IOC Report
file.exe

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF0C0.tmp.dmp

Mini DuMP crash report, 15 streams, Thu Apr 25 18:36:14 2024, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF18C.tmp.WERInternalMetadata.xml

XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF1AC.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\rage131MP.tmp

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\02zdBXl47cvzcookies.sqlite

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\3INegG9g_MMlWeb Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\3b6N2Xdh3CYwplaces.sqlite

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\97CwebNjFmiiHistory

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\9xtv4_r0ULbpHistory

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\A0nn51lsZJRNHistory

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\D87fZN3R3jFeplaces.sqlite

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\MQHnFYhPldB3Web Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\NwbTBYLMclw6Web Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\OhQNgUJ0X5NgLogin Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\XQcivVrU5A5HWeb Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\Y9g_BlDmKPtZWeb Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\gUON0R4KuJ74Cookies

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\m3tOv5lvb9V0History

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\sdYAsTf3586cLogin Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\siP8GPpHPPEwCookies

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\vfVkgJBrrUDWWeb Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

C:\Users\user\AppData\Local\Temp\span68JizlX_sufx\zvXv7gzjmXYkLogin Data For Account

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\02zdBXl47cvzcookies.sqlite

SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\3b6N2Xdh3CYwplaces.sqlite

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\6UYtHiDj5kF4Web Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\7PzLqHtz21igLogin Data For Account

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\ATGc9MJX9PreWeb Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\D87fZN3R3jFeplaces.sqlite

SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\FnKWlcBrreY1Web Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\NMxkTlMy11FaLogin Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\PVnzSVZUtU5KHistory

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\S0Pov5vdwAn3Login Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\Tuv7Vpshq2JqHistory

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\_sFxHwGCbLcsCookies

SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\aRmFUB4TfJpPWeb Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\aVbhqrHeZ9kZHistory

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\nKeiourMZbKyHistory

SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\tQzi7j4yFcLSWeb Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\uRAVepYZlvuOCookies

SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7

dropped

C:\Users\user\AppData\Local\Temp\spanFqsK1kll1Gc3\zeSJ9T1kwjwWWeb Data

SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3

dropped

C:\Users\user\AppData\Local\Temp\trixy68JizlX_sufx\Cookies\Chrome_Default.txt

ASCII text, with very long lines (369), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\trixy68JizlX_sufx\information.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Users\user\AppData\Local\Temp\trixy68JizlX_sufx\passwords.txt

Unicode text, UTF-8 text, with CRLF, LF line terminators

dropped

C:\Users\user\AppData\Local\Temp\trixyFqsK1kll1Gc3\Cookies\Chrome_Default.txt

ASCII text, with very long lines (369), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\trixyFqsK1kll1Gc3\information.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Users\user\AppData\Local\Temp\trixyFqsK1kll1Gc3\passwords.txt

Unicode text, UTF-8 text, with CRLF, LF line terminators

dropped

C:\Windows\appcompat\Programs\Amcache.hve

MS Windows registry file, NT/2000 or above

dropped

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 1152

https://db-ip.com/

unknown

http://147.45.47.102:57893/hera/amadka.exe&i

unknown