Malware Analysis Report

2024-11-15 08:58

Sample ID 240709-hchnfazhlj
Target 42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215
SHA256 42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215
Tags
amadey stealc 4dd39d hate discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215

Threat Level: Known bad

The file 42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d hate discovery evasion spyware stealer trojan

Amadey

Stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Reads data files stored by FTP clients

Executes dropped EXE

Loads dropped DLL

Checks BIOS information in registry

Checks computer location settings

Identifies Wine through registry keys

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-09 06:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-09 06:35

Reported

2024-07-09 06:38

Platform

win10v2004-20240704-en

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4464 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 4464 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 4464 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 4464 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 4464 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 4464 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 400 wrote to memory of 2292 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe
PID 400 wrote to memory of 2292 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe
PID 400 wrote to memory of 2292 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe
PID 2292 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2292 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2292 wrote to memory of 3356 N/A C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3356 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b87a2899a7.exe
PID 3356 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b87a2899a7.exe
PID 3356 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b87a2899a7.exe
PID 3356 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 3356 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 3356 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 4672 wrote to memory of 3816 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 3816 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4672 wrote to memory of 4036 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4672 wrote to memory of 4036 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4672 wrote to memory of 3128 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4672 wrote to memory of 3128 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3816 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4036 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4036 wrote to memory of 1228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 2504 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2504 wrote to memory of 4988 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe

"C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\JECGIIIDAK.exe"

C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe

"C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\1000006001\b87a2899a7.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\b87a2899a7.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\2a09409979.cmd" "

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcfe9cab58,0x7ffcfe9cab68,0x7ffcfe9cab78

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcfad246f8,0x7ffcfad24708,0x7ffcfad24718

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.0.831144947\1008780418" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f86723ce-d976-432b-86ba-426800ebef39} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 1852 1de06524058 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5819366861855389660,17907972208253359995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5819366861855389660,17907972208253359995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,5819366861855389660,17907972208253359995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5819366861855389660,17907972208253359995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5819366861855389660,17907972208253359995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1932,i,9181625020127070844,10400681958911731695,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1932,i,9181625020127070844,10400681958911731695,131072 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1932,i,9181625020127070844,10400681958911731695,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1932,i,9181625020127070844,10400681958911731695,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1932,i,9181625020127070844,10400681958911731695,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.1.90318838\1947371382" -parentBuildID 20230214051806 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {191e1071-6f55-4b8f-9887-d3085bf5eee4} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 2492 1de05320558 socket

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5819366861855389660,17907972208253359995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.2.1620933394\785750148" -childID 1 -isForBrowser -prefsHandle 3380 -prefMapHandle 3376 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 888 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32662fa6-143c-4be3-9180-171c9819fd8d} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 3392 1de09056d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4204 --field-trial-handle=1932,i,9181625020127070844,10400681958911731695,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.3.804719684\269473246" -childID 2 -isForBrowser -prefsHandle 3860 -prefMapHandle 3856 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 888 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9521e50-96c4-4e6e-bde5-d02c36c25dd0} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 3872 1de0b1d3258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.4.713362565\1405834511" -childID 3 -isForBrowser -prefsHandle 5152 -prefMapHandle 5148 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 888 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2385e366-37e8-47ad-85d0-8661231b5d1e} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 5060 1de09034b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.5.968588933\598775882" -childID 4 -isForBrowser -prefsHandle 5300 -prefMapHandle 5164 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 888 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0cf5913-ca20-438f-8807-604562a3e0d4} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 5256 1de09036958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2504.6.316320140\191299575" -childID 5 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 888 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9471857a-73fe-4f6c-b012-730ebc39fa9b} 2504 "\\.\pipe\gecko-crash-server-pipe.2504" 5548 1de09036658 tab

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5819366861855389660,17907972208253359995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=860 --field-trial-handle=1932,i,9181625020127070844,10400681958911731695,131072 /prefetch:2

Network

Country Destination Domain Proto
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
GB 216.58.212.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 52.33.222.107:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 107.222.33.52.in-addr.arpa udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 216.58.201.110:443 consent.youtube.com tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
N/A 127.0.0.1:59232 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 199.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
N/A 127.0.0.1:61875 tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp

Files

memory/4464-0-0x00000000002B0000-0x0000000000E9A000-memory.dmp

memory/4464-1-0x000000007F640000-0x000000007FA11000-memory.dmp

memory/4464-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/4464-47-0x00000000002B0000-0x0000000000E9A000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/4464-78-0x00000000002B0000-0x0000000000E9A000-memory.dmp

memory/4464-79-0x000000007F640000-0x000000007FA11000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DGDAEHCBGI.exe

MD5 845e518c85f1b978cd46242946ba6d4d
SHA1 2c9134231db03c35b788ac7b454b4cdf5698db22
SHA256 8d1cc44f24a9022819de9d34a328315d88e215dcac2ffb3cf29d637948d4c578
SHA512 b5c2a52db82c0467eff9f58406a62926b8a91a332853fb7774054eabba3e02adcc18dbdd2151cb6bdaba160cd74a9adea82b0add80da0dd164324b3d552bdaa0

memory/2292-83-0x00000000003A0000-0x0000000000857000-memory.dmp

memory/2292-84-0x0000000076F14000-0x0000000076F16000-memory.dmp

memory/3356-97-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/2292-98-0x00000000003A0000-0x0000000000857000-memory.dmp

memory/872-100-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/872-101-0x0000000000400000-0x00000000008B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\b87a2899a7.exe

MD5 510ef6656d676509abf2ff0e28ecda55
SHA1 0f61ea4fff3a4160ee5eadbec3ee35506c98b10f
SHA256 42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215
SHA512 08870978ef501a7dfe0a1f0042a5373ce70f50308f6929d1940434a27fdc61ec230ac0df4d80299ab82ec05ef6263a3bc40ebf82b17d32074f5ca6000764ba0a

C:\Users\Admin\AppData\Local\Temp\1000008021\2a09409979.cmd

MD5 c1b73be75c9a5348a3e36e9ec2993f58
SHA1 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906
SHA256 a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0
SHA512 fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3

memory/5108-128-0x00000000002B0000-0x0000000000E9A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9abb787f6c5a61faf4408f694e89b50e
SHA1 914247144868a2ff909207305255ab9bbca33d7e
SHA256 ecfd876b653319de412bf6be83bd824dda753b4d9090007231a335819d29ea07
SHA512 0f8139c45a7efab6de03fd9ebfe152e183ff155f20b03d4fac4a52cbbf8a3779302fed56facc9c7678a2dcf4f1ee89a26efd5bada485214edd9bf6b5cd238a55

\??\pipe\LOCAL\crashpad_4036_KSPENKTAYMHHQUEW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b6c11a2e74ef272858b9bcac8f5ebf97
SHA1 2a06945314ebaa78f3ede1ff2b79f7357c3cb36b
SHA256 f88faeb70e2a7849587be3e49e6884f5159ac76ef72b7077ac36e5fbf332d777
SHA512 d577a5b3a264829494f5520cc975f4c2044648d51438885f319c2c74a080ea5dd719b6a885ed4d3401fd7a32341f88f26da5e3f29214da9afbbbd5ee950e8ec3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bec4e52997d2231c65103358061c5620
SHA1 a589e3310d32e4e6685080fe2bf7ef0338f8ee22
SHA256 d43f7ea5869a06cc4cd1dcc07f8edcb6540ff96b3e4cd3b0558ba6ba81231e2f
SHA512 f5d32945222d3e1cc4c0824b00113df0a9e32dd06f673dd6f920611f34fb2623a0e5ca524ffab9528a84d791eb33dea3c06906de0912fbdcb2eaa899ee36388b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\prefs.js

MD5 9e47e7da5983f1a7cda7c08278e15d89
SHA1 b024ee2c0c98760a8a04036a246683a160059f77
SHA256 413877ad099208c50a7768aa55159eef0cda9956388a84bfa79103ef9cdd1f51
SHA512 bfea054b5acb129dada6715966a88154ca2849a01082bcb4d4c174b6034b986b7f1e503697687cf660e4bcab56a9d60ff5e92c4ef8eb6379de4e0e6691dabccf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\activity-stream.discovery_stream.json.tmp

MD5 12b5f6925802a703c0816d85b00e41c2
SHA1 813bcbf96bb5909f2fa4cca9750461212d5fd638
SHA256 16189b3f1560666132a809fdde1b602ba0a92f18e231d254e30735179c58e78e
SHA512 64da599de22cfb7cac172a2786afc2dc82d38010832dbea3a61b8c3ebbe6fc5e356c089352623012e1d98e51819d7277915dd95c804502083a9c1ffebbe3854e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\prefs.js

MD5 d955ad08f6fe68369313612388c6fe8e
SHA1 cc55c504cd4061466d68457caee449ca60631e6d
SHA256 827a9d9a3b6b886c5ffe29cb1d1c9c0b1f091b1a6b71269189e371c083e502a4
SHA512 eefa4c2ee69755580b660c0f288bc9b682b0d36cff4154354e964e9245aa3033fb2aa0b20b63395bf70da3ea86ff50b826ad59bbb3bdd9a453939072319c0bd0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\activity-stream.discovery_stream.json.tmp

MD5 a705d4ed372ad52698ddbc8a50b2a87c
SHA1 8980cf7fd04e0afd71157ef31cf4d0dd5f9ac573
SHA256 ce45cb806783ab489952b7fa58eca6f73cd0ce8fe693b774a9bd2726d0127451
SHA512 e42ed7bffa6b51b4beb9c9e48eae22a16509f7ed54e85b6c8c82d1d4a2e4d2cf49f7ceceedd783cb38df4575ca87b7aaef6e0dbf85590385f7d532124657a064

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22afd2d7a5481fc4fa1452703d4b7df9
SHA1 47b38b0ef0db683316be202376a7086f8cbe0dce
SHA256 5645c98606639d8426bbebb21f0393f41ff2b4a22d3adb0653b03269a217eb05
SHA512 baa2bd691c5bcfade52fcc0445abb68327f4119c9979ff3cfc36d8ef6f4e5c111cc72364fdd422f5a5b6fcc1c300ac62474900bc2fb55e96607fefbacef63084

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c806b947033341f8bf6c008a7eb65c8f
SHA1 e7cba4b923c08cf9d62d4e27ab411fa1f665a824
SHA256 c1a6e40495fa914af06687f57db731d7ede9533d12ca811f608195da9a507d53
SHA512 1a8828217a07d43a476acbe10bd9f2fb769736f956fa5343337a6ca20e3ed327cd22d8851611cca4aa87bdc133d0d8f209b412afe763a5905386c7cc37acca12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c296c49d0c528420a9153a89f1b806c
SHA1 bd0abb7af998b7e458262be870b25d125810515d
SHA256 3cc98afc6b7395c8f0a7be70fdffb898ac72c4e4660acf391f538471677be74f
SHA512 64a643c381e860b8f1bb1684562bf981774317be22d9c6c09b996224e5cce791dd4ec5c34f6c9fdbeda3adfdc1cac6e36af34d7cb990cf57c69daa602288db08

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\prefs-1.js

MD5 00e4cf86d599607526f843578bfffa94
SHA1 3a95540dc5b2986db3f7f2d46290939dd4bc5231
SHA256 054492b1ff90f2cdb153ddbab286567618b21a55625ff5408e4f0742e29b5980
SHA512 3de141aae9e60946f74f37bd6337788bebcec2f9415e27a8862c1eafb5bdde6971bc63926a2a1f2517c5bedc586dbb27be8233e808733979cb67a443eb9763aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab59f5122d94e069b897674d8acaa0ba
SHA1 7c66386b4dd94b6d689538c2becf6acdd6735e90
SHA256 d207b2f64b42453377f434dfe3428a851c863d586e37fb8359c04711fd801bfc
SHA512 44e488e07f4f26493e8595ca009c79110bc3c7efee132144924d2cbfee7da82f4eccd47b4367b895a8e897c75f616d95d13883a6fb32271993acfecbb11fade8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\cache2\entries\CB4F0A898744713F17C3A2E0C804B48F9D0DD468

MD5 013cacdd6dee9ebdd2250a411d1d8b8f
SHA1 b077860d17958aa4e8e276aa72f3b26bee092c4d
SHA256 dbc0a6c01e743778785f600baeedd89cda31db09aef35b721932122b0a0680c5
SHA512 33c29139d62f4f12722700e2ec5a628880d77307865488ebeff263b43801d5e8c0946610c6117e2c71a4cc7552c2fdf1b78e3caf95658b32696a903150fc642a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4e9eb421e5566ac6fdbffed5a66a88f6
SHA1 8eea50b60380209144a3ef7020b8688bd2dd825d
SHA256 88188a45ddd21f26453051d0130fc6de5d33fbbc825d7b533d16ceab7e5bee45
SHA512 336fa23e439fd582ef5cbe08bac5ce49fcf5c58836d46ac5331a0c91bb5caa77d7ef1df5cd2bfc42ff649fa1530d6f4487809e0d889444155c66c6525da7a225

memory/3356-331-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/3356-334-0x0000000000400000-0x00000000008B7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22810aa4c56d6326d73cbd8ed93af2b2
SHA1 7f9ca45e0cd92d8c71407207e58f3bd23c6680e0
SHA256 78ddd74fdb16f6a46a705ed42fa6de92506fa8cda8ff440b432fa76448e7edba
SHA512 4677f384cec6cbe819a0dfad8ec9d333cc8a421f4ed79a9bd640986c02fd4c67eafd5dc705ba9a87a37356732af2f216c805b56ee4a6c4a1225b7062cb45127d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 103d7813f0ccc7445b4b9a4b34fc74bf
SHA1 ed862e8ebd885acde6115c340e59e50e74e3633b
SHA256 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b
SHA512 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f

memory/3356-406-0x0000000000400000-0x00000000008B7000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f389bae676cadacee8e92fe10f6f9cad
SHA1 8fb20603f219649f05b859c179e3414c9f47b165
SHA256 30f8ea8ca6f19da61b0b07b9edc0f2b84afdd68797b6398d00cf9e1dae66e4ea
SHA512 25e2142bc77596822344e7251b59df2629d57bcedf6f708788842ebadfd7944c0beac56bd3a844f97b2c23212a4f5bb0027296b6856bf38f13a8b1be4791a2f8

memory/3356-420-0x0000000000400000-0x00000000008B7000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\prefs-1.js

MD5 f497a4d638022a3534b78dd67fd3e628
SHA1 32c89ea4968de77a87f84259159cfd7cbdbbcef0
SHA256 191ddeee42a720f97bec4ad45b76515b3bc85b63c43dc687480bd82202791d95
SHA512 1b5632dbcf8d3db560e7207e8f03eadcaa347cc2b58c34381d7c4b9e28f9b22ae6134e173f7e424ef72e4528a2eb9a4c6ad8d8db4f23517445235d6678abcc3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 456478e81aab995363d5a00112728528
SHA1 c06b51cc2cd366f73f1dcc99c275dae9a9f8ac24
SHA256 ec3019c0f83bb4d9430b99dab863a883b392cf9540fea8e145e5f471a42a7ae1
SHA512 847209cca80caf2dc650dc4881bcdb53d5efdb09a0df9e531ca11aaa3b68aa8e6c16803f885050f4488631eae0da365eb734ebfc4ac38f65444975be272af989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bfc16d3edb865febec45ca4cfc45a530
SHA1 493ac1b09d68924087c3912698485381ba9c049f
SHA256 aa701bc1807de9680bd3f593036ddbb50ac64d3ccadf6d89ae757ae9f95b403b
SHA512 6a44856b30c2b2712d58dfe8f0a9ccd5f47faec38536dec4a6a4c622af653d99f32ef06b926553ebd72633ce2d004a4b50048ccb4bf5d6c8a8ddb82f5ff397cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 1f8f12f14a98db11a15816f0c10ca49c
SHA1 f1b040a25275bb48f38599cca777218631685eb7
SHA256 96accffefb2c4c8accfc43619f660edf642168b2e232747207e948678f4479b4
SHA512 67b6b93fcab9ac33b623293c6a110b9efecf2c8236f54b914446b62df63035eb8dabb5e696ed0d64581145d3f895ffe6ef14bb077fa4849523b4be7845772621

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\prefs-1.js

MD5 c969b8de01a9da2cf65a32b5972f7967
SHA1 db0ea45608704d31a21145ee3addacb4dc2d27b2
SHA256 8e6b10e1afe7014fabf1722a923ba7fefbffd81699c138175fc63eef641e90f6
SHA512 1fefa0da73d1f37561f30a008618a4a6a8b96343076b743f01d49fb20fd95f58cdc83022db14579ff1c9abc8da10f1260d19bed4f39f6444cdad4523b9528ae3

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

memory/3356-532-0x0000000000400000-0x00000000008B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

memory/3356-660-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/924-666-0x0000000000400000-0x00000000008B7000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\cache2\doomed\15862

MD5 154507b7215ad9672fb6bef948e1044c
SHA1 e12a4e1aef669667bf7221f2f8834a34b573ad02
SHA256 de72d8bbd8f2c758943036c522de59fd4fd4e672ae3d95729b643a1744caf7e2
SHA512 a1735397f459563f398d445f3ec9d2c5d0821f6030ae284066c35637fed61aee21fd6af28672f7d6b8134d2a31b1b2137d5a7471c372e69f60c0354e2ae5aa8a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ta3lt0q7.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

MD5 9faa3f62b386a7eab1df5d3d9b9292a3
SHA1 8a38d8ebbc1cd7c25e530331d80b261439fcdad4
SHA256 0f8986ba59ef43a7db0a358d870a459e63a3b03062e12f771b100ac9d996da33
SHA512 a9a2ace9f984770b31683f1b16e6ce62f9547ceef25a6348f1834562580d0c9b4fead365586cba8860de44ad980bf92b7b1c37833892d15e26a539249dbe9bed

memory/924-688-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/3356-1282-0x0000000000400000-0x00000000008B7000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fd1317f6d6301aa0d414395c45b67c44
SHA1 dfe6c181df88a1be9aa05f0dffee60544818c5dd
SHA256 93752cd5e036bf7b10a3f635a5754b6bccc3763f8bb2de5da31e32b36d06327a
SHA512 9dd60019d4f04201336b60f7987a197a1e463f7a234bdb7033dc8b0485534682dfd380d879a298b49b7ef3b82a48de46feb63ce74d84e5075ab67602486173d0

memory/3356-1995-0x0000000000400000-0x00000000008B7000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 27fe74d4f31b839229101fb71c6c3162
SHA1 13be7a0f47279a0cc95a91e9bf4bacb297527f20
SHA256 ae20e4dc5ac7b5ff1eb88d8f3466dc96ba1c9da6039001ba52444e61d8b63509
SHA512 cbd9cb0e0e0b5e1591eedaa6ef38e6c2d6b6d28cae7eed1819fc24f5a7f67b2700a19c2293904ee70aa05235cd823afdc02741d4408d4bf723905f516db537b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b93e3cbb9eeaf358b88b8795f2775908
SHA1 7d51d942d19aedd690e138305d450974678afd65
SHA256 33ad9e6e95058152b9ea353bd864e95015c6b6cbeb4de0180d904772d0b04dbb
SHA512 23975d65e9c4c83e58cb6f6df4f817ff2592d3d6c150feba8a56199a29e5b7c51db9e0471aea46ec33a3ea4e7a0b96b9be357c5c34063289e1020f70bec2a0e3

memory/3356-2529-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/3356-2534-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/3356-2538-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/3356-2539-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/208-2541-0x0000000000400000-0x00000000008B7000-memory.dmp

memory/208-2542-0x0000000000400000-0x00000000008B7000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-09 06:35

Reported

2024-07-09 06:38

Platform

win11-20240704-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1228 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 1228 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 1228 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 1228 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 1228 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 1228 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe C:\Windows\SysWOW64\cmd.exe
PID 1988 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe
PID 1988 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe
PID 1988 wrote to memory of 2576 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe
PID 2576 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2576 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2576 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4216 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4216 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4216 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4216 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1144 wrote to memory of 2004 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 2004 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1144 wrote to memory of 3216 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1144 wrote to memory of 3216 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1144 wrote to memory of 1936 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1144 wrote to memory of 1936 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2004 wrote to memory of 2204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2004 wrote to memory of 2204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3216 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3216 wrote to memory of 4836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1936 wrote to memory of 396 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 396 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe

"C:\Users\Admin\AppData\Local\Temp\42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\EBGCBAFCGD.exe"

C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe

"C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\0c7d65c929.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\0c7d65c929.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\d38d3edf7e.cmd" "

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff9558eab58,0x7ff9558eab68,0x7ff9558eab78

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff9556c3cb8,0x7ff9556c3cc8,0x7ff9556c3cd8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.0.854047621\1842841052" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e68f4d77-9d6c-42e0-a5ad-9f499eba9e3c} 396 "\\.\pipe\gecko-crash-server-pipe.396" 1848 1d1cd00e458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.1.1250036158\936860956" -parentBuildID 20230214051806 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaeaf57a-deaf-4919-9ea1-5332a4723b8a} 396 "\\.\pipe\gecko-crash-server-pipe.396" 2412 1d1c0389058 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2188,i,267413132296748809,1702364136745280924,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=2188,i,267413132296748809,1702364136745280924,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1928 --field-trial-handle=2188,i,267413132296748809,1702364136745280924,131072 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=2188,i,267413132296748809,1702364136745280924,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=2188,i,267413132296748809,1702364136745280924,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.2.1340821031\383217550" -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 23028 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b02c778-66e7-4b9d-9d99-677d94abd8df} 396 "\\.\pipe\gecko-crash-server-pipe.396" 3400 1d1d02c3b58 tab

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.3.1337192024\1485202146" -childID 2 -isForBrowser -prefsHandle 2960 -prefMapHandle 3080 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8517d456-f9c3-4a2d-b2ca-f5dc744344b9} 396 "\\.\pipe\gecko-crash-server-pipe.396" 2920 1d1d1b98358 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4132 --field-trial-handle=2188,i,267413132296748809,1702364136745280924,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.4.1111444396\397228856" -childID 3 -isForBrowser -prefsHandle 5268 -prefMapHandle 5264 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e36b186a-2902-4414-ab23-9fc756c7de0b} 396 "\\.\pipe\gecko-crash-server-pipe.396" 5280 1d1d0253558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.5.354105056\1353695369" -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b90ed40-7d10-4b76-9837-00e2423bd4f7} 396 "\\.\pipe\gecko-crash-server-pipe.396" 5496 1d1d0253858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="396.6.1156640956\336208927" -childID 5 -isForBrowser -prefsHandle 5624 -prefMapHandle 5628 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 936 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {470bd828-f059-411e-88da-03a07d81974b} 396 "\\.\pipe\gecko-crash-server-pipe.396" 5616 1d1d0256258 tab

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2099441586498678857,14285843673268047081,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1720 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1016 --field-trial-handle=2188,i,267413132296748809,1702364136745280924,131072 /prefetch:2

Network

Country Destination Domain Proto
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 85.28.47.30:80 85.28.47.30 tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 44.238.192.228:443 shavar.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
N/A 127.0.0.1:49881 tcp
N/A 127.0.0.1:49903 tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com tcp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp

Files

memory/1228-0-0x00000000002C0000-0x0000000000EAA000-memory.dmp

memory/1228-1-0x000000007F430000-0x000000007F801000-memory.dmp

memory/1228-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1228-77-0x00000000002C0000-0x0000000000EAA000-memory.dmp

memory/1228-78-0x000000007F430000-0x000000007F801000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GHDBKJKJKK.exe

MD5 845e518c85f1b978cd46242946ba6d4d
SHA1 2c9134231db03c35b788ac7b454b4cdf5698db22
SHA256 8d1cc44f24a9022819de9d34a328315d88e215dcac2ffb3cf29d637948d4c578
SHA512 b5c2a52db82c0467eff9f58406a62926b8a91a332853fb7774054eabba3e02adcc18dbdd2151cb6bdaba160cd74a9adea82b0add80da0dd164324b3d552bdaa0

memory/2576-82-0x0000000000C50000-0x0000000001107000-memory.dmp

memory/4216-94-0x0000000000350000-0x0000000000807000-memory.dmp

memory/2576-96-0x0000000000C50000-0x0000000001107000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\0c7d65c929.exe

MD5 510ef6656d676509abf2ff0e28ecda55
SHA1 0f61ea4fff3a4160ee5eadbec3ee35506c98b10f
SHA256 42925f90758bbcac4f02d0f58e671ef5d071e1f528a3aa2b4cfa7715da9ff215
SHA512 08870978ef501a7dfe0a1f0042a5373ce70f50308f6929d1940434a27fdc61ec230ac0df4d80299ab82ec05ef6263a3bc40ebf82b17d32074f5ca6000764ba0a

memory/4084-112-0x0000000000E10000-0x00000000019FA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000008021\d38d3edf7e.cmd

MD5 c1b73be75c9a5348a3e36e9ec2993f58
SHA1 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906
SHA256 a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0
SHA512 fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3

memory/4084-125-0x0000000000E10000-0x00000000019FA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dd3589b97978441d244d4e821fd239da
SHA1 63286c2b1fc75939d6ad4e1176901b5c7dc58143
SHA256 6ddace977f58c209176969a77634f8a7cdcaf6f1a550cdbc056674b2b538a5f9
SHA512 6a6a16c168445ee2511c363b31faae8bdd851259ccbdcdd8e93584dc076e1bd688891e5804479a1313019428387207b7a2ba23fe854c53ac86467c730c25b4c2

memory/2780-135-0x0000000000350000-0x0000000000807000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\prefs.js

MD5 e2f789d6adf1a3282bc86c1441aa7263
SHA1 2d1a29f3df3d49eb24cdbe8cfd195e408d8ee10e
SHA256 70ca8b505022dc6069e331a0aa58d5c03f41915a3f7345354a6ba323d6fe742e
SHA512 efdb6df716811254504265f119eaa035540b840c4686ed394f1a4b56917186f13437d3ed682d775ef67e796a3e08a0c6781cceb9519e8ea8785817f5a5f77224

\??\pipe\LOCAL\crashpad_3216_PVBETTGERANKPIEZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 be6d8a5227798b38c33128c43f9febf0
SHA1 b5db7c6a1593f45c75ebb6a81e57628d11fcb892
SHA256 7eaf875fc88b9d5125a56f088e3f676d1762503427fb6b94dbe0eaef71c23234
SHA512 e34ec91b098f08c06754d1e873acfa7773e696dcd2f7be1b2cfe83962944cdbc59703511341d95ed8e5e0aea8f28c9d7b7b497cec719e7a771e6b5e5f6c28368

memory/2780-160-0x0000000000350000-0x0000000000807000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 600ca4ddcd83a3645e13dbce83b3ba51
SHA1 d3cd2bfd96a2adef94a760963bc5e60b91169d2e
SHA256 62feb4a5709203dda858a6d3c7aefb36bc928901921c42271ea83f8157bd707c
SHA512 fa6ad70995c19ee1861a8be77b9d31e88dd4ebeb7b28d22b3e3fbfa8f86349b1b78919ecb566adea3d8ceb337d1740707bb977e63640fb83c560f67c6e451bb1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1i7klk71.default-release\activity-stream.discovery_stream.json.tmp

MD5 1e6eed4c2c031d5d205441f9b069b782
SHA1 d6a3ae751c633cd02938cad192eeabcadc2d0b5c
SHA256 f36feebc0eafb5237964d4ae003a2ab8dc82e3f78d004fee0d4ea5808392b8f8
SHA512 e80358c10319118658e0d1b5cc18c739bf91b5ac5e5794657cf771b90db2aec9d187a0ba8d05f6cb003260f36be7fdda6ed6acff04dce78513ea59a07f1e170b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1i7klk71.default-release\activity-stream.discovery_stream.json.tmp

MD5 ce316e2ddae5f8bdd530af5f0e94f54b
SHA1 1fdf053ea56aac53b391fafc798cb5f2118c2519
SHA256 169984d5664115daa020d646f34a800a9772611a8fa2b9ebc96a2d2d8f158e5a
SHA512 bae69cd2bfdbeab4fa3742b99633c729011e3cc80a5352533afdee2183369cfefe5e49ea9143490ae9f06686c92f86a0f00821d71ac8701f6f817823bd890675

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\prefs-1.js

MD5 35ef38a248b32798b9499924ea5b038b
SHA1 782007545a692d6941d227c0658f82ca5ae9edc2
SHA256 351b18b4d2ac8e7e8b2e3c05f6b907c539342d65e24685013da1364f3a57fe5c
SHA512 1857d9379239da10ac5e9fe24485c370f73b10349f4695377bdc39a2e10a71cf30b4430e11acbed5b277b5625ee533f87cde6aca1fd2bd5ac45ba3b85eb2ff9a

memory/4216-267-0x0000000000350000-0x0000000000807000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b2a380e5c22267176dac8da3d93566c6
SHA1 62a4a40fe56d858f928998a30f1d892a21ee9a95
SHA256 7f1524b291fa0222ea5480d72a1b8f0550985fd51292e3efaa5a117e14f2403d
SHA512 0bffe39dc55b3b38304cfb19b0c36b7b5aa0880cc876222e7295a55a61172bc2c03ccacd5c9d42fe48ff6ce36123f2ca5d876f0a24e57e8ce36b008543b0d9af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9afb4710b898f8c826c4734223333cd8
SHA1 2576b99f90d197356aa9a029513828a3f6663ec9
SHA256 cf8d1c1c4729a2d7f5c90fdc11bd8f6b449b87231dbf37554453b03e8c0f768a
SHA512 f6fb63606126359fbcd6362dad57a456fda16ca9e9880e1b1c39b505eacf24480e498452e88e9c285fa46fe86458f76a2d621f915eda875a133a884330ebdd9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5155dc61338e20a4ec5016a23ee559cb
SHA1 f64cd1df65134b3af5d8c390310b236f37347693
SHA256 4cc5f67949437293dca66a0c6dcaa65e1bc1f6a4cda3df7879fc921c23a9ab9e
SHA512 b37d8183ab80083b37e3bdabd2150c9e22221e6f9f90d3d2c14298f110c1019b170fad723983e80a3312e958d759cb4b5ae5a4b8f8f7ec3ab466ee7d6e6094b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54668513117f1249754ca93aef0e5a9b
SHA1 b0bc5c2ea82dfa976aed27a29f1db07b632aee3e
SHA256 b4578d09644a8b114a58a8923410617e3e8d86f859efeebadbc902f35989bace
SHA512 514d9b159f5eeaeef53f8c00d317d1e50751de9829745866b0d0d38fbbe9fbbd0eecdf94b952fdb91464c123ec82beb3461f9476474230d0030d220c1327e220

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a8c682869e53f3dfe7eb7465ccd6a382
SHA1 2f8b8d93268af4bb1f5e7a97e42464cf74c5e023
SHA256 86f252b7d371bedb36b2ffa80be121bb3836ff178633ad89f35165e1746134c0
SHA512 28e874d146f0112dc04a75d8c45ba899e13ec39a2a4335feba8063988a8a4bf12fab8c1f514062399b35c1730eebb928636c82303b956b2481d378a0321a32dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 51c3c3d00a4a5a9d730c04c615f2639b
SHA1 3b92cce727fc1fb03e982eb611935218c821948f
SHA256 cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f
SHA512 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 103d7813f0ccc7445b4b9a4b34fc74bf
SHA1 ed862e8ebd885acde6115c340e59e50e74e3633b
SHA256 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b
SHA512 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f

memory/4216-373-0x0000000000350000-0x0000000000807000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0596c1255db4e74203671cdf2af23542
SHA1 3ec7a1a77d07ab0464d50da575ea4d7039690119
SHA256 c158153da77801cdd59bf24fb198b2d7f2dfde18c4ba214835bd6ba2667cec18
SHA512 8200f6c3a3ba3af7587e51d9dfd00d5ffc1046f259af426e120ecfe6e9c7b4e9dba74687897aba638889afa898c7fbd7e94a5383598e32c27b8b8a12a96f77aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0f810cdad56eaeadd99dee2182e11dd1
SHA1 51d1e5d7d1c6f829a3f00297f74309617d5a2398
SHA256 bc4f6166e9ff348059c29c3101a3062c16d4ddd10dde0c9163fd63127ec2f0de
SHA512 294ee146fedf0520a3e632de6362724dd1f3a80116cfe2b0c037b16daa346ff8a4c61e1ac4dd9c03c8895f8f0fd398337520ea614fef6d3b1e818e1ba3606071

memory/4216-416-0x0000000000350000-0x0000000000807000-memory.dmp

memory/4216-417-0x0000000000350000-0x0000000000807000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f1fd2c9bdd1c2d0efd49d452dfc52d3c
SHA1 cf4001d6cff518c0f77f392a9cbe9e8988fb2f93
SHA256 6b75a7ef0fd002d69090c33b04e6d3255a160dd994ce71a196bd29eb8f06ee7d
SHA512 a6772d0419d2a988b6fd871ada8f474c8e9a7deba17f7929d03a9663070c07f48646d98f9e29d716cf3a2ae185b5b02a33dd195fff6dee7ed4e3c18b1cb57fea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\prefs-1.js

MD5 ac64ccdf5769891ef3cad6dd36b2be96
SHA1 29ece79e014c4760477dc12cf78bad50f4df787a
SHA256 d8760331b0f6a931f84aa77a497c8e802e0a7405a719dc72b97f3fb03a6081f4
SHA512 9a043146521bc216b0193b29d0f85cb37a102727c09d44ed8abf684c383733fee42858f33725d09e55f9f96b8995fa41ddb34758f96e6468c24a61ee1bf865e2

memory/4216-446-0x0000000000350000-0x0000000000807000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 08769d6c837fde6c6f28ca3dc37b7ced
SHA1 143561a32b4448d23ca9a437359ba664194d8269
SHA256 dd49a44b928810507675d083e34943238b61dbb078d5f1e98d6d989ca223b3b1
SHA512 b1ce3d3181029607838ef1389fce64d64181fe8e97188e5bce6ded90145a35471c0f08fa4a9eae6ee4c41e3a2a0061fd3414dfe0c299c2f56ea1157a4765ceb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab1406ae4ee0707165c6454183cce8c2
SHA1 9c9aa0d1291cff3c210d53e7953b7aea29854cfa
SHA256 67bb080ce25753c57fb80f6b00ea868fe2045da98358977b84362637924d6a8f
SHA512 613b633f6a85ddb79ea6a2f82ebb577040add4d69776a825b852662242932969c93fef8788503f3c15c8ead99143ad4856dd676b65673bea6a7d9f690a298fb7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c2114050bd4ac311d5a780e723f256e0
SHA1 d8975a837be76e08b51379367a74090699303cf5
SHA256 09fc3d5e69e89900f0ee725ec32161c59d06b4c327d263f0a49dd733c306b9a5
SHA512 82afdd5974f3f47654d60472897db2b45aa88ef6cb603d0ce3d5f43831939691dbd12460cf5959cb7442b55200db92c1eba0da8fd31f353a35251fb8dee05cbd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1i7klk71.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 01d60a04f9c659a8759e7cb146143943
SHA1 ec1947edbca396269920441da8c70cabe4f20ab1
SHA256 d09162447a707bdd566d75006bfe41e392fb8c1da440c8accd3a760ae2a9c272
SHA512 1158a81fdcdad64f78aa32240ca9425925ee51250abdd250352a232674424567c03820ec9ca946efbbe9544db7cfe2d5c83da82d3e9e4d0f6099f252fe267ba3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\prefs-1.js

MD5 5a272f3d0f176fa57b31f2e4e9f9e6ba
SHA1 ebb8247d13022479048e59191ced0119d0ea7734
SHA256 a8cac978c20ecc8e48519b5f35848004669a19faf37ac6f66dcef3eb395d6771
SHA512 a2eede825fe6c3da286863c959f88faeea1678e4b526fb6044e7cad773a69b840315f7e471095b3a9e388db86411e399f3e4035e23ab473847e63fb59b30eb47

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

memory/4216-707-0x0000000000350000-0x0000000000807000-memory.dmp

memory/4216-1743-0x0000000000350000-0x0000000000807000-memory.dmp

memory/6624-2201-0x0000000000350000-0x0000000000807000-memory.dmp

memory/6624-2290-0x0000000000350000-0x0000000000807000-memory.dmp

memory/4216-2570-0x0000000000350000-0x0000000000807000-memory.dmp

memory/4216-2598-0x0000000000350000-0x0000000000807000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a9bdc2301f3ef45f51c75769fa3f571e
SHA1 44d46cc64803eb851997c6ee690669af0a840c98
SHA256 378dad925b2eedcc0d8e0f10b25b7cd05db7e136dc7361cd9245253719bab1ed
SHA512 ffd6cab27309ca140bbcadc6d1c85522fb6fdf8c51b8dd0a144ba94990345c633b948dce732c9628752ec5f092653d0fede0310e44da40a878d9ff675b2c9d6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f4e763a82a3f86e9de73db611942e624
SHA1 70b4d55b3422c96245ed5494a54e39f98b93575f
SHA256 d329d1f560f1cb38aef6b3d92348b449cb69eaddf49d7d7d82be4627e05d246d
SHA512 4ff9cc003f51e200f9088eb8d098ddaef6cdc17ec6888d036043c0a2929d5696acfac36a507f8e72696a5381507ac30eda05a48e3c8f78d43e2fb749b57c0340

memory/4216-2612-0x0000000000350000-0x0000000000807000-memory.dmp

memory/4216-2613-0x0000000000350000-0x0000000000807000-memory.dmp

memory/4216-2614-0x0000000000350000-0x0000000000807000-memory.dmp

memory/4216-2615-0x0000000000350000-0x0000000000807000-memory.dmp

memory/1760-2619-0x0000000000350000-0x0000000000807000-memory.dmp

memory/1760-2626-0x0000000000350000-0x0000000000807000-memory.dmp

memory/4216-2632-0x0000000000350000-0x0000000000807000-memory.dmp