Malware Analysis Report

2024-11-13 16:46

Sample ID 240709-xcdrtayfjn
Target 1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506
SHA256 1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506
Tags
amadey stealc 4dd39d hate discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506

Threat Level: Known bad

The file 1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d hate discovery evasion spyware stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Loads dropped DLL

Identifies Wine through registry keys

Checks BIOS information in registry

Executes dropped EXE

Checks computer location settings

Reads user/profile data of web browsers

Reads data files stored by FTP clients

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-09 18:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-09 18:42

Reported

2024-07-09 18:45

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4988 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 4988 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 4988 wrote to memory of 3504 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 4988 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 4988 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 4988 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 3504 wrote to memory of 400 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe
PID 3504 wrote to memory of 400 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe
PID 3504 wrote to memory of 400 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe
PID 400 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 400 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 400 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 996 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\e00762e369.exe
PID 996 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\e00762e369.exe
PID 996 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\e00762e369.exe
PID 996 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe
PID 996 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe
PID 996 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe
PID 1920 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe C:\Windows\system32\cmd.exe
PID 1920 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe C:\Windows\system32\cmd.exe
PID 2760 wrote to memory of 4688 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4688 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 4372 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4372 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2760 wrote to memory of 4092 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2760 wrote to memory of 4092 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4688 wrote to memory of 3688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 3688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4092 wrote to memory of 3616 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4372 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3616 wrote to memory of 1480 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe

"C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CBAKJEHDBG.exe"

C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe

"C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\e00762e369.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\e00762e369.exe"

C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe

"C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D4E4.tmp\D4E5.tmp\D4E6.bat C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff81045cc40,0x7ff81045cc4c,0x7ff81045cc58

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff80d9246f8,0x7ff80d924708,0x7ff80d924718

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f7ae15e-7121-41f6-a5bc-3b2385cf806a} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1612,i,16318576986073009351,14046111307636611108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1608 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2168,i,16318576986073009351,14046111307636611108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,16318576986073009351,14046111307636611108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2464 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2384 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abdf4bca-bdce-4913-8794-fdf3c824c35a} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5813298789520994140,15902128619577755539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,5813298789520994140,15902128619577755539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,5813298789520994140,15902128619577755539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5813298789520994140,15902128619577755539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5813298789520994140,15902128619577755539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2948 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae288492-f0b5-4ec3-9033-d4020932f4ab} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3516 -childID 2 -isForBrowser -prefsHandle 3044 -prefMapHandle 3704 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15c26210-e76a-4438-ad7d-0fc47d2782fe} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4260 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4276 -prefMapHandle 4300 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcc5b414-f77a-45f3-bad2-4907f47150e8} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" utility

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5813298789520994140,15902128619577755539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,16318576986073009351,14046111307636611108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,16318576986073009351,14046111307636611108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5356 -prefMapHandle 5352 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59eb57e9-0cab-489d-b4dc-2c8863c3e35b} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 4 -isForBrowser -prefsHandle 5484 -prefMapHandle 5488 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ffc5d16-7b29-434a-95ad-09e028f6d5e1} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 5748 -prefMapHandle 5752 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e16cf6-c5d3-4efb-9649-b935d408a698} 3616 "\\.\pipe\gecko-crash-server-pipe.3616" tab

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4628,i,16318576986073009351,14046111307636611108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5813298789520994140,15902128619577755539,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3756 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 172.217.169.14:443 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
GB 142.250.200.46:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
N/A 127.0.0.1:55024 tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:55039 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/4988-0-0x0000000000CB0000-0x0000000001895000-memory.dmp

memory/4988-1-0x000000007F840000-0x000000007FC11000-memory.dmp

memory/4988-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/4988-76-0x0000000000CB0000-0x0000000001895000-memory.dmp

memory/4988-77-0x000000007F840000-0x000000007FC11000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\HCAEBFBKKJ.exe

MD5 8bc520e6b221e7998eb73c10c830fbd6
SHA1 8a825403f8bff789c60e4dfb67ead847c957b0d4
SHA256 506ecb56dcf6b280d4f553a0fb009ba1760251e411916ab715701b53ae8fe943
SHA512 58d087c499275776e155cb38782f3eca9bdcb516a5707023eb60f31e99ace240076f59ce0c1fc8b7c7382583edfa0f29a68fde23c891a6f0d28de0d3703c94d6

memory/400-81-0x0000000000DF0000-0x00000000012AA000-memory.dmp

memory/996-94-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/400-95-0x0000000000DF0000-0x00000000012AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\e00762e369.exe

MD5 b6bf96c3900b28a9970323938a1752bd
SHA1 fff9ac5ee2a9849759bf02538f8a431738a894c5
SHA256 1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506
SHA512 475848394c20823bf0c05f3d66ff27422b22670babde769f936791881d0da800cadf3ae08e0e99fe0a85abeafaa072672575d020de9267d87142047c1e1033ec

memory/2904-111-0x0000000000BB0000-0x0000000001795000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000010001\5dda12ecc2.exe

MD5 bc08b445116ecc06852a929a5d302c4a
SHA1 a78aa42220b90d47b4cf63119e6082f06b295f57
SHA256 5b232254dd2d33eb576516116977c884fba81d5a8427f742a73655f9e076efc6
SHA512 657a21d453112fb909be4005e0cab1ebf467840e275a159eb535b486432ffa0bfcc60da92475b26f08a0ea481c927654520a43163e04e34324551cb3bfd69fdf

memory/2904-122-0x0000000000BB0000-0x0000000001795000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D4E4.tmp\D4E5.tmp\D4E6.bat

MD5 de9423d9c334ba3dba7dc874aa7dbc28
SHA1 bf38b137b8d780b3d6d62aee03c9d3f73770d638
SHA256 a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698
SHA512 63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 10fa19df148444a77ceec60cabd2ce21
SHA1 685b599c497668166ede4945d8885d204fd8d70f
SHA256 c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b
SHA512 3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

\??\pipe\crashpad_4688_SGLZWXWBJNQMZYWR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs.js

MD5 a9cec187d2c5ad25ca8ffed106a488cb
SHA1 a3220ef64a5996e5f82c657950502ebebcdafb72
SHA256 eaa6094b803b75b78a262853affd1f96e43408724c791f5245945e4e24939543
SHA512 4d375e95d53b46dcbc1ac48e870dc5a9379ac23a888e7a23bdd4e116194ab67a4dd60fe3fec0b78603087f830631d442425276bd84c69eab1ce2ddd5ec1812a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 75c9f57baeefeecd6c184627de951c1e
SHA1 52e0468e13cbfc9f15fc62cc27ce14367a996cff
SHA256 648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f
SHA512 c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 af364317b6e104d2f77545d233b0e3b8
SHA1 80dc21039537c7fcff36fbb90bc3e17acfa317fb
SHA256 690201aa0464bce92f476d61b504bad2453ee12bcad178750ae90372a8333c44
SHA512 2d7473edae36247bb622c4d2f466464e3e793cbefce1c3d5d36f943b29e6b809e307778cfa14effce832113591a3718d0a9e1119626b8bc2c4a237dccf753943

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\3e5e03ec-759a-46fa-a8e6-a734b4c99729

MD5 98fd9217b48fa708f600d73564e69009
SHA1 6e898be19a9c2386a354e36ba779878476349e2c
SHA256 a54640948684f40e730b5cd505d100e0064edec1ffeac585b6e2039422c4dda0
SHA512 aa5a8eaae9aec251e5d8d5a33360631136ed77b09a0c6742df09b6d6b9f6da0bc6818074f85ccd78f28284573e4641f5bd7f286b60640e087baaedd6d0ad9e91

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\pending_pings\ee5c07dc-fe2d-41ff-979e-1130c9d7adfe

MD5 d2ba83cb2840132a19bd8686c52bf5e7
SHA1 e8f5670fda3c38c856033458af5596c719af1b85
SHA256 678cf189b4adec9badae41a7f6ea236485754346e5587ccb50a6b1c54ed1c05b
SHA512 a944d4fb80e50580cd41af3c0bfc1c7c54259e6e8b9889ca12f61308683f8852b214dd7065624ba4a4cdfbf6d870b5fd4d5360ee4f6d332fff4f750745c6f915

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

MD5 db3f1455941c43e7f2b3d37d58e87c7f
SHA1 7d2e9be888fd3db625893b67ec6ccbbe44df0df4
SHA256 b4dfaae1c300ead883e188a1e3b559e72c6930cd3dd353ead9803830435731a6
SHA512 8dd3346bcb4c9790e8b38e8822a68aa0b0a567d491e0285e1e6917cd6c0bd242cb18d29c5f041de735f85bcbb9ea5a5be9ef3bea6443d05d210c0dd190381e77

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\activity-stream.discovery_stream.json.tmp

MD5 d503f9a7e370491f25f26f25f326e7c0
SHA1 8be7f1650779a5d2cd4288dacad75498239a5f8e
SHA256 4b1b431b2ef840e9702fd06d8afb47b51eaa352f329b8bc4657c3e432fc78242
SHA512 65e16f1e9d36fc6ef0fe6f2c80cc812064d58716a201777ceb37a3696ac5b7201c74969e3500c5ce2da19d59f23c18d1e3a0819c2465472269c4d0b20468ba16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

MD5 83b1d2c983f19c5f2dc884ea3464458d
SHA1 423b152086b56a8e7a35a0ce14261928456aa422
SHA256 7f10dd32a5008c8082542955393c7962228ae92f8101ac6db81289775985b480
SHA512 d949dc440479619fcba20747b2a505a532b0c2534b4cc03291d479f52903cbcebc46a98487728cb2e9d73c96303de5ce9b119bc4873575c60d7b854b9c9ac34e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

MD5 f3ce800fce6d376467cce97b37624157
SHA1 4ca87a726a156bdec5982730c2c6ec919d1e98c1
SHA256 6ba7f2ead92e4f1d82f6093a3d2390f4f35626320ea5b4a713d968f4927b25a6
SHA512 ecc020d0c0fba0182b3f346a3ca02b2e03c6830389de7297f0a7739eefdd352a37daf4e42eca2a671a370d1a28159ba02f89c25aaf5f25e83bfd0d0c2c7e0c12

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

MD5 e1ed6c15f1ad9d6e45e610a862fa11a2
SHA1 2cdbbe33c34184138a1b451dc51e049d4014e3f8
SHA256 107521cad7c61afd195df4ef15d742bf89923f8748ab74be1e7719802a8b5bfd
SHA512 aa7dde9557b99b0aaed7a170b8344f1f8bf65a9e4d7234ff39ed1d643fdccaa302074820a2b8700086d22f76b01fc2f27775afc5217bcbcac2927eef62bf3980

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\AlternateServices.bin

MD5 4a0870cc19525c69219d3ff1fb5b1d41
SHA1 50d25f4be5241dd071f47797849f273078a66091
SHA256 018673058b2ea2793f7d2bde04c6dd63ee23cb84095d3b3ab1d1159b01145ce6
SHA512 5d67d26b28ad1bde8344d17e2541f641d456fcfa42b9818c9c02c9bfb0769da3b60ee44e860b23106a9ba99b130f20b179ea65070be0fcfcc47f459e7e2278a0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

MD5 ba3c13b09f24d23c5ba76a45f1c57567
SHA1 9aebc7af4efbd8ba1777c3d5209b501b936ae30a
SHA256 cb2a9f24fd4d50c95909905e69ecc4f1d1fa58aa066118d2bb2fe88c6223caf9
SHA512 03af78b9111bbf9758851728c279536212a765ee47d9c6818b9b2be4f29dbf6088dcb42a9da8f8ad0e7b1474d7ff26d5cf7dc7bd485caf2bb45a0014799b1fb9

memory/996-486-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3aa6e31c125d83fb2eabcc9e33843dd
SHA1 ad91b78e1a9853ee876b77b82f75100ff5690d11
SHA256 c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4
SHA512 897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

memory/5240-556-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/5240-563-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7cf0b10c05339123b442a580834ef231
SHA1 406f95c12dbacd2709eb8bb2156d90accc8f8a2d
SHA256 36d32960d5fa6ccf51c9d20357da95c41dd76a18553e8bbc86ecea27d4c3da3b
SHA512 18bd4bda510f4826b32661146fcf72701ce21b1268b7d33c40116bb10d813e88c042e31bcb86837b3f5916ab9b17f7352c31d6a5f1b12bc884d1c5975d87248d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07eb6ed88340759ca0354e8ec9ecfc93
SHA1 a97514da40a656a2834ecba9a1f3bc7cae531731
SHA256 e40166b9928d79cb22435ca1228ab1a6185329982e2d067bf94039c83e9ac560
SHA512 693829eec11b66626b6419efc713c0bfd5ec955100211c27ed4eeb59281f792776f63a8dee151235e706569eb2477b867e9ee3459e96b1462d451d5b99c4a899

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2c148bd0de3122e8d03764c5d334349c
SHA1 62539cb61eae9319a8d7d005c45ffb64202f1ed6
SHA256 ba9d27350c9e6564c3520c52e8e76fb836b1c63eecce494a2b1b5192ebd50064
SHA512 4a5b2de7da7c4af1ac795ef3715f468214d76072284ffdb4a993a6a42a1993e114f8f6ab60ec243fcb935b381a7f23133cb0e9f257a6a8bc81ebdf209d4061f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 550da5d08f20416bffd1f1af1d8eec49
SHA1 08ebb3960972d1cbfd22a9e28335ddda820361ad
SHA256 8ce94dd6f9f0b379f08b08b40566988e447a00b2762c941fd3247c3dfe5c0ec8
SHA512 7ddea71d7ccbff056ffc06cba69f8d102cfe5da87280deee1d2c5f2af69e58e8320ce2384573966217a41f6c10e0217cb9062ae6d96c1f6fd345d0972f3e3a1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4d6ba5314247dd4b54e607fa2e98267d
SHA1 ed3b8db52c2051c88eed0118b0f82f6625dcb8f2
SHA256 1691e6c1609a603939dd6297da77ab4c322d232bfcd4ae973eb2c618cc2582e9
SHA512 a78a2968a89ced10af6cfb43b54b9f83dd9f4173179ddb355b6be1ee5011dd3c0be1e4e45e0354b1f2c22f2e207f61d7535beb7ce668db838bd77e67b440af90

memory/996-601-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/996-606-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

MD5 16d6aa0d285dbf388429a02fcb28caf6
SHA1 6bedfde1d68f87cbf8650e87afa8e2cc59eb425f
SHA256 5679089e1aaf0bede9e0713714749c8866d75a49a7e7642bd399a77eab19c2db
SHA512 edf9e5d95359c4d350bc4ef43d3654debb374785881976bf3564ceb33bc3a20076013a97ff4697030e3cebbe1e4a9355a63bd04eabb21a039fe6d6a3c9eb3be8

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yol9faaa.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 75e15c350300b512df55d5e35966f3fb
SHA1 519876e91f714e338a75d674e30804647b90d17d
SHA256 2acd16e711c8671e46e3f61696cf5c5d54cc488a285f4630a0b21f3578374b49
SHA512 79fa33aeb67ce7d450149acf4a32c18938283d7ef9b2f5372a8a447bb463522a17da093fe22b95b87845cfe97e8f6b0ce634ec8abbb0931804b5227c3c50467a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

MD5 e7d2d5e5a53027cf6fe6e602772c376d
SHA1 38c0d58322c712202fb39ff9ba49d4b9b53850b9
SHA256 f4cc85c2df891f53cc698caacb4a92b6290a3b319fc8456c4fbac3dff2f4cb18
SHA512 a90798d72ff05526cd934fb6904c4b681801f641a6c96f45c4ea1f401154dd36aa079273721152f0d9f178317b5de34ebbbca2c3b0f98c71f3a17e35e70d8d8e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 7e5af55d9a4fedd59905b93781ba9ca9
SHA1 e48b7d5d1232c437607de57e22d2331a60aead7f
SHA256 52451c0de95bcec420892be4d6e035fbbe197baf2956d381eaa203742ba47a4f
SHA512 f808b483f0242e0930b4aacef38e419c17f1a9991ddb7a9da0c88ee9779d63288b8358dab193d506a0faecd906fe599539b1a7e0a40f8faf83f8a527c06ac41b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\datareporting\glean\db\data.safe.tmp

MD5 ed41a9e5a6ed75fe1daa2dc48ea78007
SHA1 b877f7e5323bb3b72349e2476960e355971e99fb
SHA256 6cc6dbbf1d276dd7cdc068bbd45dbb16f493bd0dc16f7bed8d33216ff156a012
SHA512 cbe0ca1ff31292aa2f193f3e13db100c5c4811bc13b71a9ee3ac9196cb699d4b9a0ce0b61175932e47fbc66bc1323334481bf34882d11ad20f0bbc4d69b79dd8

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

memory/996-770-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 042dbc3086b4700b512b634921b0d4da
SHA1 73551f72d2fc57cb14293c276d6b781fe7f619ad
SHA256 d41970d5d2e93651001ab301ea2241529e6d9cd845a959d07ac34a4f7730af55
SHA512 99b1b720be94d978825ad9404bd221ca5bd8be4b8ff8ac67546e56ceb22a0ebdaf25a18a4d55ff563a0e1e3d2cff08f86d20e9fd1f1d2e8a577f786d3936f004

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 24bca0fb5d69252cf5a02732e7856c46
SHA1 5701c48dd562f4ea886f4c20364b1e376bd8ccb8
SHA256 5d5409492e637c0c0881f72f8b6654463647927129e50b1de3e06597b460bbd4
SHA512 396b21a90fe5b537b58a51053c79d11c0706a1656de98789cc3ad7f770103878e5041bcc199ec535ae398c4f4beef7124fe8e329c38b2c45caa332ff5bd12edd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b19ccd255ac0314cc9f26d4e63248eb7
SHA1 fc2abfb884168ec9ad2b0229e587c2274fd5ff4f
SHA256 002800d495b8c8450dc2bc51735e96b93d7ca0d2c9f6dc091f055bc6b5406ef2
SHA512 04dafbf7a37f1ad77afbd38c5c2cc77487424ef9d45cb6bfef0a806d662380b399820835fee5883184806814b48d08fcc81ce98d5f7e2c500335a7026e977a04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yol9faaa.default-release\prefs-1.js

MD5 76bff253ddaabc098a7534216294ad5f
SHA1 adc8ab682125ee827378f55d826e8ac95d39777e
SHA256 bfeb395ed0bd0ecc4290610fdd39c85bef5a09d07d400aedfab7db5db73acb37
SHA512 6792ebc3841c08d4be082641d35bb9e2da861ef0f923ad62794fb8ee276427ab7c071cc3dc842343141d9fad3fcac89ca9f6af87e3407ce5544b6e0db2f7511d

memory/996-2816-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3038783851395a9a5273f62bb4337b50
SHA1 e18ab7a488b405b1b6d1612e178f08d28afdf3dd
SHA256 a82103efc99c3ead20bbedae8fe265828e96713c093440433b311d059b43062e
SHA512 905ccfb3a914ec1295a5da3e80c6109fa18dac056634195a5a78ed747788609489745d7ac254e1e658cc55add689ecb1da7975a46e5434ece7b00e1abc8d5af6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e2f344b2007088f7e6aeaff48c14e035
SHA1 64bf2e25c49d41bbcfb661dcbe427c04cab5f559
SHA256 22fe121e3eee7725b0e5f881688a374bcc008cd007e43fe284f855645c5642fa
SHA512 cc2937ad3b8377716f40409e2ddda8202959b202b8ef6817f28f30e42f35211e10c3c2b8e4460d5ecc2e5f2802e87a7a5b4b8bace570125db4f10f1c5c7f2509

memory/996-3633-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/996-3636-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1115c61c1535cd2beb6f516a43053a93
SHA1 b0073f3b21b8d4a63cd54918fe1bdd2644c4ccd8
SHA256 4bed16a3e9934c5efb3a99a75139647964f97fc98ebad50b1859d351788aac11
SHA512 61b744d77689419f047c7b71f7449410c7a3a83e25cdaa0c9e2058a2ab379497a591bac3a256b1f1b6e26457a35201e3aafafe102e01d4313e32e4096e4940b4

memory/996-3651-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/812-3654-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/812-3655-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d00910cf9271a3904ee528795e85b42
SHA1 7f5d970e97b71fb7a63a6e191cdfe42eb318b822
SHA256 e95095ea7e770f7bb30a84594a06ad9fd5785a978d8fdecfdfd205af8fc2c1cb
SHA512 16df5fb3652fc779a3ba17d76a44f55212ce35b69b533d5e1492e35a34c8e52d4a16acb4a93482b9c168b843a88a19d9690f4ebff4c366f2d8e2a2b387e824b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d00e57d77d0f9a82661d5da5955f3254
SHA1 bad386e6037059eb37918a9689788ca738d1af71
SHA256 e1dbc4702002b7a32d72eae5ad3b293f96ca59b3290d58f107508e543eb5f602
SHA512 80fc44dc76cf0c81614633f73948210496c3a92d554c32508042dc421baceee0b10d17e685b9717d01e8d6adaabdbe820a68b2dbc45c2c5b67c1067d06768051

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9215a80bb7498bfba98776e78eefaa53
SHA1 aec3db7fa932c49b9ea1a266c109d12a579b7b3c
SHA256 4aedfea82e761e55ed7ef15f709de36a480eb052b4b3b48b5819e70d5738b066
SHA512 8000d350d15be928c1a98293eefee74153015b44a6d9b05c1974de475c5384a7edc8fc47a58a963427eeed855f8a341bbb97b6513491fa57364db3f51a25ed77

memory/996-3684-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/996-3685-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8cacf5affca957c60c00842d3270ec2
SHA1 02e4d2cc468247ba7548cb2620b02de79f13abe5
SHA256 7007cc98e902352108d8ddc339a097d5edcb951085e127d5a665ff3953a1a0bb
SHA512 73f6d93784bad6e2daaa9d024b63d3b974a06d302a2974cff8859f5c37027ecef425726d3c51266754ad9a64549c040108376602cca1a6aab0ad692608cc4e8c

memory/996-3695-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 210df58605a0adc83349a7c77bd1e684
SHA1 ddde51cdedcaf3e97e1c0ad3f49c19d786f6b662
SHA256 b7fe66a042db2bd1add5cd902e6f00512d5439ceb907c283805eb6cd6cf5cc01
SHA512 be447c5e502a4a82aa6f3962934ab0c3000886b7472203b44df29516d77f4c8d99baa72b7247fa42ff73abbb3dc14d38cbcf3128563c01534bb866953e25064f

memory/996-3705-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/996-3706-0x00000000008F0000-0x0000000000DAA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5892a270f00ebcc3ccc16d10154fdfd2
SHA1 fb4ad5d06145d3f5020d632dc4bd9ecba647e726
SHA256 5b6c702b01117ff47cb6b85134cdc1749747979b230139ad8eab594555c5d747
SHA512 76ae120c24ef7f5572e820c37c6bae09123f35da0a1921e1e8dedf0ddd8bd3a5e4370a1f83ad2c56ecae41c2f85a274d10c0fae426005ddb1fa5aaf1d7c92343

memory/996-3733-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/1492-3735-0x00000000008F0000-0x0000000000DAA000-memory.dmp

memory/1492-3736-0x00000000008F0000-0x0000000000DAA000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-09 18:42

Reported

2024-07-09 18:44

Platform

win11-20240709-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3424 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 3424 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 3424 wrote to memory of 232 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 3424 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 3424 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 3424 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe C:\Windows\SysWOW64\cmd.exe
PID 232 wrote to memory of 4924 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe
PID 232 wrote to memory of 4924 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe
PID 232 wrote to memory of 4924 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe
PID 4924 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4924 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4924 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4116 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\4b8adf2ee4.exe
PID 4116 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\4b8adf2ee4.exe
PID 4116 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\4b8adf2ee4.exe
PID 4116 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe
PID 4116 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe
PID 4116 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe
PID 688 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe C:\Windows\system32\cmd.exe
PID 688 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe C:\Windows\system32\cmd.exe
PID 2012 wrote to memory of 2404 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 2404 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2012 wrote to memory of 400 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 400 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2012 wrote to memory of 2612 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2012 wrote to memory of 2612 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2404 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2404 wrote to memory of 1920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 400 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 400 wrote to memory of 5056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2388 wrote to memory of 732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe

"C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IIEHJKJJJE.exe"

C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe

"C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\4b8adf2ee4.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\4b8adf2ee4.exe"

C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe

"C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D8BC.tmp\D8BD.tmp\D8BE.bat C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe0c09cc40,0x7ffe0c09cc4c,0x7ffe0c09cc58

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffe0be53cb8,0x7ffe0be53cc8,0x7ffe0be53cd8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6337a5a-4071-4073-b0c5-c174648be1f7} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1824 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2088,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {195d5007-95f6-4069-82b1-cda2e6c3bfb3} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3340 -childID 1 -isForBrowser -prefsHandle 3328 -prefMapHandle 3324 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c98d7b51-f582-4cc5-b240-d55e6fd16177} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3956 -childID 2 -isForBrowser -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26c3c792-8b20-4287-a638-c10e91db39d4} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4248 -prefMapHandle 4244 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eb4b0cd-f9a4-47c1-beb3-b903c820aabb} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" utility

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3084 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 3 -isForBrowser -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {226c14ef-f508-4814-b10b-7fb8da0fdd04} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 4 -isForBrowser -prefsHandle 5608 -prefMapHandle 5604 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71fb11e7-13d1-4c21-8bec-a330a7e18a33} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5824 -prefMapHandle 5636 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bd2f44d-df05-400c-bb36-f1b031445c76} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4624,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4944 /prefetch:2

Network

Country Destination Domain Proto
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 85.28.47.30:80 85.28.47.30 tcp
GB 216.58.213.14:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
GB 216.58.213.14:443 youtube-ui.l.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 142.250.180.4:443 www.google.com udp
N/A 127.0.0.1:49871 tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
N/A 127.0.0.1:49894 tcp
N/A 224.0.0.251:5353 udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
GB 142.250.200.14:443 redirector.gvt1.com tcp
GB 142.250.200.14:443 redirector.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp

Files

memory/3424-0-0x0000000000480000-0x0000000001065000-memory.dmp

memory/3424-1-0x000000007F920000-0x000000007FCF1000-memory.dmp

memory/3424-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/3424-78-0x0000000000480000-0x0000000001065000-memory.dmp

memory/3424-79-0x000000007F920000-0x000000007FCF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe

MD5 8bc520e6b221e7998eb73c10c830fbd6
SHA1 8a825403f8bff789c60e4dfb67ead847c957b0d4
SHA256 506ecb56dcf6b280d4f553a0fb009ba1760251e411916ab715701b53ae8fe943
SHA512 58d087c499275776e155cb38782f3eca9bdcb516a5707023eb60f31e99ace240076f59ce0c1fc8b7c7382583edfa0f29a68fde23c891a6f0d28de0d3703c94d6

memory/4924-83-0x0000000000070000-0x000000000052A000-memory.dmp

memory/4924-96-0x0000000000070000-0x000000000052A000-memory.dmp

memory/4116-97-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\4b8adf2ee4.exe

MD5 b6bf96c3900b28a9970323938a1752bd
SHA1 fff9ac5ee2a9849759bf02538f8a431738a894c5
SHA256 1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506
SHA512 475848394c20823bf0c05f3d66ff27422b22670babde769f936791881d0da800cadf3ae08e0e99fe0a85abeafaa072672575d020de9267d87142047c1e1033ec

memory/2604-113-0x0000000000CD0000-0x00000000018B5000-memory.dmp

memory/2604-114-0x0000000000CD0000-0x00000000018B5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe

MD5 bc08b445116ecc06852a929a5d302c4a
SHA1 a78aa42220b90d47b4cf63119e6082f06b295f57
SHA256 5b232254dd2d33eb576516116977c884fba81d5a8427f742a73655f9e076efc6
SHA512 657a21d453112fb909be4005e0cab1ebf467840e275a159eb535b486432ffa0bfcc60da92475b26f08a0ea481c927654520a43163e04e34324551cb3bfd69fdf

C:\Users\Admin\AppData\Local\Temp\D8BC.tmp\D8BD.tmp\D8BE.bat

MD5 de9423d9c334ba3dba7dc874aa7dbc28
SHA1 bf38b137b8d780b3d6d62aee03c9d3f73770d638
SHA256 a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698
SHA512 63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5478498cbfa587d1d55a9ca5598bf6b9
SHA1 82fedfb941371c42f041f891ea8eb9fe4cf7dcc8
SHA256 a4e82ce07a482da1a3a3ba11fcceee197c6b2b42608320c4f3e67f1c6a6d6606
SHA512 7641a2f3cc7321b1277c58a47dfd71be087f67f8b57dca6e72bd4e1b664f36151cd723e03ea348835581bcb773eb97911f985d5ee770d4d1b8b6f7849ce74b44

\??\pipe\crashpad_2404_CJVNECKRVEPQOIZO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bb87c05bdde5672940b661f7cf6c188e
SHA1 476f902e4743e846c500423fb7e195151f22f3b5
SHA256 7b7f02109a9d1f4b5b57ca376fcacd34f894d2c80584630c3733f2a41dddf063
SHA512 c60d8b260d98ced6fe283ca6fed06e5f4640e9de2609bcfbfa176da1d0744b7f68acabfa66f35455e68cad8be1e2cfc9b5046463e13ae5f33bbbf87a005d1e0b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js

MD5 f267022dcce693bcaf66903091889bae
SHA1 a7d9e41c8627265c0989232de8198eb4eec7dc73
SHA256 1cdd2b3e41a4dc6732793954c1c5e2f844f48bbf2e63776b074c45bdc914b698
SHA512 548c04fe24f73f4a36250b02f4d2ed537cdae7b99b6169751ded9c106a112cd8aa189d7c784e0edd90d838cfb9b093ec2543a41066b69854b1ddb3cbbbec702c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2786342294130b09e253c8b011f4894c
SHA1 07451f6462a66b961e0fe88737b51f5e74c05ad7
SHA256 d1f1c32e50ba8adfaf47f748e7adf32c5f000808da2431f8b012b2e6e3875a5f
SHA512 fd9660a1771bb9206ad870a41be664c57f4134bdbf8a5b21dfa151555afa481ff1edc014e43f862ebbce754b738ff79e9ecd9902ccb0927e62d34caba5dadfb4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\activity-stream.discovery_stream.json.tmp

MD5 c24ef437e95acca7b9f301dcca62439f
SHA1 0de61a01aafb58b20866c4be86e309cef716c75d
SHA256 a9e9f36d8209e3a4b664c9240661edfbb43c2adf97f5e8e9e2beef8e7d9e398f
SHA512 78be14718a3a3b3daba65028b7ad8e2c09a1a2fc4bb57470c2dd54a47272fe9c92af5474a8e9c2da6d2733e2bf7de0110cb95905d67121d13d182ad001368cf6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\696f8625-61b3-4ad3-8311-ce524f710c07

MD5 fce0eb095029369cdeec67e966907c02
SHA1 c689af9e45a36d20597c857f000bf10ba2e06507
SHA256 5eaddb4ad4730b81796c52355dd280b4d99c5fdf98ff170fbdd8a27a9ec6915b
SHA512 47173f5ce95a27298d50809e48b9758f14fefad58f37da1d55c9d2b35a82991fb96dfd0de38f003bef8315725f480f821f560cd0d6f93553a9d44bdfb2c6ff47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

MD5 974c7c62f6823ef58b2a60c421d119cf
SHA1 70d378ff73e0270eeb1fa1ae180fd24970070c26
SHA256 04efd75d7c00193638a4968679930b082ee58bead9bb0e5ad25f9bf069d5465b
SHA512 4e83567fe07d51eb803ae69ebe080adbbafe37118a38b551987f7d1f7e1c62894812c753231edb56b791ed003f5456c369c0a8d925c3ff62075df8ae004b561f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

MD5 7763eb3b92ad4c309fe62303dff36068
SHA1 9072b48ccf06d02528052b86ea20e94381f42184
SHA256 aaf0e8712ae3ac3318c55473ef93b42ca993ee6c7384cacdc40482a0a2c7fd63
SHA512 5cf94108ad2363c87fefe73e03a800e7fd774e965bb65acf7b73cf0bb6f1be7b9905429b89fcde46d978aec330f179b8e9cf39bd931b3a9fb2b959a7c0a38678

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\a218dea3-b757-4fef-a392-9141277ad3c5

MD5 d08d9ef0623db6f8537503405643da04
SHA1 767b800b6a37797563df81fe4f74563aff29732e
SHA256 cc95e7fdea6ce4c5cc2f9f28e29873e64e8f2630211f832c5c61a0e3e5701cbe
SHA512 85c50a37a1fad02e899b1e9fa09831f6b5ce25d857518ef6de42ae150e3acfa0bf25c6d6b489a0194bd613e153858857b213340d6f4b3a2ad40744868f60efa1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

MD5 2426b9d146b5f9cdea12a4b646672d32
SHA1 dd6e65d482bcc1c6df08007de6b2d75436875f04
SHA256 ed84dc1123e1546497dccc2f4091c5bf91a8171765555e3ce25ea72d62b99b7a
SHA512 1b1a9fc8645f3c7d2fd57ebeee131df7e2bc6da155ab01ba3c08b7c7d52784b9c5516c7145da8f9f07ba7d3ea8dad3861e4b9462d630e4b648f809608f92d219

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

MD5 e30e197f656186d13fffd257ab52bd54
SHA1 ea5510e380e36fa430959f7375783cbd73012d08
SHA256 231fb995a8fc0b82f790b4ff866a70b50e0b12826a2aeb785a0453917c7fd147
SHA512 b1370d2a1496de0455f63c40e5aee3850125117e3a45fd2b22e2a4e77dc0494ffd283fa31cb691200721f7b912513f2c61022dbe1844118491a4ed0ace9e1884

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

MD5 8127deaa507988277dd786f7c74c28d9
SHA1 4f5aaf7fb47f24e3828ab3b813c2bb75d85da7a3
SHA256 a05f17bb1ac2caffffeddeebe960ef0a142e549927a250da8e09385d968de8c9
SHA512 deaa1fe8e0dc5a952274e3a9c1da06d0e244f3a7b22ae837b4b2d163df9b2f5b0953ffc6665335bbb477ef96cb0aca20d10183168d273b6bca9c24494b145398

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js

MD5 9cc1a22306df7c69b91e36ee33d155b4
SHA1 9f403612270a19f12016e5d203f0ac9242761d07
SHA256 ae7892e545c651239e5e3c00c2519a9ca0f9f54b2de5522efe140fc21cbd19a0
SHA512 d8c83ba3a73fcd45991a82d1a1f85df492adef3a3601f5d9a9faaac7f60aa3235ba2372f2450ad78cc2a63e9f3956671038508f619ab63d56a025e4e3cf7f619

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 1c0c8433626cac08202f23a1dae54325
SHA1 3a5700eeeacd9f9d6b17c2707f75f29308658cd3
SHA256 7aad4c7a174a145a4f9f11506145b521631ee2cb1ca2f7617b900ba515b31cd3
SHA512 da693d1d63c9971cb80792063f0e8d3335edb67ee1dcde4040d0dc8f44398f99d9f683eaab8cf44ebf5cdb78eae6672d43fd9ed9b45a526a80a311d8c77bcc8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3aa6e31c125d83fb2eabcc9e33843dd
SHA1 ad91b78e1a9853ee876b77b82f75100ff5690d11
SHA256 c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4
SHA512 897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

memory/4116-543-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 08165ae72d85bbe91a5b26d85d159343
SHA1 3195fc2ca6e1428a85a441ffae4d5053d558c87f
SHA256 2dca43e9c3a3652703e50b651a3ec4936429a06dca2ca0df36b25804bf6088fb
SHA512 34281bb40500cb0cb9473e6dcb132640d22a2195d72d95883480b75b54692afb5642b92798a411edf4819745595772eea6237ea56cf3e2941b2a37997f5f279f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffe065ab68e6d993c687959fa9ee8164
SHA1 02ea33d70226e9707a097316f69bd9082b41c7dc
SHA256 5a5c94ae2b2cd799b9c8b32dc05a6cfd62f07b8c37e7ea211dd29b19958979f9
SHA512 a93e274e2259580f122909f04813d0232543bc19ad2256fd4fdf95f53bbb6ec5b5ad0d955003fd5e2ab90cb89a52f2828bbb7149fe6fca629fb244d0196e7c05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97c162f01cc66ed405139e86683a4173
SHA1 4ac5abdb635141dca55574a03e953012672913b6
SHA256 150fcd8ba9c607922c82a860a78bc6f54880eeb50dfe38b1ab8007004a6e348b
SHA512 b7a60eb6265a956384fae0e536d498a2cd4b97fb12c5f42dc1d4ed74672409bced72cfbbc045a89e0e4492ec6424598733f3fc74b5a4e46a6f5a3177fc7cba29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca4c3ac400c1b69bfc36a80f0c94c5be
SHA1 c2d0b0b67feeb2fb4e3f8b709ad9c36ac28af9f1
SHA256 a62bfb2f27685d3169ecf21320611337ccb7ca13d0d87bca78e78b134de0f73f
SHA512 1d7436b32cbbe67bed85743b614af36f5b15d715e55e35e6a3e77cdf0061a35c196f83cb908bd86de89d8e829a9ac2f38bd494686c6cdd76d142724c8041c9af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5fce4407b999f59501bacc4f9d82fe49
SHA1 0fd836b9c221938d8b14db1ae5155ef3bab20f4e
SHA256 5f7f529de210123f4eaaa39a24f0509187ad2387f5782a96f0c9107ebdb71143
SHA512 e63edd340488a6b7892e12f6fb1ce329b0907faf05c37fae6c12e81ff1281ec3462001792b188823b739d4352bd4bb534f5c3b57d8e2edbe125d1429cd4911b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/4116-612-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

MD5 d82b8710f65c5eed9b933726f201153b
SHA1 475aa19377704c21410ab851fe4c2f61c2199bb6
SHA256 3fe35ff67409f945c27437b9ed8806e3c0d5bb00ea6578657e9d4c6ebd2574eb
SHA512 3cd8b7b62d8ca3b47e6810f139cefbf5f0f87e5cfd8fd812c3e99fa5e0304c39e0a58c98c57169a6b8d2d45558047ff2298f57c7bd3dac7ece0f296f7161286a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f055b25d7d394e982c5a97aa95b1895
SHA1 856666444f7fd1542b0e77125d4e0bc399808afe
SHA256 3419aca293df56830376880fdf0f156d5f318289e153f9c5191c8bb2f0a51afa
SHA512 c35a666bbc67e13376394528d91f2f80b31b150a8f567423ddf023db5a2522554f4ab6784d6a350e9686b8a7e7a3b8be06d2accb4d6b1572db5a79f5788d4c5e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 84b42050bbe3c4102ef82b5afdefa2b6
SHA1 794fd6e59220b01eb263f0933d9237a9d5d64300
SHA256 164d534883dd7b8e39479930834afefd5d99e8556c2dccd9cae9fa6a91cb121c
SHA512 8d02293836e441114648d71b98deb127dc9af85ba359a48a605b16c8a79edaf01172d7276701c167ec91e34408f916099520cc4e2b8a94e782dc010e396019a4

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js

MD5 e59cd97f57f3ae9d6b6162d71f8b04bd
SHA1 cf15164797c442e0d279f095c591ffbce8d01f9f
SHA256 ef609da47234b2ec4a7f0e74723426f158c9fa6640367ecf3f54822e9aed8536
SHA512 8e3f77064d54b4cd34f10d601ec8e50c376b37fdda79d1b7e8fd793e5196d2e6ba73c6bb3e0aea3677d68b7c8ba04a2569b0bc9f1fc62f40a336d415cdd994c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 38b6d68c445e87a50870b1d842eb0df6
SHA1 3c6c5209d602d9840040512eb5f92236826c5c80
SHA256 4fc607b7cab168208eff02674624fe25136cb0ecb02f45d90ef46dd71a35d4dd
SHA512 8def2ab4466cc41a65350a91679e2348aa570a59c057c37db430e9f63249aac39084f90931fa75de5f573e90696265e0a3d23f568d6d20343210765b32054a05

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

MD5 408cbd65a14cefd8cfbd9024d2e148cc
SHA1 e757f6ada8d083b6d9a9d1fe7f2abf4a5c84236e
SHA256 85bad880480244787dd73380de5eb9c2f162112d46238f2bcf7fb5b89d4fc387
SHA512 1188b4d940f3407c389aaa6b5f71c34587ba2f51541f693d6f8eb5fc3e851cb85dd8169790f5f7e9b0b2916a64b4b7c1153b8f9fb7d350df93197fafeed60ac5

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c417b845260aba7ea1b9e41858c1c6c6
SHA1 6d68af2c393b5b55b85efd88c1a7173e05f1fa3c
SHA256 e0cd228852ba8b2e436b7ffb79a19ae9d4d3a89f0965f207649a99c671780dd3
SHA512 639b3902ec86ce01c9fc3f51380f6ee40844a8aeba408765d614f7df12746fd5b043ea69691f3c7bce153e74032fbd416a1c40f0f6114958ec61d063c67c655d

memory/6000-898-0x0000000000C10000-0x00000000010CA000-memory.dmp

memory/4116-897-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb7f69d037246d7a4412d49574b9c935
SHA1 1e3468a3c5b9eb137c9b79c190d4f8e6d438bbe9
SHA256 678c5eeed6e3f94aa32852a2734bf95b94fcbb83349fcda6109c689dc8a865c6
SHA512 b5c61d0bb693ea9cb60eba3a1b6c559579a3a5846f6b0e0c35105d17cfe82de31ddf37999a0044a6532ad750b26052aee950f339c9d5dc55f7c79502631ebd74

memory/6000-973-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70f773a4a662a76f0dca788cf3dba6cc
SHA1 45ce2d6c17417a17d9375cc3b7858b5340ba3666
SHA256 159be13c0ab13a1360b6946e91fc437a30a0f729e08f022a436525967b0f006a
SHA512 c65c1f0e1cd8731f6fb4fa682d33ec1281037ef05a584d8d81aff7a8be9fa668a6198d24dd3d6d586573208b40fae66f6a10bde5b59fe51dcd0626eac8995f9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js

MD5 54f5e969f941ac64cc65679f67842920
SHA1 a23c32dd6f701daa391238377ac6701f49b899ba
SHA256 3ca25762e2603b714d96beef86ef9b7d6ad9ef5fa3cc2d759640516e1eac2f73
SHA512 c1c380c69784a75a1f29d8f3d72d3457983bdef769a7a68374c171b4c0442127527819e7aa871c7414354a1ab3f0bdba4f5ab997b21a4f2d7918dcee2ffaf948

memory/4116-2612-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d3401d7708f216229fa628c35097362
SHA1 102d2088bdda2be4253605ba4f6215c7c036bef7
SHA256 0a4cf19abd9a126e34da605dba37eab17cef4b51ffdbe3f70419e275b4cfb38b
SHA512 20d0658ae4464274140bc6f43e8deb9092bceed5b7d1728a2872238848a235054ef7510bc599304883dad3a180036ae8ee3a00d3e857874a376d3c70718cd5fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fc3e1709c71e8d3cf46a8fb8ba0ee7b8
SHA1 98e85abc0b214569da06607e319f17e70d7fc355
SHA256 85cdb7aa4693b79e09e1708c04a68d5468f1bd5e91b7ade646781eac15269627
SHA512 37a3af9fdbd532a9f562a276042926c94fa776b9f53cbe73ecca573e55642efd1fb646cf699bbb8b141290ce893815bd53f10b85592b63a3a8753a595aed4e14

memory/4116-3349-0x0000000000C10000-0x00000000010CA000-memory.dmp

memory/4116-3352-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2aede8f5e53ebc38f7cc6d0c9a1f96e
SHA1 40ceab0ebb6cb6e4b6e182e8fd663056ddbaab2f
SHA256 9a5fcae6951cdd8a38b12ab2bed08790751818b4d6d2c8b62ddc4d0e77299f5e
SHA512 0de217bfe78c3aca3676421b726d630cec0aaf318591a4e405aa824650379dcf474ac6a3ae2f3be01b14286e3d6d1bd4b149c284c26fcbcfe360b0233502812a

memory/4116-3373-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8f35139ae5a08c13d3cdae9631c52ec
SHA1 843c40ed3ac9b5c15a550c530dfec6686ded387a
SHA256 b59cf029ae60ae91572adf5b1ec602aa235e8deb8d0920498a1f2e82d216f75b
SHA512 8ef0bf72323ca84205650e2dbb5cb66c40dccd152d598b45c465f8221bd58fc9bf1e5933e79506913489fb7b07e8c41cce2c50e0ac85249f288c3e59e801ce1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fb66ad9d629838f2ee682856f02bc793
SHA1 ff3467b9c6e5ba47afd8c622cc2e35fc699f014b
SHA256 6b8313b227ca54ee5c6e0dd58320b0fb2a84ea09d76145690d0994273524de33
SHA512 ab616c0e1f26776fbc906679f6b77b099337f16fe7f96f1b2ebd2c639f4c6eb46ec3d6232ad911d21864d8df4822d7cf966bb6742eec22201364041d91e9dc08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7741e17c79d31039279906bcfe72a2e0
SHA1 0dc29f474eb6a6845f2aac29d7fd8c67a71b5a7a
SHA256 0538ab173dcbeaf24bf939522c9fee135b0ad272309be4983f163bd1166e0d24
SHA512 c600476e2d67e4e5c39efc302ad69a8dc3647e4e089f884ac31b4edfadda8f9baca23bc5a5a92d1806a2efc320ab5afb0c0a4742c4922d7419645965b55edd8f

memory/4116-3411-0x0000000000C10000-0x00000000010CA000-memory.dmp

memory/4116-3412-0x0000000000C10000-0x00000000010CA000-memory.dmp

memory/7084-3414-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a12ce14c727075facc63989e75f91228
SHA1 1b2ce05176dc2c3347ee1ab37f1879ef877593a6
SHA256 51f5f61caf575b42e952188b292db6303b838eb2180bca437fd2dac9c70cbf75
SHA512 4cd9f086e431472a37719694d8cfd2abe940080a59dd2ad7cce022cbd1fbd71b8b2100d118b03da9ce51c22da662e9cff00c260ad4ab816e27126a4646252820

memory/7084-3424-0x0000000000C10000-0x00000000010CA000-memory.dmp

memory/4116-3425-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7d2d051853f17d1b48672b4f7e609c2
SHA1 b2bc05ce4b4d868948845a5e2102aafb96fc51c2
SHA256 1173d6e53b163ae3190acb118756c692e7ce44e6f72a64af8ebbf069c6f662e9
SHA512 f488d6b8afd389d27c524bb8391dc3e73ef75bbd316e9fa81e699a0443169af4df2de7ba6be57689f710791347d97afef6a9414e37b3ad26c3e2056796774eac

memory/4116-3435-0x0000000000C10000-0x00000000010CA000-memory.dmp

memory/4116-3436-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f0f147a1f49c6adbd3ddc02854b48b7
SHA1 f5392861467e6df3d43cf5b08203e5ad4ece05a7
SHA256 d771f1f8d45bc846fe7814e5ecfd8dd282a6597d2a771d810d8cb72b71882c6a
SHA512 e3f171e1babe8bde2b015e04624166651e4e39cb36a64216df780eff3e5f600bceff9d4648bb93c1e303ffdaf6c5324b5a353e2b87994feab3d454079330fa2d

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

memory/4116-3469-0x0000000000C10000-0x00000000010CA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a94dbb084e2bb1411bd01f1dd8095073
SHA1 0f5e10984de91cb8318cd7939bd9bca613c70896
SHA256 8fb2d57d1cf8826a2d02e525258b3c22da94104094c7491aa9ee266ccb2affe4
SHA512 908032289e99addbd3969de8d2ae92afedfbe1f4c86d37ff79a29d676f58840ad8ceaf75987f3941de733685e595fbbc85a8a9bb167beb8910c235edafaa6e03