Malware Analysis Report

2024-11-15 08:57

Sample ID 240709-mz4xeasdrf
Target file.exe
SHA256 77e9b3740b0e2fd375cd1981ce2ad2ece335200794fa7eb92d4befee2094b9ce
Tags
amadey stealc 4dd39d hate discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

77e9b3740b0e2fd375cd1981ce2ad2ece335200794fa7eb92d4befee2094b9ce

Threat Level: Known bad

The file file.exe was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d hate discovery evasion spyware stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Reads data files stored by FTP clients

Checks BIOS information in registry

Reads user/profile data of web browsers

Identifies Wine through registry keys

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-09 10:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-09 10:55

Reported

2024-07-09 10:58

Platform

win7-20240708-en

Max time kernel

38s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\file.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\file.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\b0b0e0f412.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1712 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1712 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1712 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1712 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1712 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 2632 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe
PID 2632 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe
PID 2632 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe
PID 2632 wrote to memory of 1604 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe
PID 1604 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1604 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1604 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1604 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2516 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b0b0e0f412.exe
PID 2516 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b0b0e0f412.exe
PID 2516 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b0b0e0f412.exe
PID 2516 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b0b0e0f412.exe
PID 2516 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 2516 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 2516 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 2516 wrote to memory of 2232 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 2232 wrote to memory of 2376 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2376 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2376 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2376 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2232 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 2216 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2216 wrote to memory of 560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 560 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 560 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 560 wrote to memory of 2064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\file.exe

"C:\Users\Admin\AppData\Local\Temp\file.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\GCGCBAECFC.exe"

C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe

"C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\b0b0e0f412.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\b0b0e0f412.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\b28a9fcd75.cmd" "

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6859758,0x7fef6859768,0x7fef6859778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="560.0.543246582\1103761648" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1136 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee2dbf0-c90b-41c5-81db-28c5172e0738} 560 "\\.\pipe\gecko-crash-server-pipe.560" 1296 107ceb58 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1276,i,9130303576058816270,2008309817336430273,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1276,i,9130303576058816270,2008309817336430273,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1276,i,9130303576058816270,2008309817336430273,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="560.1.1553051420\1848448144" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c33191a1-a2b0-4524-b4b4-01ebf3895737} 560 "\\.\pipe\gecko-crash-server-pipe.560" 1512 43ee858 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1276,i,9130303576058816270,2008309817336430273,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1276,i,9130303576058816270,2008309817336430273,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="560.2.1324916521\1948953412" -childID 1 -isForBrowser -prefsHandle 1944 -prefMapHandle 2068 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98c15fbf-162c-44a2-961a-18ebc15315e6} 560 "\\.\pipe\gecko-crash-server-pipe.560" 1924 19edb858 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="560.3.1994228654\246061522" -childID 2 -isForBrowser -prefsHandle 2752 -prefMapHandle 2748 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5206b8b-76d8-48a9-99d1-5422e3526479} 560 "\\.\pipe\gecko-crash-server-pipe.560" 2852 d67858 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3020 --field-trial-handle=1276,i,9130303576058816270,2008309817336430273,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1288 --field-trial-handle=1276,i,9130303576058816270,2008309817336430273,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="560.4.1542273968\126688932" -childID 3 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02256e59-1fb7-4c79-9a08-ecede0b38389} 560 "\\.\pipe\gecko-crash-server-pipe.560" 3880 1fec1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="560.5.539662439\256111129" -childID 4 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f8a8461-b1ad-4392-9991-7e4b618599b9} 560 "\\.\pipe\gecko-crash-server-pipe.560" 3976 20050a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="560.6.1186473990\1688414508" -childID 5 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b4409c1-613a-475e-9979-932f9ffccfff} 560 "\\.\pipe\gecko-crash-server-pipe.560" 4144 20051c58 tab

Network

Country Destination Domain Proto
RU 85.28.47.30:80 85.28.47.30 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 44.242.121.21:443 shavar.services.mozilla.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
GB 142.250.200.46:443 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
N/A 127.0.0.1:49353 tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
N/A 127.0.0.1:49378 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp

Files

memory/1712-0-0x0000000000310000-0x0000000000EFB000-memory.dmp

memory/1712-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

memory/1712-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1712-66-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

memory/1712-65-0x0000000000310000-0x0000000000EFB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FHIDAKFIJJ.exe

MD5 d7d4c1ba7cb0cb97deb3b54bd4c02e1d
SHA1 61dbf4439aabee8849d5a4fc5c02e1de204142e5
SHA256 eecbe3625b58e2c3110438c8fa5bedf7192e7347fc4d0b049fe8358b5bc98cc1
SHA512 14ab4b60dd5bfe9e9f59f2091299b5bea4101663f044667f825444bdf37310e6c3a6015073b0a65d3cb0c045181a3a39c86a3eb333f33b8a5a477fc49127eb9b

memory/1604-97-0x0000000001210000-0x00000000016C4000-memory.dmp

memory/2632-96-0x0000000002030000-0x00000000024E4000-memory.dmp

memory/2516-118-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/1604-117-0x0000000001210000-0x00000000016C4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\b0b0e0f412.exe

MD5 3cf711041254d965f4d100dfd2af83b5
SHA1 567f213eabaf61bf82e941631dbecd518b61d089
SHA256 77e9b3740b0e2fd375cd1981ce2ad2ece335200794fa7eb92d4befee2094b9ce
SHA512 629f3136a6ebacf69800ed96000709c28ac096937c75cacb262394922779ab6cc613dd496e263ac02b41b998daa570771b68fd6a79b5d73fb3c4a45ef0bdb718

memory/1240-140-0x00000000008A0000-0x000000000148B000-memory.dmp

memory/2516-139-0x0000000006B50000-0x000000000773B000-memory.dmp

memory/2516-142-0x0000000006B50000-0x000000000773B000-memory.dmp

memory/1240-143-0x00000000008A0000-0x000000000148B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000008021\b28a9fcd75.cmd

MD5 c1b73be75c9a5348a3e36e9ec2993f58
SHA1 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906
SHA256 a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0
SHA512 fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3

\??\pipe\crashpad_2376_LFKEWZJICXQMDYQP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs.js

MD5 d2b9c06f56dbc4cd0cf0c253df03dcd9
SHA1 5572610dfeae2fe24c57cf0c9f57ba31ac47e5f4
SHA256 cac30d4bfa53561d9708bb7619c7a870429c50cf9d234ee7d389581ea934edd4
SHA512 8dc3d06eb22d35fa116c77a95eb48f0ace8d0804998e42dd0cbe907f953b1aa5dfde188a61492d47ac0cc87c1a005d9471d20604ea23e9bdeffc4eb5be211bb4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\datareporting\glean\db\data.safe.bin

MD5 3d0aebcfaec13636017efb52fa752965
SHA1 e39b8db700c5c4c0c60cc70c472c068c52f6cbe9
SHA256 6c764ab648040d720bc03d12c6d4735dbb46914ba9125192f35b870eb15f8c29
SHA512 ca0b0330b8a936cbfb6a54605d27aa29115c35ad0c78c09c8f3e819855d5db53faa465eff2d25d331b692f859486f7901adc6859123e214d7cb81605420d3130

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\datareporting\glean\pending_pings\e03b7af6-a8d1-4ba3-9c63-c976ad4ee26c

MD5 cafb91afee73e78eb5afa84b06bde79c
SHA1 b03fc68ce6700d30cda4f931991f02939531cf87
SHA256 6b3eb42e26d6f1a3d4130acb64cb7a79fd0a5a57fccb7ba4918b5096e9013f94
SHA512 bd75dca13c3947c0baa235e5dacaed294f119215c00e69dc50e8e7f7f8c675f4649efa4842f384b86e3892363471d40acaaf8f42b62ab574e19f6e09597435e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\datareporting\glean\pending_pings\2acfdf2c-872c-4231-88be-da881be19885

MD5 b431115797de3fc1bf4512e835b22cc8
SHA1 ad6c3d656195f31aaa41d4da6f8aab6515364c01
SHA256 fa8451de55b58e84d179cd09c0f95efd54a473c6490d9ca8e2aa8f6104fc2b3e
SHA512 2691a0841090560fcf4189d6de39af207a224dc0b561560ae9adbf076bc2095ac8cd0bd9112ac7b7f286a06e78260eac154091e367310c2034decb38e6dd1050

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\activity-stream.discovery_stream.json.tmp

MD5 ffc2f722c5b21e5c7d1e8009dbaa0f09
SHA1 8d93b67fd052437243afbf3b5fbefd1e7a036c07
SHA256 1d52ade2ac2be86071765ae68b8e0f3c049afb95df211a95366ac79caedcd0c2
SHA512 61ad585162e2eec108dbf26651c7c28df2e9604e1201472891bf258a7014650d3f39372285820b0a6604531aecae5aadc1c31160141cf7eb5988a29c8e1cf01d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\activity-stream.discovery_stream.json.tmp

MD5 11ab92f2069d350a3d032607cc1d74de
SHA1 fdc01ebdc94fe7255e0fce64e6021618bd6a381c
SHA256 112e497a505b8556dcd4a30fedb4e48e7c2d95815244d2a451d3c7c0b34b7e66
SHA512 7cb2347b634fb4be38a22c19bf5ddf6164487db0c393b60077ac22e72eac7a4e120b93bac890d304eaea4f6ce9ac01d82c83305e2939366613bc7b159c786e1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/2516-375-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/2516-387-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/2516-388-0x0000000006B50000-0x000000000773B000-memory.dmp

memory/2516-389-0x0000000006B50000-0x000000000773B000-memory.dmp

memory/2516-411-0x0000000000110000-0x00000000005C4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1cf79a931d6a44210dd59517eb9afbae
SHA1 84a7f512bee64bd22bd48616a4ea11abfa17980b
SHA256 0362285c3f13184b2af208a6a39e0f5c6213715af60fb10b6551c15e44ad4855
SHA512 728dcb2fcaea6e133a36e99a8849409c864b28943bcfeaa3aeff9f3a779a36b3d95e0445c62908e5e185fabd4242227c06c6ef8aeb7a408a49633dc1e8b8a4e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs.js

MD5 a0d7aff5a2517d3b3bace8ef7303a54e
SHA1 3e38bf65f621e6fba8674251eb58b6a5ab644c64
SHA256 f133696822959b11c7513994d722229e073b8a3fe8c4d85f1e668f2cf3999e61
SHA512 b14ac1789eca21d0cf058682792fe6a00a0ac6211f10d3ded4735aa206cc2e4e8b100ff9e9a56e1fa49886e580821951a9bf51f476c58ca3a12e52ba2df3051f

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs.js

MD5 8b156c78b405bab1277060eb360a3f5a
SHA1 796285d6e31751ab762ecc004de010870b2adc0c
SHA256 d19f856767fbd5ebee956b49af4e46c48301c0630ef202f722426cd0538362f9
SHA512 4874897e6312cb75e423070b35b080658eeb79657e90e9c76df290e70ca06d995ba486f3df8ce8ade9d809368fa5f29fc0e08a60506fcaa6382ef561f4376289

memory/2516-498-0x0000000000110000-0x00000000005C4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs-1.js

MD5 7e5b9e6ac8dde22c82c5e00619010e44
SHA1 753430e5205bd3c5989308729893a72794cce6f0
SHA256 f1f48ae42861d2192b318ff51b552415872d5463580ecca05664b81186c7b99e
SHA512 30bf8c9e673af34834cb44868cd50d5e99eddbd4eaf13970aea8673715825c891853886e78f56d1db8c758b7e61b9c860069d22be290ab66f1aa287054fbd0aa

memory/2516-516-0x0000000000110000-0x00000000005C4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb5050a579d6f0f15c07cedef237430f
SHA1 c0aa2333ddf8b72cc44986ef9b7d4f6842084bfd
SHA256 7ff5bd90f7487f60da98f422ba326b818e974e5b762ab5cca2b5937b9061b9f7
SHA512 755dd0d9faba228ec2d5c6c5d6ba79f9c523b764c4d2ebdecee1023e851f89c6f2ad7588cf1067f32738e7bf29139bc16c8d899b0fd3f21995f990c82653df14

memory/2516-524-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/2516-525-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/2516-538-0x0000000000110000-0x00000000005C4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c67e3e417011fc5bde9640c7991c6d37
SHA1 f3eee92a9af8646bcd51b86dae70291ccce0dbbd
SHA256 a83194360938bc680191178e81547baaa2527a361db55b83d234b683e8d27b87
SHA512 64c95d1a2a38599e89e1610fba130bf0865e821e9c4030d5db6615c2dd266263168b59b35ced6cfbb276f07b5756226d8d6880de5ae1be5490f2ae913edb548f

memory/2516-551-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/2516-552-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/2516-553-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/2516-554-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/2516-555-0x0000000000110000-0x00000000005C4000-memory.dmp

memory/2516-561-0x0000000000110000-0x00000000005C4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-09 10:55

Reported

2024-07-09 10:57

Platform

win10v2004-20240704-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\file.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\file.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\file.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1636 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1636 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1636 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1636 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1636 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1636 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 1864 wrote to memory of 592 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe
PID 1864 wrote to memory of 592 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe
PID 1864 wrote to memory of 592 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe
PID 592 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 592 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 592 wrote to memory of 832 N/A C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 832 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\7059302f9f.exe
PID 832 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\7059302f9f.exe
PID 832 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\7059302f9f.exe
PID 832 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 832 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 832 wrote to memory of 5016 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Windows\SysWOW64\cmd.exe
PID 5016 wrote to memory of 3308 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5016 wrote to memory of 3308 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5016 wrote to memory of 2056 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5016 wrote to memory of 2056 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5016 wrote to memory of 644 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5016 wrote to memory of 644 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3308 wrote to memory of 640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3308 wrote to memory of 640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2056 wrote to memory of 4368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2056 wrote to memory of 4368 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 644 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2236 wrote to memory of 464 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\file.exe

"C:\Users\Admin\AppData\Local\Temp\file.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\AFIIIIJKFC.exe"

C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe

"C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\7059302f9f.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\7059302f9f.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\7e70dee468.cmd" "

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xec,0x114,0x7fff7b01ab58,0x7fff7b01ab68,0x7fff7b01ab78

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff7aec46f8,0x7fff7aec4708,0x7fff7aec4718

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.0.234417877\1230852461" -parentBuildID 20230214051806 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d358fb63-00a3-4195-9adc-befd44651b9d} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 1848 1c9d7c0c458 gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1924,i,3081959287391782445,4751556513634152914,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1924,i,3081959287391782445,4751556513634152914,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1924,i,3081959287391782445,4751556513634152914,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.1.198315614\223941531" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f216c5a1-8534-4e8d-838a-dd9935aac1d9} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 2472 1c9cae85358 socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,13155770526023824796,16042314898150948855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,13155770526023824796,16042314898150948855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,13155770526023824796,16042314898150948855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1924,i,3081959287391782445,4751556513634152914,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1924,i,3081959287391782445,4751556513634152914,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13155770526023824796,16042314898150948855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13155770526023824796,16042314898150948855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.2.982874894\1986859591" -childID 1 -isForBrowser -prefsHandle 2892 -prefMapHandle 3052 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 948 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faa29319-180b-4b6b-ae96-4470878a3144} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3040 1c9dab1f858 tab

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.3.663809896\204855298" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 948 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dc4fb3b-d44c-4527-9248-35d8ab1aff8f} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 3640 1c9cae74d58 tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3528 --field-trial-handle=1924,i,3081959287391782445,4751556513634152914,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13155770526023824796,16042314898150948855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.4.83342716\175103175" -childID 3 -isForBrowser -prefsHandle 5192 -prefMapHandle 5232 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 948 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e08973-92a1-4a75-bebc-5e13cdc8e251} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5208 1c9dab49a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.5.618891605\1227261142" -childID 4 -isForBrowser -prefsHandle 5432 -prefMapHandle 5428 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 948 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9fad1b-6e63-47e1-b9fe-c5760e06a747} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5440 1c9ddfa4f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2236.6.1299253304\1923856152" -childID 5 -isForBrowser -prefsHandle 5624 -prefMapHandle 5620 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 948 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f49ff7b0-b403-4e5f-b4e9-e29eede898e6} 2236 "\\.\pipe\gecko-crash-server-pipe.2236" 5636 1c9deaab958 tab

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1924,i,3081959287391782445,4751556513634152914,131072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,13155770526023824796,16042314898150948855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:2

Network

Country Destination Domain Proto
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 44.238.192.228:443 shavar.services.mozilla.com tcp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.200.46:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 216.58.201.110:443 consent.youtube.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 228.192.238.44.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
N/A 127.0.0.1:60864 tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:60888 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 199.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.46:443 google.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

memory/1636-0-0x0000000000800000-0x00000000013EB000-memory.dmp

memory/1636-1-0x000000007F830000-0x000000007FC01000-memory.dmp

memory/1636-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1636-76-0x0000000000800000-0x00000000013EB000-memory.dmp

memory/1636-77-0x000000007F830000-0x000000007FC01000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JDAFIEHIEG.exe

MD5 d7d4c1ba7cb0cb97deb3b54bd4c02e1d
SHA1 61dbf4439aabee8849d5a4fc5c02e1de204142e5
SHA256 eecbe3625b58e2c3110438c8fa5bedf7192e7347fc4d0b049fe8358b5bc98cc1
SHA512 14ab4b60dd5bfe9e9f59f2091299b5bea4101663f044667f825444bdf37310e6c3a6015073b0a65d3cb0c045181a3a39c86a3eb333f33b8a5a477fc49127eb9b

memory/592-81-0x0000000000D00000-0x00000000011B4000-memory.dmp

memory/592-92-0x0000000000D00000-0x00000000011B4000-memory.dmp

memory/832-94-0x0000000000640000-0x0000000000AF4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\7059302f9f.exe

MD5 3cf711041254d965f4d100dfd2af83b5
SHA1 567f213eabaf61bf82e941631dbecd518b61d089
SHA256 77e9b3740b0e2fd375cd1981ce2ad2ece335200794fa7eb92d4befee2094b9ce
SHA512 629f3136a6ebacf69800ed96000709c28ac096937c75cacb262394922779ab6cc613dd496e263ac02b41b998daa570771b68fd6a79b5d73fb3c4a45ef0bdb718

memory/1120-110-0x0000000000240000-0x0000000000E2B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000008021\7e70dee468.cmd

MD5 c1b73be75c9a5348a3e36e9ec2993f58
SHA1 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906
SHA256 a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0
SHA512 fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3

memory/1120-122-0x0000000000240000-0x0000000000E2B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f060e9a30a0dde4f5e3e80ae94cc7e8e
SHA1 3c0cc8c3a62c00d7210bb2c8f3748aec89009d17
SHA256 c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79
SHA512 af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

\??\pipe\crashpad_3308_ENPZREGRBDPQTNLC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js

MD5 4f22047ab79aac224980422b74afd18b
SHA1 22fbc65d775d4aed52b3b03698486bb368b2bf75
SHA256 c7f90fdc6064c77e7fe9e4f9b5a468639473043be532dbe3e4931376d1c9896d
SHA512 c1247701aecf66a0bac347a46da8b3ec821ded0b807ea4d6dd96a2aa592ec927a82ead5b9ce06e3ce3d453a55764f669701dd7fa69a021c2255eb0a95d7fa587

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a27d8876d0de41d0d8ddfdc4f6fd4b15
SHA1 11f126f8b8bb7b63217f3525c20080f9e969eff3
SHA256 d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe
SHA512 8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 877ac6be1362012b82a53db9b12348b7
SHA1 20f48ffd5e00fcadbec3df8d84b787fd49bbe4ab
SHA256 eea46cf43de8df8bf32e223f3a7ba5e1fabbffcb0bd8be94b54262648b723c56
SHA512 cc8ba5c65650da05c14e33e8729847acaa91094d9ec1e0ff7721e89d86501e90f6504cbe826ab75b2aa688adc7897caa85b881eed488da633c59f5eb2ef7e630

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\activity-stream.discovery_stream.json.tmp

MD5 0afc2e7b18321cacca4db8022db6c6e2
SHA1 13a4259a1ac4e78b7ee567493ff139950b049fdc
SHA256 e9a854bf4ec9eac246426cc2d818e4f7fafc2c9463b10f907e1c1fe75e45a38d
SHA512 85e04c7d3201c8fbbf8be212d672e18530b82f1a42dfd4b7ecd99ec9baa21b8b5ae159896dc2148d6948993614ec399464d0e2b37b9bb7aef8207e18c5150e13

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\activity-stream.discovery_stream.json.tmp

MD5 9b46c5aaa277bd26b5e70bd051893173
SHA1 6fc1ec63983d2fca69f1148007847c63e517ed47
SHA256 bf2ca462943b068de93eb2b2942da08f2e099d2e3e629034bfd4e4e3868daec5
SHA512 327e1a6ceab7bf488b6c4ade1aa9cb8dcc400937252c168ee0f54deef8ad34de7a20c1a8e86f05eb992a71b4df28522bacc248b938a7fb5cced38707abed4173

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/832-267-0x0000000000640000-0x0000000000AF4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 51c3c3d00a4a5a9d730c04c615f2639b
SHA1 3b92cce727fc1fb03e982eb611935218c821948f
SHA256 cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f
SHA512 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 103d7813f0ccc7445b4b9a4b34fc74bf
SHA1 ed862e8ebd885acde6115c340e59e50e74e3633b
SHA256 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b
SHA512 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c5ccdb45832ad979cbb97832e676e27c
SHA1 7ebe8ab0375a84a9c3d0e766f12ba15983c54057
SHA256 123e3ec198c51118d19422d07e96cba03613fc4ecb1bf2418488affed6fc8215
SHA512 d565934168759343d39dd9ae51eb7e8721e8c3109e60ced4ab16a4e24a4df5b3882f19fad8b37be13295153da68c8618ac274036f9a31d1b26065ff7ba3fe1dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c6bac95978381253bcbada97565810a
SHA1 d528f0c2c38d3b517d4d41c8ef35509146d9a54f
SHA256 c9abbc48e6b0402333ea713c14b195d95dedc7e5a15be088ec99d711e27a97ea
SHA512 9eb012feeaa3c046858dcc3600f7123272b1ae508ceb80de11f32c4a1ccdf52d8851ceba23800e1396bac69226eaa1b328adbcc52e93c6c6f69660f9c10da0e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4a104e33ea4a34a487446dfb69dbd469
SHA1 0aba5f9ea2f726c4b1a33ca32e4949d7ef73310c
SHA256 229b0788f962103422749a7961b49aedaa5c9de36b43f2d111fdd7f6d902dc5e
SHA512 f80f3a4f19b8f8934fa313052a0e1956cc247e6db5082d83b0bf712b3be0331d42e3680c69f3a204b371f11f98bbc73384ef30fc863595d2235ad9ee59bc1294

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 77f582a7342bda068075caf5c193fefd
SHA1 5742276551f452b3924fcb77482736370b059a5e
SHA256 6ccc790e5bb1b8d435ab1e39da93a74ae38eb62a4289caeaba8ac25bc5e9bf55
SHA512 b3df5d051740e8fd7df2e230538263bf85629634d227c4eae1893644df09a300969f136e241ad9c5df26781cfd35a3c44fefee3474d7dab436d24673e30ae01d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 29148bb74f5810a7b0ae30feaaf3897e
SHA1 60119e35a7bcf3404b651eb792130e128d74dee5
SHA256 3f57c61dc3463f86a139dbfcfa0278dd7bdb43bbd32e727dd2868cbc39fbe1be
SHA512 8cf2e727b5fd950332789a6d470c39bbc2b79e5e2ffaa57d740bbe7cf67ca599c59aba7caa0146fca6aaf7d34cb47a54ccf09228d8b4f61792b153e17b2c4f1b

memory/832-347-0x0000000000640000-0x0000000000AF4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 41cefc175b93ea64a22cd282c2ad4c3c
SHA1 7e06b2c04967e39a62fee18e9ed83e8fe1cc5820
SHA256 37ffe0371d7b01d3b0a71f85daa9ffd47fc4a1aa1019cbd39efcaf22e23710e1
SHA512 b97be695695cc69d56d662c20c4c48d4f1117c27f5b7789f7c34d9036cc0a595409ab169cdf59b1b3639316d9564135d3457f1c35229c9f4ea7a51ef0169cfde

memory/832-356-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/6716-358-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/6716-360-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/832-361-0x0000000000640000-0x0000000000AF4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6fc2f92faafe5429a7ff658f34760c0a
SHA1 855e980775bd9578a5036fe6e372c142f2812cd0
SHA256 3773dbf5eb3e18418226f8a2980ad5ce28227f638c5fb987bd93e2c6fda4bf4f
SHA512 8f102f3dccc80542e41e3a112032ca23e0738820c1d38d3b767aee59280ee49be7c30ea8d4ef59e87049508bd0fea4730718f06644458d521087741c7de3534d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e7a7daa71e8f0c1aae99f365a66f7ca
SHA1 5d88e756b00ee9ed6cf8fe261f60040fcdd87320
SHA256 1c9ca228bb81a97e423e05c238d4558a74b04739068415fa06be62659a957702
SHA512 73efb563ca093d5b9228756d88e9be9fd3820457d482fac1d9c0334d785280b54d3e01f5ca6304f830a1c66b568675d1913a93c31256c7a152c44afff0861d91

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js

MD5 3d4c61eb1ed2696c20702f836c05064d
SHA1 72af8b0d3d02e53cb2ea084cc5f73b8c44fe548d
SHA256 6517d1bc27c612694949576928141e4ca7f949796dde1a61e95ad33242db4e96
SHA512 a00e78974123d6543e926faee23f62f305837327549282a306d8fc71c79d5bf089015a608bf084a6e02aa88581291e8a470ca74c0ed8790fcd72f71b02fe62e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 fc8d55c9e0f7eddcab296524eedb3627
SHA1 52e4333a457c3e18c22364983cb2dacbefdd570c
SHA256 ff0513468e13e90b0127c15f6379136a739d332bb08690eb1e31b223ffe5b4ac
SHA512 432737d7c36b8ff1ee9c6414e1c3bc34aef19e2480e6b202895996fee33392344319477f3fddb3ff661e67047bfc29e5d485a2ec97796bc3793d327e84c91de7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

MD5 10cd21826b5a65df9d77b27408ca01a1
SHA1 6d457f365898c8fd51f65a579722ccf1c27ae1ca
SHA256 4a6312152503fd2576d1ebc70f5305d826ef6914f896877799a999f46a99d4e3
SHA512 5a3904a074579e8f13202207751c737b3799d8027032a446ccc6cc56f8f0404d50f2883b709dca905b8a6874b9e0e5d6bff7515719f8054d5b28f1a7adbf154e

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js

MD5 c1aaa583722e4b8f56b6fc0cdb69adb7
SHA1 95e9bb7090584f78a2601901fc820c7e925f80bd
SHA256 f8d51a1b80016540b5d8f8facecb726255b05400dd9d40eaeb7fd565a9a42532
SHA512 e160a692d3430ba0d697b81221ee3ed81c166fe61839f7c139f356e92019d42af90a684fed88f5b7a512eb7399f318354f5adc12da3908ddecce540d5b0b8603

memory/832-918-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/832-2090-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/832-2392-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/832-2413-0x0000000000640000-0x0000000000AF4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 73338746f3ca91191a84aa8888d72435
SHA1 408d7ae19f55f0c5b8959d7bda3ecbc88d521e75
SHA256 a886d23bb359f4538bf1cdcf70a894136e0138b5a2eb8ede5a3c069e56378b17
SHA512 37cc2ca3b2c07f77317101d17162b748831b684564120e43a5d01f38505d0980e16ed55f18cf9faa64e8459e62e040e2e6ba02a8b7355ae789747f5e26a40de8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fc5eba636f1be642fa5a8ff7d963a9c0
SHA1 5b1a4cdd85d14d5ac773468a80bd74f2b48d690b
SHA256 79ea1e1ce9122011526c2003f050f80fe117385b3fc07c45ef77eb92080ec30f
SHA512 abe7613d0306fe67518b675e8e68af4961bf54f375736b987b99006805f09fdd79ec677d877c77dd83b49087e801391513cb42af9f238d5cc50b53251f9ac17a

memory/832-2442-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/6188-2444-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/6188-2445-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/832-2446-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/832-2447-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/832-2448-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/832-2449-0x0000000000640000-0x0000000000AF4000-memory.dmp

memory/832-2462-0x0000000000640000-0x0000000000AF4000-memory.dmp