Malware Analysis Report

2024-11-15 08:56

Sample ID 240708-222bmawdlc
Target 236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16
SHA256 236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16
Tags
amadey stealc 4dd39d hate discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16

Threat Level: Known bad

The file 236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d hate discovery evasion spyware stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Reads user/profile data of web browsers

Reads data files stored by FTP clients

Executes dropped EXE

Identifies Wine through registry keys

Checks BIOS information in registry

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-08 23:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-08 23:05

Reported

2024-07-08 23:08

Platform

win10v2004-20240704-en

Max time kernel

149s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\GDGHIDBKJE.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\GDGHIDBKJE.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GDGHIDBKJE.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\GDGHIDBKJE.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1064 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1064 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1064 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 540 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe
PID 540 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe
PID 540 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe
PID 540 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 540 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 540 wrote to memory of 1208 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 1208 wrote to memory of 3012 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1208 wrote to memory of 3012 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1208 wrote to memory of 4224 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1208 wrote to memory of 4224 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3012 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3012 wrote to memory of 5088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1208 wrote to memory of 2956 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1208 wrote to memory of 2956 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2956 wrote to memory of 3264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe

"C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4328,i,16032378445269040051,10701855434060315937,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\fb5b3aaf79.cmd" "

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8af5cab58,0x7ff8af5cab68,0x7ff8af5cab78

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=4964,i,16032378445269040051,10701855434060315937,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4996,i,16032378445269040051,10701855434060315937,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --field-trial-handle=5480,i,16032378445269040051,10701855434060315937,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5524,i,16032378445269040051,10701855434060315937,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3264.0.640538247\1935123318" -parentBuildID 20230214051806 -prefsHandle 1732 -prefMapHandle 1700 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4279528-e031-4256-9322-926e5305eb82} 3264 "\\.\pipe\gecko-crash-server-pipe.3264" 1812 2052610a858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3264.1.862498934\1432514561" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {507028ab-b602-4755-83c6-42593c21a077} 3264 "\\.\pipe\gecko-crash-server-pipe.3264" 2444 20519285058 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=2052,i,15786152734920523913,16377305218933038099,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=2052,i,15786152734920523913,16377305218933038099,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2096 --field-trial-handle=2052,i,15786152734920523913,16377305218933038099,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3264.2.971638412\583950718" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1924d83d-5b36-4710-bb13-6ab74d3b143a} 3264 "\\.\pipe\gecko-crash-server-pipe.3264" 3352 20528780558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=2052,i,15786152734920523913,16377305218933038099,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=2052,i,15786152734920523913,16377305218933038099,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3264.3.1979281132\1067016814" -childID 2 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92c38056-27e0-4070-9c3b-afdfbad293e9} 3264 "\\.\pipe\gecko-crash-server-pipe.3264" 3076 2052a74ee58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=2052,i,15786152734920523913,16377305218933038099,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3264.4.1581902547\561754326" -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5124 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f876cf33-1a5b-4be7-8011-70687ebbe041} 3264 "\\.\pipe\gecko-crash-server-pipe.3264" 5140 2052cd1f558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3264.5.721140568\898717946" -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5280 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32332cbd-cd64-4bfe-b9f1-a4a72e167b45} 3264 "\\.\pipe\gecko-crash-server-pipe.3264" 5152 2052cd21358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3264.6.1276248906\1627420468" -childID 5 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c9f3815-3ae1-4064-9617-3367e5ecd2fa} 3264 "\\.\pipe\gecko-crash-server-pipe.3264" 5364 2052cd22b58 tab

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=6000,i,16032378445269040051,10701855434060315937,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:3

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\GDGHIDBKJE.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe"

C:\Users\Admin\AppData\Local\Temp\GDGHIDBKJE.exe

"C:\Users\Admin\AppData\Local\Temp\GDGHIDBKJE.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1852,i,16032378445269040051,10701855434060315937,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=4132,i,16032378445269040051,10701855434060315937,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5812,i,16032378445269040051,10701855434060315937,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=2052,i,15786152734920523913,16377305218933038099,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
GB 142.250.200.14:443 www.youtube.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:443 www.microsoft.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 2.18.190.74:443 bzib.nelreports.net tcp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 92.123.142.163:443 www.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 74.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 163.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.youtube.com udp
US 52.33.222.107:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 172.217.169.78:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 216.58.201.110:443 consent.youtube.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 107.222.33.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
RU 85.28.47.30:80 85.28.47.30 tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
N/A 127.0.0.1:49862 tcp
N/A 127.0.0.1:49897 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 199.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp

Files

memory/1064-0-0x0000000000610000-0x0000000000AC3000-memory.dmp

memory/1064-1-0x00000000779E4000-0x00000000779E6000-memory.dmp

memory/1064-2-0x0000000000611000-0x000000000063F000-memory.dmp

memory/1064-3-0x0000000000610000-0x0000000000AC3000-memory.dmp

memory/1064-4-0x0000000000610000-0x0000000000AC3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 4b9a7391462b50d545a25d60d24594a0
SHA1 fde9b2890236e689d33ec30a4d363b9955069588
SHA256 236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16
SHA512 569233265a28bf9dc3b2a93dc128a08fa2bd5c0be19f77e8b1112ec15e3f3ce83a4ae41a2dd4d57af1f9373892c5ecdda4e10f18c768f5e9921a6a91b1f3bdcb

memory/1064-16-0x0000000000610000-0x0000000000AC3000-memory.dmp

memory/540-17-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-19-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-18-0x0000000000AC1000-0x0000000000AEF000-memory.dmp

memory/540-20-0x0000000000AC0000-0x0000000000F73000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\e2ceec7c51.exe

MD5 e6a54ac6b35b2def5a7d9b9699388f26
SHA1 5f8a57b2e8902523bbafc50434f3692fe1d92b74
SHA256 25d515f52e58c10727895f1ee1a269998e37d3b4308e6ac6f1419186c30290a9
SHA512 8cdfb2da836614148507585645613432f7dd802ac8c80b89a4b302c9dfbbc9a96decd4a2df6468843ccfebd479968058d7f184e67026cf6b1d8dd474634c87c4

memory/2616-36-0x0000000000CF0000-0x00000000018ED000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000008021\fb5b3aaf79.cmd

MD5 c1b73be75c9a5348a3e36e9ec2993f58
SHA1 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906
SHA256 a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0
SHA512 fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3

memory/2616-49-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_3012_CUYJQLYUOKEJVNGD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bgt81dxj.default-release\activity-stream.discovery_stream.json.tmp

MD5 f5bee61a4a987f65cd09feaa041bfb47
SHA1 1ef27afb07c6e11999b1cf03f5c89216db9e31c3
SHA256 0e07a6dfde2fb545b7af8527e4cae53b777f698e638e4ce0459f8f16a580ee9e
SHA512 5d07b4af77ce91d41512f55c2ecda6e90e05f0e2d158eb9794542d6218238bd29a9e3068b3ec96523c4479b2b814ec04b535af745833bba8235f947460f5a515

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\prefs.js

MD5 ac21b6544627c1470ec9c986a08c875c
SHA1 e550e0dbc71fbfea73e05e3483c4c08a2bae8415
SHA256 d169a29b763dcb147a8549239f1579a23d83889e484e523913c86b8b5d1bba65
SHA512 dd7d82ec7a0c7922e1907b6853aca17ba582962f06704cbb438dc6f097950d274867e0f457ce48649df81ff6d4ada80320cbe3fd67d62008ea55b5eab503aee2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bgt81dxj.default-release\activity-stream.discovery_stream.json.tmp

MD5 5939593c565018ad74f170aad0c0c672
SHA1 c1ce43556b166e71dad09b45aaf737296a95840d
SHA256 6a778a5580eb3ed856ae0d1f0398b52d208a528d5599482ca4e5476a65316ddc
SHA512 d437d1344e6bca49a6de1d44701aacbd3e1db7e21a3c919820b2a506fd10efa273534cfb57240e8d8593e0762b234cb1689d8ea70e6303219df83dfa97cdcb05

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\prefs-1.js

MD5 018b2fdf85cf138d6562d45c09c79528
SHA1 41fe4864d7d16dc1139ee20aa4166c26af8dfd0e
SHA256 64f4a983e043e2caa0e0b6a65066d157ecfc4e8661fdc2dccdc72a6c3a91d0ff
SHA512 d1b5b6a6ecfa862f6dc6acb28d73ec7fccd2ad3501b0cff6d401b7cf9ed75216447e26686ed30cdd35ecc7127073985b8e5700c4d71575ac2b64624503b51e81

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\prefs-1.js

MD5 a6645b6cfe34a8fe7e2d1f933fb99901
SHA1 8f3fc61cb10cc8cbef363fef12270907faa2710c
SHA256 721b9d85e1bb2d222d11d2c2fe0443d34cd805c5c4ba7403ce6ba336b8fc4012
SHA512 c3048cb98dcc468527e822953f507375ce27750aa937cf6cda50e212e1781ea882fe43f584ba5a676fb19c5da1d31bc23b060ed04bfd65c3c21934a67d41e420

memory/540-192-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/5620-193-0x0000000000AC0000-0x0000000000F73000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/5620-230-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/2616-260-0x0000000000CF0000-0x00000000018ED000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\cookies.sqlite-wal

MD5 80ba15bccd715cf0e0883d13cf7e8a63
SHA1 5a314b34faea49b642373c23ce47e0b1aecc319f
SHA256 4a7eeed937643d1fa94144fe956a01544bd5b718c583eaebedc1a778bb51a4af
SHA512 8ad1a6dc8ce2829cb7593bb25495a637508522666b6ae61cb31db3a9c5843ac7c752054aec43afadf1d367fb8f6d46afe6e2146721956031cc071e75ca253bf7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\places.sqlite-wal

MD5 d382f0475748dc6ebe83a98d2fc9a726
SHA1 08fc3d95268c2809d204f7d193cf400c59d06666
SHA256 c78153608c8ba7853b8e883bb4e9b5420a7b95aa15870bf43fcea76f858b1678
SHA512 ea50b1465c0e50f12d4ede64527919b5e8719312cf60852bd3bf325ec00ec1a66cee41e666c754020448621431b9be4e7d761911cd1db5e7f9d2111465c50f6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 68484dc7a27d2b997e71d172937566df
SHA1 a811a3120c634163795c87042b2df63e57be1bea
SHA256 37df19fd6b8375ad8825b25cb8b4807408b0f819beae8904df9510b7f1dee973
SHA512 f55e80ba27c1c2bb545248d235ae18796f07495b286a3d439f19d6c0e8ffd1bbc0d1b96ceefe301650fc6ca527ae723563d209ac3e9f2c96f3a3bd9facc33e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6aa80a4eb599a3ead98993dec5fc41e6
SHA1 ca8145a80caad1cfb66dc56ee1f559775b48ad21
SHA256 b1da6ae166f897781bffa76be56073bc91fd3cdcfb96fa33c4c3c3aefd1b9e61
SHA512 0a5adf26d2aa2f2b8f6838bd175863a297a4f9e969d6ad8a43623755c1f1ba9cb913d4d1708f6d750743e7bd00bd341d173016b00c95177d808de3913b7a334a

memory/2616-302-0x0000000000CF0000-0x00000000018ED000-memory.dmp

memory/6940-306-0x0000000000FF0000-0x00000000014A3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84a3f7f4a30fe6664b2ab9714c3fd786
SHA1 0cf1ba9b8c5230ae80d1a796d00501cb2dbd1fbb
SHA256 e605afa540bcfb051ecde3332221fe4bdcc7ce7d5797bbb6428e16fb5206df09
SHA512 b9c9bc8970db60be3537cdb8dbc049f14ace387f36aec04773d00b74097af940946e7b362ccfbb784ecea97b7d1a1448fbbaade6f18dc92ffff32a33e73742e4

memory/6940-319-0x0000000000FF0000-0x00000000014A3000-memory.dmp

memory/540-320-0x0000000000AC0000-0x0000000000F73000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\sessionstore-backups\recovery.jsonlz4

MD5 53e066c2caba16fdbbcdb5a0fbc07b9a
SHA1 4194c06ed978a4ff2ea7138436986cd044b93742
SHA256 0fb79e27f4e4061f96aaee0736daf936cccb57215c03ac52180a141a50a706a0
SHA512 1d106b79788a7b71eceb09eff01a153c34d1de5f5b26c730829c8700b7fb69ef257f9b434aca68fd7f7a2fd0f6cb1df8b2afe3523509dabfd1869b5cea2ae6b0

memory/540-335-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-336-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-337-0x0000000000AC0000-0x0000000000F73000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 14453c39c44a61c6d7276f5c5557ade6
SHA1 f638d17d66abddbd00796940b1c81177c34297cc
SHA256 14f32c3e5e53a045e73ba8557f7ff8d15c38166539cd859166c0a674481e25c3
SHA512 9a704a175712cc517a1c88218c972a8e82cfd929e476f8b197ca4aea69b2cfbb9f1a50a30af7097848818ebac073098c9c69fa35154863a7b20d40eb235612dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\prefs-1.js

MD5 23ce7da9d37b66bb6c1cdd0b54fe21c8
SHA1 84b64923865d47058e57b5d79061e35c41f1be25
SHA256 37c93e64ff5d217ea959a0dcd67960fedd3f692096881112f1c20bcab886e0d1
SHA512 86061b8f472d8af7821b68b999b067f56d8fa32965f36cd782a2d9df421e8c7a5c158c9e4b800e4f9548f0cae0788d18a4e785c8f2b5415341e435579b632939

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bgt81dxj.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 81ced3dbab7ff44e2a35b98023e1ec05
SHA1 28386099134100147f5a221e16f0c4486b3c1dde
SHA256 238a46a41e77f50467952dfdf7e85fcac1af1cb415a7186cd3706bdded7d4bce
SHA512 39163f86e9bc41178d5148426d9ff0130490e68a61080588bd83db77ca96551f52d4f0ee9d3d3e638716fc9f6989257f3f75c7a1d8e661c3d14ff0654be000d2

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\prefs-1.js

MD5 c4147f16cebc21dd33bdb69d9ac5dd42
SHA1 a26df0d8eab3483057d675ccbaf04a6f9199c8da
SHA256 710f0de1ae7918bf55af669c0569595f15512b4a530b9ac8afbffa36d5f3bcf4
SHA512 1ba25895e4d806a8fe0670e1a7d85ecf192f5c46dc23b7bb36a1e151ecfd39dd7479895b92ad533b9542bb5dc4b0b3a66ff7bb34d087d9a5de5aab21cf2b7d45

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bgt81dxj.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

memory/540-493-0x0000000000AC0000-0x0000000000F73000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bgt81dxj.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

MD5 483349ef36c4b19f792781bf6cc67ee9
SHA1 65712834ce1a2c712fb22168b59e7c050ac0d93e
SHA256 0229035c95e2b2d9927cf6baab05e97be468b9871d94a0aba17dba99eccc3392
SHA512 83adba5e6d7bbcd2d568fc6fdc0cd3638aa6efef2efb97e6eed9cbd30645d996715c7ec4816befd870940e7009fa4bb4fa708462de37943797d531c78d5662d3

memory/540-1626-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-2312-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-2332-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/3496-2334-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/3496-2336-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-2346-0x0000000000AC0000-0x0000000000F73000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c3ce58100189c98e194805e56672cde7
SHA1 0ca449bfc283cdd4812ed2e515a1114a7bd8e53b
SHA256 4a1994335d3254eccd9f8c04fe24b0cd15db6d0bb3a46394f1388988fd1da02f
SHA512 2da971ad98e5d81492c51e1cea6a091e048d593bd1fbeeddad554ac54b56c1fc0e04b55a4ee6624a8eb9777821d82b7a62b5f2f3707a383d71a2f3fffd62163d

memory/540-2352-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-2353-0x0000000000AC0000-0x0000000000F73000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 101a466e352a29aefeccb41f4b30f623
SHA1 cc04be209ce7a145d56b4f25535be25a5d6d85fa
SHA256 07b3da6d42add50c527a3a8bd1f3b6a08ba347891f8903553a097f6434ec9734
SHA512 df5c1f39ffa8b0ccc08634ede3f3d24728c4291b6aa8deb4936c2fdc86d63dc18cc079ddc7e6e5a40bb3ddc7ad8bab4ac50db61cab610edc110bfc22e48ce0e0

memory/540-2359-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-2360-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-2371-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/6264-2373-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/6264-2374-0x0000000000AC0000-0x0000000000F73000-memory.dmp

memory/540-2375-0x0000000000AC0000-0x0000000000F73000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-08 23:05

Reported

2024-07-08 23:08

Platform

win11-20240704-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\GHCAKKEGCA.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\AFHDBGHJKF.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\AFHDBGHJKF.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\GHCAKKEGCA.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GHCAKKEGCA.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\AFHDBGHJKF.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1945933150-1754111531-3454729080-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1945933150-1754111531-3454729080-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1945933150-1754111531-3454729080-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1945933150-1754111531-3454729080-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\AFHDBGHJKF.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1945933150-1754111531-3454729080-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\GHCAKKEGCA.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1945933150-1754111531-3454729080-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1945933150-1754111531-3454729080-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1945933150-1754111531-3454729080-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AFHDBGHJKF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AFHDBGHJKF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GHCAKKEGCA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GHCAKKEGCA.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3944 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3944 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3944 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1816 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe
PID 1816 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe
PID 1816 wrote to memory of 2188 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe
PID 1816 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 1816 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 1816 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 3900 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3900 wrote to memory of 1688 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 1688 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3900 wrote to memory of 3080 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3900 wrote to memory of 3080 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1688 wrote to memory of 580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1688 wrote to memory of 580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2284 wrote to memory of 948 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3080 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 2656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe

"C:\Users\Admin\AppData\Local\Temp\236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\f20a758208.cmd" "

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffecf583cb8,0x7ffecf583cc8,0x7ffecf583cd8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffecfacab58,0x7ffecfacab68,0x7ffecfacab78

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2500.0.970284866\1905716469" -parentBuildID 20230214051806 -prefsHandle 1616 -prefMapHandle 1624 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9edaafd-8374-4bfb-b7c2-0796faf56480} 2500 "\\.\pipe\gecko-crash-server-pipe.2500" 1784 2646c30e958 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2004 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2500.1.1160724522\2026829449" -parentBuildID 20230214051806 -prefsHandle 2356 -prefMapHandle 2348 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0ce2818-0cdd-4ea5-b0c5-5f69ea682bd9} 2500 "\\.\pipe\gecko-crash-server-pipe.2500" 2384 2645f586058 socket

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1948,i,11520673315075000430,1490771845825829178,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1948,i,11520673315075000430,1490771845825829178,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2084 --field-trial-handle=1948,i,11520673315075000430,1490771845825829178,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1948,i,11520673315075000430,1490771845825829178,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1948,i,11520673315075000430,1490771845825829178,131072 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2500.2.1348105841\1865199371" -childID 1 -isForBrowser -prefsHandle 3396 -prefMapHandle 3392 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1012 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6e96b9f-bd90-480d-ab6c-831a7be8ce96} 2500 "\\.\pipe\gecko-crash-server-pipe.2500" 3408 2646f0c6f58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3952 --field-trial-handle=1948,i,11520673315075000430,1490771845825829178,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2500.3.1616937062\1283442272" -childID 2 -isForBrowser -prefsHandle 1504 -prefMapHandle 3592 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1012 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb89849b-7ff3-47ef-b964-b046a26b6b7f} 2500 "\\.\pipe\gecko-crash-server-pipe.2500" 2852 26471f59e58 tab

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2500.4.105490481\2020094144" -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5244 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1012 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c4b1a2e-fdc6-464e-88c4-812003a66ff1} 2500 "\\.\pipe\gecko-crash-server-pipe.2500" 5240 2646f021b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2500.5.1933995856\1835267166" -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1012 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9b9a7a-02ae-4671-8db6-55eeba5bc02d} 2500 "\\.\pipe\gecko-crash-server-pipe.2500" 5388 2646f022158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2500.6.1881737327\1032881123" -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1012 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d984da8-8972-45e1-929b-0b2cf90653c4} 2500 "\\.\pipe\gecko-crash-server-pipe.2500" 5576 2646f023958 tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\AFHDBGHJKF.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\GHCAKKEGCA.exe"

C:\Users\Admin\AppData\Local\Temp\AFHDBGHJKF.exe

"C:\Users\Admin\AppData\Local\Temp\AFHDBGHJKF.exe"

C:\Users\Admin\AppData\Local\Temp\GHCAKKEGCA.exe

"C:\Users\Admin\AppData\Local\Temp\GHCAKKEGCA.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,1084933098185221552,18441255269275588018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4868 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=880 --field-trial-handle=1948,i,11520673315075000430,1490771845825829178,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
RU 85.28.47.30:80 85.28.47.30 tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
GB 142.250.178.14:443 youtube-ui.l.google.com tcp
US 44.242.121.21:443 shavar.prod.mozaws.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
GB 142.250.178.14:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
N/A 127.0.0.1:49793 tcp
N/A 127.0.0.1:49824 tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
GB 142.250.200.14:443 redirector.gvt1.com tcp
GB 142.250.200.14:443 redirector.gvt1.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com tcp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp

Files

memory/3944-0-0x0000000000D80000-0x0000000001233000-memory.dmp

memory/3944-1-0x0000000077CA6000-0x0000000077CA8000-memory.dmp

memory/3944-2-0x0000000000D81000-0x0000000000DAF000-memory.dmp

memory/3944-3-0x0000000000D80000-0x0000000001233000-memory.dmp

memory/3944-4-0x0000000000D80000-0x0000000001233000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 4b9a7391462b50d545a25d60d24594a0
SHA1 fde9b2890236e689d33ec30a4d363b9955069588
SHA256 236ea41c6d020dc65734c74af093f8fb25d69e7e16544a8a5361b1a14a7cfe16
SHA512 569233265a28bf9dc3b2a93dc128a08fa2bd5c0be19f77e8b1112ec15e3f3ce83a4ae41a2dd4d57af1f9373892c5ecdda4e10f18c768f5e9921a6a91b1f3bdcb

memory/3944-18-0x0000000000D80000-0x0000000001233000-memory.dmp

memory/1816-17-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-19-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-20-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-21-0x0000000000B10000-0x0000000000FC3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\de72cc886e.exe

MD5 e6a54ac6b35b2def5a7d9b9699388f26
SHA1 5f8a57b2e8902523bbafc50434f3692fe1d92b74
SHA256 25d515f52e58c10727895f1ee1a269998e37d3b4308e6ac6f1419186c30290a9
SHA512 8cdfb2da836614148507585645613432f7dd802ac8c80b89a4b302c9dfbbc9a96decd4a2df6468843ccfebd479968058d7f184e67026cf6b1d8dd474634c87c4

memory/2188-37-0x0000000000390000-0x0000000000F8D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000008021\f20a758208.cmd

MD5 c1b73be75c9a5348a3e36e9ec2993f58
SHA1 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906
SHA256 a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0
SHA512 fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 11b22949a84a750056bef0aa6ea4fc45
SHA1 c3d49da0344a2bb3cebbce6569b1fd223aa2ebd8
SHA256 59db861ff42f39a5f777bd9b8a167b7b15c96e60ed148ea875a9f1f0d4caaa6f
SHA512 01bbc38a4b8fb8a53c3897d63d3362c8a980fcb395986671cfd13e0fa893a68ab3e45379127da69565e0b1e4125a41834c62b06b8d9b852c6b71a1ec68a930b0

\??\pipe\LOCAL\crashpad_1688_HZRPNJYHMDCZQRNG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b1f20c797906f82fd003270485ceaef
SHA1 51ee0859382d77aba329e0ec2dad81b383c534ed
SHA256 7980e988f80ffc29a79b2d13c0d4160ad1d1f77fb6ddd95b7ec263b7421a0c91
SHA512 7b8f859ffa55759a1e90540754bc80a4218ddf2ee953736865ba4c5c9aa33556bd8ac45da1dce7426c75c5d754268c450054f875927cbba800ad665f09941cde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 efa30e1fd51885944de72e70bbcbac05
SHA1 4105189f4a3ac2f60824cf8f2eef35c1c1c2e9a2
SHA256 60e81e2e2be934a864e511eabda489bbe5859dd1b2d238c10f4604ec418e13dc
SHA512 b8beecf06ddb1a4e22e8feb1d5c67437a14ee81814a06738c51077c8d9e269c8b2a22e6ae0d760c0a6bd3a507e5538499b9f9fb3e98f5e16b7f5a36441987976

memory/1816-86-0x0000000000B10000-0x0000000000FC3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\prefs.js

MD5 3faf2a3cb97e9d87db25f2e9cd573687
SHA1 2082a48cd94a7e4688ebcca22a320c98e8e0cc15
SHA256 e2564cf52319e4d557b33a7859d1469e723dd57826cb183d75103daa323ace5c
SHA512 7ef2cfa7ba2c1d653ac1e29e915a54d8cc81b5e890e94570b5bd566c0487e841e069907cb9b538b042e0c234e57871c89e33e680c532cb432c2b59c44fe800a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w5uqp68f.default-release\activity-stream.discovery_stream.json.tmp

MD5 01118cd82a92f93cfa3cf79dedd52e32
SHA1 b6553358bbecfe8cd8f85f98aabda1596bcc2ecb
SHA256 32f03614de3c8eafd4ed75dd0fb46ec7186432c015d0054883590b3298519cbe
SHA512 ee46f66759723107eddace58bfe4c45893c74ee59461eb8cc878a9c5043323fbbc177cae86e81333d8621ca964abc99800cfe0b461cc7995319b7c878eb7d24b

memory/2188-129-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/2188-206-0x0000000000390000-0x0000000000F8D000-memory.dmp

memory/5532-215-0x0000000000B10000-0x0000000000FC3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 074dbc04f07035ab575f423a4a7c6150
SHA1 16054bc1adee8ce5c63a3a6bc5dfb69286d44ffd
SHA256 2abdc8fdc67e2aa6307c240c164ccac19ca4d14edc793b2647cccb58c123b38d
SHA512 109694dd67636ca64c34467ae0075abf11dee616e0c509ecc65450ee48aea5478c1a74c48c74f1f35b7e98e0601c6ab458eb8459f0a659d0233f0c5eee14d625

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 413c4ffbed12d7b7015c835a32351690
SHA1 ec4fb20433d2d351c8aaadd696fc6ca157c39b41
SHA256 0577da59e3f6ae990b9bb729a99d30e7e7b0f6a804b663b0a9ac081dc9eb7e05
SHA512 2e06512a7007ca4b9eeeb6f411aa35d004892af66c558e9bf010ed805d6e09a1680ae8b7fc1ede475d92eeef8763905bed25e7d3bc651121297de5b9854c1985

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2641471b2a44e0be8f51eb6dcb997728
SHA1 e30bd67f04619dea2969c82bd48706e7d9975f4c
SHA256 da361e039deae0d1cd1efd6e83d161dafc9077efe8ed59583e411df7cdf5eb00
SHA512 42bd9142b1e200f82f2f56e2dd534f57e83de8fbf184e59e472957936dca3a1ba2fed0b953963ec094c38460a7c3aae4529504ad773376c3ccccc04d6081e07a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 add7ab9cf156e1862302efec1ca797a8
SHA1 df61012ec4bf1c97816ffe18d73f2c9a02328de7
SHA256 13630e1ef1208ade08d6fdc5c5548bf5f34c4a5057fcaf59af8c6a36a95ed98b
SHA512 87292597ec2a9c5ae171c6fee5093c0dd1ec535cc6a27f3bd1de571740a647be505247c1b657048a10b91525bf024a56b806e03e225599fbf245369ce29a5b72

memory/5532-246-0x0000000000B10000-0x0000000000FC3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 51c3c3d00a4a5a9d730c04c615f2639b
SHA1 3b92cce727fc1fb03e982eb611935218c821948f
SHA256 cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f
SHA512 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\cookies.sqlite-wal

MD5 6d4ac22186bcbc1f6ba6d7a53060ec53
SHA1 f179ccb444c52f9516d7c2789d058b72f4a44567
SHA256 0155cb6afe81d91d37e2376af5d3829e0fb4d355684ec5ce7a63f2f999b684c3
SHA512 8009939d2e89ff54d1bc6c8a8aea5946ad22a5fde922bfb1c76057400054d1cf46c5f37cfbe36fe76471d11cb4957b742ed94389c157f6f6440c6c1a394272fc

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4fe137655ac0344797fbd1c0c3c8fc7c
SHA1 1d64ac003badedccb0ff5b9060908d3575cc1472
SHA256 dcd98f3e2d73aacf5d5090a8d9decfe7e0c77873984c9925ed73a5cc89bc749c
SHA512 b954302d2ee346b15f63883f077fcf15465f14881423ce980ec5f53132381da2dfb6bb2f43039fd9cbdeff801e076ec1b2297beaffedba00c00fb546980f737d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\places.sqlite-wal

MD5 69c91a92b7146f3e8b69b58112c02a2d
SHA1 927362bf9092ee11056287abab230ce9a4c6725f
SHA256 7907635f28289888da4f1b86bb6b88544284835cdd61eda7b2d2bba5a5c89078
SHA512 0c68c88188824abf61cb9e8f0d89eaf99cafcd6bdc36fc532f680c604b479e2b53df5b0f20e77cc28b0966af041edcc8dda35682aa78bef3977237582cc36f94

C:\ProgramData\AAEBAKKJKKEBKFIDBFBA

MD5 0b07c77a5a4cb2a021603103d532f69d
SHA1 5a9dda8e4958ddeba7919c4acae2530ba375eb9a
SHA256 20271e627f0264677e1d47c17f560acb7479ac23a275c3bb956e4ab23594f0f2
SHA512 c926a7a016079425c0fb0b6e0c8c95ee0224da38fef8ee81c627f25bf61d66b69bb2be9511c0e6f6f9a9e9b0ddb5772c300047a8f46470f8d05368b473281c94

memory/1816-307-0x0000000000B10000-0x0000000000FC3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 103d7813f0ccc7445b4b9a4b34fc74bf
SHA1 ed862e8ebd885acde6115c340e59e50e74e3633b
SHA256 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b
SHA512 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f

memory/2188-347-0x0000000000390000-0x0000000000F8D000-memory.dmp

memory/5720-351-0x0000000000C60000-0x0000000001113000-memory.dmp

memory/1816-355-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/5640-356-0x0000000000260000-0x0000000000713000-memory.dmp

memory/5720-357-0x0000000000C60000-0x0000000001113000-memory.dmp

memory/5640-359-0x0000000000260000-0x0000000000713000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/1816-373-0x0000000000B10000-0x0000000000FC3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c59628b09842291ef496e81c9976c867
SHA1 759e39bcc4f878858df1fb515604c9f2076cc18f
SHA256 bb931c2f0c92945dd537b12d5a9f0d15ed7977035f35cc7970168a17f541afbb
SHA512 9c2b0778ba846231613394def8fa9d9f7035c6af3abd175cc79303e5b3af145fd0302853b2e938857d230d92c334b034784d68e6537d6dee1647f2be2b12f180

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c1116b3c04b2524b97cff2ebf53df88c
SHA1 2c0f031cccf99f131949088308d8a4e8ab7a2a69
SHA256 15fe7975f924c90ddfa9efa92f55c91e41332617ba097446b79f753c946ee480
SHA512 59c096494ea6e89d5b62d124b1cd5eaddbcb92c8666bfca4ee14547490a183095b667cdb7568b6ab3489c92dcc8b37452388101a5e67548e82186c9027913cfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58053b.TMP

MD5 d24c1b41583d085da12b85dd5685a67a
SHA1 3ddcc775227fab97e9381ab57f4f4665cac47be0
SHA256 109bf7f91790ce9398f72c0352123c06cb9c4a5dffbe8cdeba597638d377c92d
SHA512 e53634271b62fe4af26693dd0dd8b23c609bb19fa616f7e34f8af944e35d9435a8705846eb1d109bf5bb9ad5ebda66d5be0dc273b127a027f0e32af5722f27ce

memory/1816-389-0x0000000000B10000-0x0000000000FC3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8fab75b8dcd148e611db81bb0bc21b2f
SHA1 589d4dba34fdaa1dba0e5d9a0502599a88250197
SHA256 00706a3ceed5b843196bf6b210ee83e8223da32cb93c5e54fc238bcd0efade32
SHA512 462d65e58403f7422d9674e70b15d3e4f9eb077a25426cc321849b870458ce01e91d8fe6dac750ca33955df7b82890ec3fd930129a865c5f5b8a81462c3a7363

memory/1816-410-0x0000000000B10000-0x0000000000FC3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\prefs-1.js

MD5 3d45881cc45df7486f3a6182ed733780
SHA1 61b5991758446496be1720726245231d16bc1b9b
SHA256 a7bfd034b40dc15476ee64093e60126323e88df5949c5527b5f93c27c37b4079
SHA512 1261526b89ab3b7b36070c9ef9bed5c07c57c8642248e88d35ce901d55457c48a01c8de6f26244c7413286d0eace7d195a82f199f89ff4b6809663a12d990814

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 510e1adc92c8f9401023f66e7af0c46f
SHA1 a1d1c5b22eca3554b67d4ed91d17f825acdb8833
SHA256 b284242177ef0fc604d94af7256ddfe068e0a8d3d759e9587614db1fa3b883c1
SHA512 88b8832454f27b6ac89718bb2a75f6041294265361f7b7f9a754010bd29fa82d09af1785d5bcbe975f06c8fa4c1dc129311cbcd16c2d8767eb4de2b38c2ac607

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 db50e3418d334fb4f632142fddd0e73e
SHA1 38c69515a05e55c4af61a7a87193a256eae34b64
SHA256 9a16f4674bb9c5c650ba75643f368d45667736239522d10a7b529794ae6e1f6f
SHA512 c3c18f477be6306dcd3c8568adca16ee754f6605516d8d5d8984e57051b7ea508f7eb8cfadf86e119dfc5cceb3e3002cd89295666f904fd21bf99cedde7123ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w5uqp68f.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 758ffdbc024ce4194082b0589d078c61
SHA1 f2d5d107382ebe5139dc56d72840f4b966651d41
SHA256 973509498c4faab6515acff4b2a6e310d7bb9e4eb6ec41be649f0b58dc175323
SHA512 a53e27ed6314381f836ceea7d77d12fce359db9efb0d6658557e83ebfce0fe5c9c42aeb2dd43a324ec8bfa4035bc76f85dbad2fbc69093c9d9a773d1620955c3

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\prefs-1.js

MD5 5015627dcd4fac3200f067c27d56c3a6
SHA1 adeb161783f2d27e9f75b9ab1e2d795f7564eccb
SHA256 53fbe0e6cca332ab2d30c2fcaca974ebcc058dfdda6318731d15a8c7d2095c94
SHA512 c50c26d99bd9e49d4f40aab587584e6d57d22064ea7c07796f803b3787d52c8b127475949d8d1c5763adeab357436cb242f5efc7edd77a52e2e2ae170abfcb58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w5uqp68f.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

memory/1816-946-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-2428-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-2451-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/6760-2456-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/6760-2485-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-2487-0x0000000000B10000-0x0000000000FC3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3015490c42c298a8e0acf1e3b312893c
SHA1 28f08f777e4b7c1f5ebe9821c39da5b2e674018c
SHA256 5419f6b936f77825f4d64d4e0d0e4e26203de54b225ed470dd2f7a54efcd9f5e
SHA512 5aa73220e2dc4f5a3844046a5188360729ad8e271f2ad72afe26a36c74b8ac020d7443abfd6e195d695eac7d928ee3cc6bec72091744d444fb80769840bd2c7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f6d700d5a22fb7ea9e660474e621bbd5
SHA1 f744e121bfbb6bf36e9ad9b4e98a09db03236daf
SHA256 2075cda59774980601983b2ba3dc2269baa4cada6f44e85178356296a3a40957
SHA512 8699178b398cea5fdc03d0f83579c60a6e422722abd59f7ca65238b08dc5646ef6362307c98f39b04d653748fc36937130aa0d252456f0dc0a6c41224152e1ef

memory/1816-2498-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-2499-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-2500-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-2501-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-2514-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/5456-2516-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/5456-2517-0x0000000000B10000-0x0000000000FC3000-memory.dmp

memory/1816-2518-0x0000000000B10000-0x0000000000FC3000-memory.dmp