SHA1 | 5e36898bebc6b11d8e985173fd8b401dc1820852 |
| SHA256 | 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a |
| SHA512 | 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2e0dca74c094c174f7c1268d8403da42 |
| SHA1 | 2299251d204dd55a618fdf596ad982cfcfce8ba6 |
| SHA256 | c633b18acbc6fe42b7d053eca403f9d3c0374db088888a6388b2571ba8d13317 |
| SHA512 | 0a24421215e098be26fee57824fe93215fc5490798a123cf988662e215f4481bae402b9734627f4c03a2b75f997e0be809aaf5f5f41b092e711834bc97bfc983 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 454cb8d6ad6f5f0275bf4cce439da262 |
| SHA1 | 332e5af4b0244e04d600d502899abfbacabffb58 |
| SHA256 | d2fe7deaf3eeaabdadda18b18bee1492936867fe452d5118a09a3d8fa98392d8 |
| SHA512 | c1d3f3cb15fe8b814e4133470fb74f0045e5ce1a59f4cf99dc3d2e34d67daa421a251b4b29fb4daec356af561892cb8057635aa6aee7578d54112201e5d6e840 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 70a0834533e0deacda308fb599fdfac5 |
| SHA1 | 110e44013ad0bdccb7b7b2030f34e7a0b28d0520 |
| SHA256 | dbc37d53b5e1cc72f4d27a140d057cf175c6d96600806213293b9a8b6f99d194 |
| SHA512 | 38ab56268fc3d32cbe4a9e95ca13fa39ef57dde1103baca80399f2a14c2e0176cfc279727b1dbb54f8fda65d518a34d1d0ed142c21d8866d800d22a751fe621f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 063bfb735c2aeccabc8e3f67b18a2827 |
| SHA1 | 19e144888b97cad508b1ffeef49bbfccc9ba3500 |
| SHA256 | 285fc91769485480f3f4ee4169cda8b82cfdb43a5f1ceebf427770fdd89b1938 |
| SHA512 | c4b8ec4738f89e58a23dfe45a642708de2b4b52364740cc335456f86138f1fb363e6b435cdf4475e14e902af3cffa1095a9950e28cbac37237612768d6a7f39a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\76WUZIPK\4UabrENHsxJlGDuGo1OIlLU94YtzCwY[1].woff2
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\doomed\6539
| MD5 | 66eaacdc689509ba3be2186f576f8c0f |
| SHA1 | 7fc51bbcdc914cbadd61125dcedc5c16f7ffa02e |
| SHA256 | ffed6ef3ca19d826cdf2d5b038a1f5cd56ac1401f4006e250361aa51d0f68c74 |
| SHA512 | b183afa7b8f1ca6854d038696c47bc39dbfb9b5d0f36795886c68fd36da06dcf951b38984433ba5255ca9c6d4e42e8058a14d162d4c11ec94325fe5f050c67ea |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\036BHZ3G\accounts.google[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4790b051a5500bc2afb8cc2568c5d6c6 |
| SHA1 | a0b2dd26d9473eb9279da989ab3cc884add19383 |
| SHA256 | 570bf1405367dfa62ee80a2680fea666c31cbafbb0b8fa9f27d973d1e4960e86 |
| SHA512 | 70053158ada2ba90b99b40909480d5270fa0c3c916004d59c0c4195ce55028f8b06fd22339c78175a534a28d697397574c1660fa770f08da7a447786a3597b22 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js
| MD5 | c7849450bd66efbb9adb1222cfc431cb |
| SHA1 | bf417fa93ab505215d2c1dc2fe1b5b33e0e9c3cc |
| SHA256 | a46a9790600a1b170d1e405528d90bdd57147466dff143ef1252cd1d213795ee |
| SHA512 | 25763a3917d7e0271f63779aadf5b6a84c625ca46d6c7b827feeb8636811bdabc49e2fb7620b2bbc2b803ca122190c68cdc6563aa5bdd1328f098dac7d0273c9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\doomed\239
| MD5 | 8cc9a375ad7f230d833772f02905285d |
| SHA1 | b3620b1ca96b696358a0f87281276ea917bc5426 |
| SHA256 | ee8aec93b0596228a2888e8febba542a4dc5fb3cf207fc342025fffb020ecf77 |
| SHA512 | 62fbfcf6aefc39401dfef103af297083460fb5ab156bd30185c6cf95ddbb8c16133dd80107989eeedfc66e26b0141a2564d4441ef5d1f046af3af927fd61af83 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3LITF917\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\08BF12384BE96F3D4359047C547BA09E62A5DE75
| MD5 | 5f44a2d378cb580fb2931e61ce607c70 |
| SHA1 | 3fbf6b29d54b1f4ab2c5ede59537455d7c874070 |
| SHA256 | 8f8df313ead6dcce1643cd660933cfbc82530ff1645c3e15636ad2c51eeefd04 |
| SHA512 | ee2401b5a766efcfbea12713bd5adbbfe406809bb27d2238e8ee9901347776849ad3973d4b26c522c0d1ce63d187900e3d7e0d4f66de4aca1649b09731d8a609 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0b83a132ade0ba0c9cbe19b55c79ae52 |
| SHA1 | 99b18f480cc13e1c8350677eb54ca2cd6f630fea |
| SHA256 | a952dd1a7d1d80fd283c8467d2328ca30cedb2f606ae289fe705627d13a89d11 |
| SHA512 | 1a1dc33c47ca45b1590d6cdaea553f3f15556e0ae4d80f0a01e44554af32c413244f9a1a0846e3156031ad59e32e1c90abb1a1a246f846700901eb3644d6c3c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589a28.TMP
| MD5 | ac6853216b418cc51d918b9c0c3ef607 |
| SHA1 | d46f48c6f2e587851e3594ddae307f93d47a744a |
| SHA256 | eaf44a6752c06d87e0149e6e73f7478647c1d8829c3bc3f49a3b55f33fb562a4 |
| SHA512 | 1c0dcefefbdba9f902a361399d258a12b427c0823ae5f1bc72c735943c38350f8c115570ca55fee47d18e2e4831a15f47c799dfb8e7af69ead7ca0c03e60b9b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\93\{cb2f7863-46b8-4866-9e4a-90d4c986d65d}.final
| MD5 | 2a252393b98be6348c4ba18003cc3471 |
| SHA1 | 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598 |
| SHA256 | 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee |
| SHA512 | 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\599ED0EF31CAD4FEF69926D3A322C3A0364B4B00
| MD5 | b1ac6147a22e79ca1c05da8c9bea9480 |
| SHA1 | cf05a0f6cb0515050be3936e013f8fe52f5e73f9 |
| SHA256 | a24da0df77e8d5513166cd4f577166881e3af17afc52ce169a55ff4cb3ce5b17 |
| SHA512 | 17bdb4988fc3fc5aaed4383cde36ad9dd14a82d963dda5b1c19d11c5c6af7a9919f9f34560e3313abe887c7d7e859cf1c8e8000823342e9caf2ac5d7a1943c04 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\idb\4200854728yCt7-%iCt7-%rae8sdp8o.sqlite
| MD5 | e74c288c8bcd14ce5fc68b8bd2441080 |
| SHA1 | d8607fa57a316188381a3b1bfbc86f1c939d1a64 |
| SHA256 | 2abb6dac07020038bf8705711f5483224268bab1917b66143e4e39a4fcafb384 |
| SHA512 | 3b81ab1607202230d6f6313d5d41e011eeb02df4410a2a173bcba4374feb67cffb2aea214d1191eb935b496e79d43ee5f22797699940b0dcd00ff26c5e7c4fa2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\C70C316DA3599F2A2E36C6AE2D5C4D9991A1CE4A
| MD5 | 21806c33e5b12e1957285690206f2111 |
| SHA1 | 4f647de512d5879db5173f779602a2f7ffea87ed |
| SHA256 | 76df731d593fe1228adfbebeaa6908702ec7a39d133f9ba53638ddd60e00dbe3 |
| SHA512 | 75e63877ea34c8c437a5ecf5ad77cb2fb87f8c90a1e6cf174daa62a46b842fe158d9259a73eda78f45de0491109949fc5b9bd67256242dbb776d58c08a53229d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\D99632F1A906C944866247FA82705F81634D5CD1
| MD5 | b871c1a1d201040e461acfb3eb01b03c |
| SHA1 | 6145c164abac7977d8a5eae3a8d66e718364915c |
| SHA256 | 6c188452ca71493ca4bb9cd20c5a3d7b2fac957b0ce4e34c90a8a9e46a4eb0f5 |
| SHA512 | 15d0b97431d9c9fe393de503d63c8b723f2b39b55e787135069b3b5fd9daac5d15ff3b725179d04a8f5f99951ae4a355ce3fff62df8bc7d71d0a203695e8fd67 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6NB6O71M\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2347260d51ca4432a4e32c56da8fd8ee |
| SHA1 | 4213514ddd51fe8b59081bc50553bb3ca088867e |
| SHA256 | 2ed90a272782038569b2c27c16b38262d88d91ac2bf97c0d689bbef4cbf8a5c7 |
| SHA512 | d83753764332790e8198b72a7363e2aa4ef3624c7bf34f9758a64a1379e83171408adc9aec6226dbd8a50b41fbbb01b1e379214257beef726144322bc915eceb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
| MD5 | aac9daa9fbd0a896f415cb631da7f954 |
| SHA1 | 94e7321a4d9cb4f42d662f5685a36920807c8c38 |
| SHA256 | c9da818db49a51bb93b938ccaf2941b1b3df40f0d1a8e8710cd14284b5c01715 |
| SHA512 | 2dae89fdacc8c85ec21603c7ebe3b4f0d8362ea3678670c079745bde82737757c110f5d66ffe53559a8331a49a809005813e12b830941f0f72707ed43ebcc4b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
| MD5 | 27a05b77e7bba6c2b279f1a67cd6acef |
| SHA1 | 3164de3d460475f745bba673aecd9f7d799d7509 |
| SHA256 | 71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83 |
| SHA512 | 5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 05cab42dd8898cb922dff2a4b8d6648a |
| SHA1 | 1d65a726de2f788c331931189e9d8b3d999c46ad |
| SHA256 | 5e2fc539637859876b6edee8f58a6e4d99f0dfb9226287cc271165613c7b8f7e |
| SHA512 | 0db5a855c730e452d86da48e91d5cb407fdef7dad59aec0019e5aa1232b54447b8d3965600571fa93cb55361001543ec77b8681f8878c5b9f97098ec4d49561d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\750F96FAD3E6147BA74D9CDFF4C33D1FDD0D8AB5
| MD5 | 6d94773c60b710ed11c1519ca275e0fb |
| SHA1 | cda85b018965e0088217998e1222f6d54c1fde57 |
| SHA256 | 48aa2b85deb0fbe50b13bac0689dc560a31bc24db36e3856611b80552f7843ed |
| SHA512 | 9491b28572305c3271cdd8a32805a6fde6d4c4beda2166e3836b6cf2704d5daec84c3729e06e57fec4646647905c0639621c14e65c3d4c49f54145eeb710d8e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1f4f378777787099e33de3fbbb1288ad |
| SHA1 | 1e7ac6d75f7db29fcc6725fc13d4143d7b1e2d2f |
| SHA256 | 3937adb246ec7e3feb755fc11ce4d64c564f9f760b8dff43c83e38ffe74321a5 |
| SHA512 | 03b51bbd2b06c2c89d98e34a00e4ee27044b932cf8cc1f34e9ad42d337a29c53381f6ed4a2ed244a530bf2560776edbacfc191986dc7b39f92320cb65a79de1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | 9f0a32a9c9a5e2aa225b1e004299f881 |
| SHA1 | 337a81eef269d6885bd4e4806ae751a911970e49 |
| SHA256 | 22a8782003e60d456152a837be29662a9e0b627f18ca5be0bbd71f48afa728b3 |
| SHA512 | f702867dd2810e6cf21484b5db3a896be3626b9f4182ece125fcbddf595b8b9898998f417c78581cec6689059436d56a28d2156b76cd4bd835edd80d79eb730d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5858dacc-ab51-4b25-a5ea-9a3f45afa3ff\index-dir\the-real-index~RFe58ec4f.TMP
| MD5 | 47fe479419d107f6a16505a0d2b9351e |
| SHA1 | 05c20393b101bb201f31c940778caff8f1e64dbd |
| SHA256 | 6d5288ba21c8158e485cb5bdca0193d1832211dde2bc089956d66aa4839e410f |
| SHA512 | 752b9c39876cf94899922e3c6661aa7abcdee22fc6671835042807f57e61a670c1ca78efc4f660b2756e63b16ce4f78ab5300903490954ff271812820ff9809e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5858dacc-ab51-4b25-a5ea-9a3f45afa3ff\index-dir\the-real-index
| MD5 | ff3f99512b379d78bf2538fde9761374 |
| SHA1 | 29ab2a9c9c8eab5117658ef33c19f4e6c9311ac1 |
| SHA256 | b305978a55320cac91f4a602c47b251db0efd97e66c574cfc6fc8a539ac680ec |
| SHA512 | 4b3b5a997aac157dce73ee8f49134dcf79378f4f4b38974e27654aae8aab054dd593cc46fffe5399c321a3c09893490347cbff856c7b72bc920e085335e80416 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | cf69305e9b16da3b69a0a56152e95997 |
| SHA1 | e0150632e14a59e348099d9d88c21fcbbb8522cd |
| SHA256 | b553f3ab91f75c7a19386f9d42c41a8c20331da0f4c8def2592a4d7d40b23edf |
| SHA512 | 2a1a1321fa8bbbcf9de6b678254353b1ef11c83b890d7f1512f6b0741b221f173b7e5dc95709dfc5df0df2e1708dfb15ed615fff8e7e88d1cfaa1a8310c357b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8fdf69ff33c55814d38f4d456bc96d35 |
| SHA1 | 80550cc08c0d235b1d2be79d95eda015d731d187 |
| SHA256 | 23d5ea7fb63271bb0491b3d094887a78d3556058253fc731e739bf67dce355e1 |
| SHA512 | 8b7c7c2290bdf4ac57a53fc2b437f7e0a273059f9464058b2edcd5c5a5337323eb90cd82e1c3eca403de8560607f61c45e3edeb3c29686236fda016eb8e928e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js
| MD5 | e606bd8d549ddad7d795e21bc32a9509 |
| SHA1 | 8bdcdc2ca1b77ee70166f4fce19c32c2209ca7b0 |
| SHA256 | 4140a9b76b85643c1eec66fbf9e6a81e5085f306d9fb345a1663f7ee77597ff2 |
| SHA512 | 8e2d81e0509f79540885c42cc704982eb0ffc8e122eb5acfb5beb75cb4e70611c7ccb39096b746b294ca8ca6a85c458be75e018ac62903f9ac0e4cc4ddc8867d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9b495a66bdaac42e3599c35ebda82844 |
| SHA1 | bbcffc0581f1ef0869d5afa0e2dc3577f91c6e42 |
| SHA256 | 089abf95865ffedac0ae4506b9c584b02a1ed0b3e8a32fac359c3f89f8e44624 |
| SHA512 | a99abea48d3a26fc9ab356255e1e6c977b3b8e2598b965b9fb95d1781145c53f86e2ce04603ab02b7449b983222ee3804ea39180b39ebe0fec2080b679aaca33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UNYTHTB8\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\doomed\15122
| MD5 | ec62c1668be2bbeb10ee8d8e2f0fc307 |
| SHA1 | 5877fd29d6324f33ef1c5f18d0bfdb159235413c |
| SHA256 | eed26c2d999737d99ceca5ef5f1dba039257e10f848d1b664930ad5d0379ff52 |
| SHA512 | 6ac127f9078cc77afdada95d12f228e80dcf4f245e54be483ce640239a1e700a33ea74182efa14c734d974ed318395ef240d3274c7575e061a9eca7c64a119af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe592050.TMP
| MD5 | 85bcf5564c4044d23d73048281bcf3b6 |
| SHA1 | e921e5acd616473f6ec2bc3571663e20743d0571 |
| SHA256 | 6794e9ead975c11d28d85898058855cac72dbf0a4a5bea6c558753dd3192eb45 |
| SHA512 | c2efbc6270aebd94c1cd6b265de2a0fb037eaef71898a6d644ab28008ad8a0dc95c639a241648c83ac0d2bc135607a77f1e6de40935269f15fe7be7ce4617ca2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | b495f123e16101f030bb236815a8fca6 |
| SHA1 | 0a60d8597600cfa47f699adcd717a6a6f93e3c72 |
| SHA256 | 65df22c3b4f3649dde905982dc35fb2b34cbdc39d09494b16460218e1ba608d4 |
| SHA512 | 5bd40c8a754bec8a0cef2d49724cca3a802a07920b94266d85843a23cb6a76ebd786ae2fb3c8916ef93c003467b205bf98fb08c8ffcc451502dc823be51f98d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 569fa77166a449245d02683f9e807347 |
| SHA1 | 5e74d1b75062d6ab5431e362cc7c1dc0ab2d7b78 |
| SHA256 | f54c3d6c09b3c44e98e9a80b58ab61d22a0eb0aa1e1175d4b7446d00d50f6473 |
| SHA512 | 993ce1e5bd70e4eb5526b2f8b7ebedd736ac34e8775fc54c0d95ce0e3c8a62d0771fa0e4df3d81a214ed71c2e7a2b16847a5a48e5477b072f1bedb9ec8068049 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 22464b604cadfeba564be9d7c36c8f3f |
| SHA1 | d50391baa6c9a24ddc33220511a98684298bf569 |
| SHA256 | 6d659eb5665edc2e0cdd2b69b77d24b9a38d688e86ab90247f1e96ea85268af6 |
| SHA512 | 663eed4d28cd9ce98637b7edd085ab32fcb0c116fed307ab3129d93dbbdcb0a71edd1641b9ab3ea15887aa247d7a30bca6167814cc1eaaee335befa4692a3d35 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3f48b5e9439f265801e565cd77648cea |
| SHA1 | 9f5b96df8d931396feeb3979dca816818d0ed7fb |
| SHA256 | d8d06d2691cd785a2bea5e8684b435a33471bf10fc80711e5ef0824e363d2feb |
| SHA512 | be9aa90d936cf0fd881dde45da044d0fe361a6a89fbebe16bf2519ab828d796eb32e1248ce86293cf8850f529bcabad9ff04a2d2e8c1a24cc51d03d350d62f81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 24d3a206df8dda8e30e522a2af033287 |
| SHA1 | 9cc60751f64b746750fcbd3d508b32b2ce269b18 |
| SHA256 | d7338250b57da0bfaa53c4b8a418dbb5b0ef25a05d574f792229581fea18e51a |
| SHA512 | f90b3f8a60c8b6b433ee29cddf8a37ea160663bd3a40cc0a3485d55dd0e0d153bfdda5010509f6d3cb43aae9894f2ffde187c50eb0c2ed6d0ede957e96f57e8a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\36\{09964c47-8b20-49e0-a9cf-e42878def524}.final
| MD5 | 51bb0fe00991a2ae6707b3aefc583918 |
| SHA1 | 21ec201ebf41ad57faaab02f7961ce5a746e6dbb |
| SHA256 | 97dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a |
| SHA512 | 41863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\21\{6230cc46-ec6f-4065-86f0-6290d3c9ef15}.final
| MD5 | 5b0f165bbdb71faa1bb5b26c4f022e96 |
| SHA1 | 704bbe81e0d8370e675246e1cbb347bf8599aa45 |
| SHA256 | b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f |
| SHA512 | 6c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\245\{2139f804-7b58-4f1a-9878-0c6922e0acf5}.final
| MD5 | 45e25bb134343fe4a559478cd56f0971 |
| SHA1 | 79f18ad0b7e3935c3231ced0edd8ea3c7997ca93 |
| SHA256 | dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678 |
| SHA512 | 9b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\211\{6114a53e-88b7-4ec7-ab1f-68e11870cfd3}.final
| MD5 | be203547ce77fa7a91259437b55c0d1f |
| SHA1 | cff2ff2c9469ac96eff7baaa308cdc886fab804d |
| SHA256 | e5f9c781a4756c64455652d9b4bd944aab9ecc1eef556814c00b1797209f4840 |
| SHA512 | adf00778a63ea8a143f8fbbf61188392a87a376234e17856339036854cff3a5247aed0b1c0b603332e244d348d58402ba58b32f6df6cc8e18f9d8242f6573f71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b37d991cc102cdefcd1f0cc0f395e424 |
| SHA1 | ca3f53f5e4a3b93ff7431a4b873b417dc3889aa5 |
| SHA256 | c11306236e3d23f8701561ae45112f2eb4e9e6ee5fe2ab4adc2289247a4e3273 |
| SHA512 | 61f432a5d29959b428df2d57d809c81820975e03f049f5e83df95fa07d2c945585d1c2db088b8974ff541f78866f68cdf9a7d838f554bdf14e80c3a49b0749fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 07a0daaf2a74c4ef4f68d3a32774071b |
| SHA1 | fb820844886bb5926dee72424a0f74af8a115e01 |
| SHA256 | 50233e29f8234c2d27ac6d6faba24821fb10bd5090b6335523bb4a7edb2775e8 |
| SHA512 | 91fce812553ed8542760afb323587a3374adf17054d7bb53be44dce50c80ead0cc9efcfab94677cda97ae0ff90d4dc1539549aed8827cdcc712f40f3f9225652 |
C:\Users\Admin\AppData\Local\Temp\1000237001\dayroc.exe
| MD5 | 9e4d1c2ddddb0bb9ab403a7540fcb44c |
| SHA1 | 9d3d818c60aca0d501133497055fe43dd1d8f2c6 |
| SHA256 | cb6fd0e4779453133de64e1af45a7489ce2e858f7024b792f03c9be549afb84b |
| SHA512 | 15932b3b10c53ee596101085a0df42218f8c94553cb36d2b5bc384a679288b82eacc5bb52c18ae565426bbccc7c8d4a7a9cbd3df6ee3e60e968de28c0ef8812e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d12375086897a404d242f81077b7f231 |
| SHA1 | e2fc27b13c66eecb82eaaf34ff0a45995e78bd68 |
| SHA256 | fba7de9c6289f1ccc399dda3b3741c24840753daa1e9e5adaab24e53fe862f0c |
| SHA512 | 31f193b17a1754af881241555703ec5c0ea1434c1bd4a149991e10aab7543e88a2607a8e49a47b967c75bfd45c870b11f30ffb4750b107a5b9694306c8015d83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 14cf62bd859f208fa13c13062b8c5db0 |
| SHA1 | b3840a3ab6c0f569d3cea5f5402afa9cc2bea2f1 |
| SHA256 | 7631a9806c63730035c7c47fccb5313c50860164950a986e719e78ec507e096e |
| SHA512 | 77a77ade4d966372ac8a6e13096b54eb4164c6c9c63649118d2f141a1a24846d5ca640f30105d063336585037c1c120579e2352ebf5b4d6a09f6412b6540db8b |
C:\Users\Admin\AppData\Local\Temp\1000238001\monetkamoya.exe
| MD5 | e9adf3fcd6efd04ad2d9fcbb0c652a5d |
| SHA1 | bfe3f7167266c6e17572e801394517513d4b7501 |
| SHA256 | 1e97aba3bea70cedc575c7a181f1782ba7d8a3bd5859960bd46ea3a0663a95a2 |
| SHA512 | 6e0be0d272eea1ca92ea164549b0a4c26f7a89ecdbc85c6998a278eb961c406e43964eb13cd3d573fe063aeb64e8d38a984cee8706747f82610a56a716c0b255 |
C:\Users\Admin\AppData\Local\Temp\1000244001\goldpricem12334.exe
| MD5 | 68777645a0968e2fca74a2fd06eaa2ff |
| SHA1 | f181c91a08e1b85d866a3c3e497ef1a1e298903d |
| SHA256 | df952743ff04bc19bb4e1a3d7e9bb1a172fb60653aa73f9ae619fd5367b8e63b |
| SHA512 | d06acb0ac1465d5b16f3853c940502085946d192547c1912561255e476b9452281abab2ff1e2f29c0937c1367f0581839dccc6816dce2d8cd73a091b4c4beced |
C:\Users\Admin\AppData\Local\Temp\1000245001\daissss.exe
| MD5 | 10a331a12ca40f3293dfadfcecb8d071 |
| SHA1 | ada41586d1366cf76c9a652a219a0e0562cc41af |
| SHA256 | b58eec6e5aabc701404d5b5556c86fff5cc103c69eeda00061e838c4f122288f |
| SHA512 | 1a5b8e77ddbab97bb4c848adbcd7dbfb9ca84307d1844dba9572fcea48a2cbb091a3fc52663b87568416adf18a1338adc07aab0bd5f1ab36a03c8ff8a035d399 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 585c94375bdb9ff01a6abacd6bd80067 |
| SHA1 | a282a25553d3c50dec8412eedd437a445811981a |
| SHA256 | 994ba99a6d48c87d905bf3e473cab5c9a07501313a5d3d611602dc8af0456873 |
| SHA512 | 8f1f3c0279cf2c861513c4846a8e58a63447480954615b1e3838e0c2e9f37902cadc1ad072883b430d65cff0866e3be26181492046357e0274a14e1f6ec523c6 |
C:\Users\Admin\AppData\Local\Temp\1000246001\newfilelunacy.exe
| MD5 | c1982b0fb28f525d86557b71a6f81591 |
| SHA1 | e47df5873305fbcdb21097936711442921cd2c3b |
| SHA256 | 3bab5e1befbdc895d9e36e76cb9a40e59de61a34109c36ed26d7dedcd5db3080 |
| SHA512 | 46dcabbfb57b3665faa76bc6f58b6f252934788acabbf2ba75263d42cac8c013f6feb5992a7043123842a609bdd1b3084f2f0c8b192c2b219b87274d29f8c432 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | f39ad0d585ceb5713a354b63a4fbd156 |
| SHA1 | 3e3f7464bca47a59aba81910c464bd1e7e88be0d |
| SHA256 | c7407a62f0b5dd5b132b75d0895c9cac6e4151113a2384799a124c0350aa04a5 |
| SHA512 | 0de6438d34492d397d7d73f77f85f4ee30d89921452dc22e1fba929010e009bec56d38ff8c68eea5d9792f56afd3b59448976a5ed18fdc9caf3aa6a333e7af30 |
C:\Users\Admin\AppData\Local\Temp\1000247001\lumma123142124.exe
| MD5 | cad41f50c144c92747eee506f5c69a05 |
| SHA1 | f08fd5ec92fd22ba613776199182b3b1edb4f7b2 |
| SHA256 | 1ac5eed2f7fc98b3d247240faa30f221f5692b15ea5b5c1eba3390709cb025c6 |
| SHA512 | 64b89f3a3b667cd81f33985db9c76ffd0bb716ce8ed93f97c24d3c20e7236d91d02af9371a26d41f55b564702bd1f6fd7489055868fcd1610c04beb79ae8c045 |
C:\Users\Admin\AppData\Local\Temp\1000248001\new.exe
| MD5 | f7df4f6867414bb68132b8815f010e4a |
| SHA1 | ff3b43447568de645671afb2214b26901ad7a4fc |
| SHA256 | 2c9490406c7ea631dddcd60f862445faef37c036651636e4bf5e6fe0837c4b42 |
| SHA512 | 0ad9b1544c25ae7814fe1ecdb1cfd466fd14603a6d55749e63ce6b90926ad239f134aef1bcaa0910b79235b8a3873ad11698e17dbd0cfee92fb909f4daf0412e |
C:\Users\Admin\AppData\Roaming\fgwggif
| MD5 | 55f8359ef2f889e04fe418c80bc952ed |
| SHA1 | b2ac224b69c20b721ef9810b79003b513823e55f |
| SHA256 | 732cb080fb5e27e98728c42f77b5dd865faa1f5e840d8113c9f30fa2c3f550c8 |
| SHA512 | 42bfba12e19f399beb54d65dfdb8767584c75264a1f321aee68cb85880d7ac606b3022bb0ab7df72075d3f2271e7d4918c9c7bae7acf6675856bcd21f6fe46b8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
| MD5 | 41b883a061c95e9b9cb17d4ca50de770 |
| SHA1 | 1daf96ec21d53d9a4699cea9b4db08cda6fbb5ad |
| SHA256 | fef2c8ca07c500e416fd7700a381c39899ee26ce1119f62e7c65cf922ce8b408 |
| SHA512 | cdd1bb3a36182575cd715a52815765161eeaa3849e72c1c2a9a4e84cc43af9f8ec4997e642702bb3de41f162d2e8fd8717f6f8302bba5306821ee4d155626319 |
C:\Users\Admin\AppData\Local\Temp\1000250001\for.exe
| MD5 | 8c281571c5fdaf40aa847d90e5a81075 |
| SHA1 | 041fa6e79e9027350c1f241375687de7f8cba367 |
| SHA256 | 0182e73c39240c0e660bbdd4262209f08d767562d4794b7ed5e36a4d4f36b409 |
| SHA512 | b0e481681b02e4cc4f95deff2fa21354f94ad34e6611d97de3a127ae285038164df724f3db27bbf03caa217c3d8dabf77bfdadeaf9af8a1915edacbd35c1c862 |
C:\Users\Admin\AppData\Local\Temp\tmpD402.tmp
| MD5 | 33c32ec1b1a0e4f6df7b671b8d95a056 |
| SHA1 | 9b3c51f765bb28e619001eedccc9fb753c52f41a |
| SHA256 | 90052ce4464d45e82342461b7cfe0bf47627914bb5359b307f40de540513917d |
| SHA512 | 9da8412ccedcdaa847a247e79ab22922cab87ac37b2e69b320967292ea16ba0aab5e5cca0c7bf1cd8a610919628a926d4fd16b41aaf5469eb9b66ced8bb78296 |
C:\Users\Admin\AppData\Local\Temp\tmpD3EC.tmp
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\tmpD48B.tmp
| MD5 | fcc664e3d8d3c8d4ff5bd07b51de86ef |
| SHA1 | 9a65056a528d81d2bdbf142910e8e6a67e03a6b1 |
| SHA256 | 7b9b709ca851141b8eebdd6373971acbf3b28fc19b5305bf35fd57b2d0ca2ea0 |
| SHA512 | 776f9b6d2a31c95bc80abd16622d862fdd53a555c81658544467e4162ef05e9d5a68b841a1efc81dd4172e24c8f8dd6e9d00f627a79c73d9cb5f615bb1cb9c70 |
C:\Users\Admin\AppData\Local\Temp\asdjijjjjj.exe
| MD5 | 57935225dcb95b6ed9894d5d5e8b46a8 |
| SHA1 | 1daf36a8db0b79be94a41d27183e4904a1340990 |
| SHA256 | 79d7b0f170471f44ed6c07ddb4c4c9bb20c97235aef23ac052e692cb558a156d |
| SHA512 | 1b6362bdb7f6b177773357f5fe8e7d7ee44716fd8e63e663e446f4e204af581491d05345c12cd9cca91fd249383817da21ef2241011cdc251b7e299560ea48c0 |
C:\Users\Admin\AppData\Local\Temp\1000252001\Amadey.exe
| MD5 | d467222c3bd563cb72fa49302f80b079 |
| SHA1 | 9335e2a36abb8309d8a2075faf78d66b968b2a91 |
| SHA256 | fedb08b3ec7034a15e9dee7ed4dec1a854fb78e74285e1ee05c90f9e9e4f8b3e |
| SHA512 | 484b6c427e28193ddb73dd7062e2bfbd132ddc72ce4811bfe08784669de30e4b92bc27140373f62a4ce651401000a3c505188620c43da410bf6b0799a0791fa7 |