Malware Analysis Report

2024-11-13 16:47

Sample ID 240709-xydnyazhnj
Target 185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0
SHA256 185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0
Tags
amadey stealc 4dd39d hate discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0

Threat Level: Known bad

The file 185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d hate discovery evasion spyware stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Executes dropped EXE

Checks BIOS information in registry

Checks computer location settings

Reads data files stored by FTP clients

Identifies Wine through registry keys

Reads user/profile data of web browsers

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-09 19:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-09 19:15

Reported

2024-07-09 19:17

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IJKJJKFHIJ.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IJKJJKFHIJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IJKJJKFHIJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IJKJJKFHIJ.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IJKJJKFHIJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IJKJJKFHIJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2132 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2132 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2132 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 5040 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe
PID 5040 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe
PID 5040 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe
PID 5040 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe
PID 5040 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe
PID 5040 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe
PID 2532 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe C:\Windows\system32\cmd.exe
PID 2532 wrote to memory of 2396 N/A C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe C:\Windows\system32\cmd.exe
PID 2396 wrote to memory of 936 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 936 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2396 wrote to memory of 1736 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2396 wrote to memory of 1736 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2396 wrote to memory of 4156 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2396 wrote to memory of 4156 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 936 wrote to memory of 4152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 936 wrote to memory of 4152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1736 wrote to memory of 2212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1736 wrote to memory of 2212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4156 wrote to memory of 3128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3128 wrote to memory of 1548 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe

"C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe"

C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe

"C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B4C9.tmp\B528.tmp\B529.bat C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff4a44cc40,0x7fff4a44cc4c,0x7fff4a44cc58

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff4a3046f8,0x7fff4a304708,0x7fff4a304718

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cac7aa7-b9f1-4947-ac09-fd4dc5eaf5a2} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,7567767149714821670,7284804360603771282,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,7567767149714821670,7284804360603771282,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,7567767149714821670,7284804360603771282,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2216 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7dcd3eb-c0dd-4eb2-902f-beff4e6e95b6} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4655333468406354621,8243719228235519782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4655333468406354621,8243719228235519782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4655333468406354621,8243719228235519782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4655333468406354621,8243719228235519782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4655333468406354621,8243719228235519782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3124 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5b39d2f-4476-4b9f-8a94-e7a11d5d876e} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4655333468406354621,8243719228235519782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3876 -childID 2 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5dc740e-4070-40a7-9846-d0d019746fb5} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4588 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4564 -prefMapHandle 4424 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee8a1e83-ce77-46d0-aa3a-aecc57e146aa} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,7567767149714821670,7284804360603771282,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,7567767149714821670,7284804360603771282,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 3 -isForBrowser -prefsHandle 5428 -prefMapHandle 5396 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f529a120-d344-4f2e-bc0b-70667ea346f8} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 4 -isForBrowser -prefsHandle 5592 -prefMapHandle 5596 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abb580d3-0f82-4d86-9dec-fd6e0497b6c7} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5752 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b72aaaf-c784-4c2f-b1e7-f07c12ba9b71} 3128 "\\.\pipe\gecko-crash-server-pipe.3128" tab

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IJKJJKFHIJ.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\BFHDHJKKJD.exe"

C:\Users\Admin\AppData\Local\Temp\IJKJJKFHIJ.exe

"C:\Users\Admin\AppData\Local\Temp\IJKJJKFHIJ.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4276,i,7567767149714821670,7284804360603771282,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4655333468406354621,8243719228235519782,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 172.217.169.78:443 youtube-ui.l.google.com tcp
GB 172.217.169.78:443 youtube-ui.l.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com tcp
N/A 127.0.0.1:53089 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
N/A 127.0.0.1:53105 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp

Files

memory/2132-0-0x00000000003D0000-0x0000000000881000-memory.dmp

memory/2132-1-0x00000000776A4000-0x00000000776A6000-memory.dmp

memory/2132-2-0x00000000003D1000-0x00000000003FF000-memory.dmp

memory/2132-3-0x00000000003D0000-0x0000000000881000-memory.dmp

memory/2132-5-0x00000000003D0000-0x0000000000881000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 ee8c22e6860d138e1da227f83a788e7e
SHA1 c7f1ec27a961ab3aab2799544d00dea208ba60b4
SHA256 185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0
SHA512 7d8e090daed5c9486991b97ef1b27174cc76a5b6e73e03c622da12f63d28548c2c2d952199a2855461621427b8be55d647d9c5570f4b46c7358a9c4d16657d2d

memory/5040-16-0x0000000000480000-0x0000000000931000-memory.dmp

memory/2132-18-0x00000000003D0000-0x0000000000881000-memory.dmp

memory/5040-19-0x0000000000481000-0x00000000004AF000-memory.dmp

memory/5040-20-0x0000000000480000-0x0000000000931000-memory.dmp

memory/5040-21-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\2ddbbcd86c.exe

MD5 b6bf96c3900b28a9970323938a1752bd
SHA1 fff9ac5ee2a9849759bf02538f8a431738a894c5
SHA256 1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506
SHA512 475848394c20823bf0c05f3d66ff27422b22670babde769f936791881d0da800cadf3ae08e0e99fe0a85abeafaa072672575d020de9267d87142047c1e1033ec

memory/3448-37-0x0000000000130000-0x0000000000D15000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000010001\9d78c87577.exe

MD5 bc08b445116ecc06852a929a5d302c4a
SHA1 a78aa42220b90d47b4cf63119e6082f06b295f57
SHA256 5b232254dd2d33eb576516116977c884fba81d5a8427f742a73655f9e076efc6
SHA512 657a21d453112fb909be4005e0cab1ebf467840e275a159eb535b486432ffa0bfcc60da92475b26f08a0ea481c927654520a43163e04e34324551cb3bfd69fdf

C:\Users\Admin\AppData\Local\Temp\B4C9.tmp\B528.tmp\B529.bat

MD5 de9423d9c334ba3dba7dc874aa7dbc28
SHA1 bf38b137b8d780b3d6d62aee03c9d3f73770d638
SHA256 a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698
SHA512 63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7f37f119665df6beaa925337bbff0e84
SHA1 c2601d11f8aa77e12ab3508479cbf20c27cbd865
SHA256 1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027
SHA512 8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

\??\pipe\crashpad_936_MMAKDZOSIKRNQBTB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d406f3135e11b0a0829109c1090a41dc
SHA1 810f00e803c17274f9af074fc6c47849ad6e873e
SHA256 91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4
SHA512 2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 466d2f11085e22984b88384e3cdbb862
SHA1 923248591a8b69107bd983275d525a0a245f235f
SHA256 93a7d84fb81d79ec56087cda09ec636e8283ad6c2fac124f4351bd7dc925f0e5
SHA512 f8f60878019bed774e352e20a51ba1f67512b35ec6e175ac795cdaacb5e935762c09db03c65b03d61c62405d2a65de2168cb12c1b55cc0e6951443beb16134ae

memory/3448-91-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\activity-stream.discovery_stream.json.tmp

MD5 2f96601568907c8ebd216a204e0c8878
SHA1 aef19684c0c1200bd7a04ae92067d68a4b949c3b
SHA256 ae821372c3e1293de8713fc0de99173f0f2fc799873f51095792a658cadd2320
SHA512 b2252b0bfce235016306c22af638e29726e3c72e1cad0f90641ac897174880a4fb18535038a22624f0d69ade869c2ddb157c3225f8104e9ca26b94508bdd8f2f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\7d8da4f4-e2b3-494b-a25c-f6dd4b206ea9

MD5 686aef48c7ad951e25f786c2328dd013
SHA1 7fb860601b3b623c19a311577c6e10629c83a8a0
SHA256 14de6dff02562e611e1e0106e3ac35c95f612ccfe067dce062ced7d83f7e7337
SHA512 d6c968669f0e7a78eccb2313008b60dd873fca38ebc05d7fadaf1dbba3c63041a193e07b5f2bae6438a2f0a2c88fd8ecf6e4f43dc24779a4cb1af26391fc587e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\pending_pings\729516dd-f579-41e1-b808-f2bd1188c456

MD5 b7041dbe6d01fbcc9e43c71e180a78c9
SHA1 e544cad8da62307b5ce7a1084b1531f300b34322
SHA256 33b3cf6f0b9844a32b76379b0258369633c00966576d36bad28a2a67fff8b30b
SHA512 697de7c1f551716a0c7851f6fef0a481cb3f311ad0bc55a599895d15e175e50db16fcfcf6987647991516e2ba19bfa7e6f23fcd7498aedff8a70e0b3507f3686

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

MD5 78c9a5319f4eb8fafce4ab3265b0e293
SHA1 921fa2b27e715e993b92e9d1560420154eb882e5
SHA256 984e491bc416f6b56d37e3b02e7889f0f47068e1eab1a52790807031482b126d
SHA512 8313f4f098b5e27b6705918c813e5605bec4b6cbb294b7b7f52174c6a4e2a52b06218e3f78bcdd3e064d0a011c2fd89908211861e9a8a35d9b241cec0150b760

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs.js

MD5 a4a12a7572ede7e7fdb9f6595a38ab2b
SHA1 2b6267fb51e5f41c329d0944b8c4094d9157d686
SHA256 9481ce895fbe0a914dab685fb61a382a154a6321e8ec67e62655f9093eb08a34
SHA512 58eb84543b8534351bd2ecb1c28d1c2ffb6f8c6ace6a95fc6a3011614e94d26ee05ff83870f35dca3068a86a5f3a789ac830987a335079d3aa9a375e2dd89fbe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\AlternateServices.bin

MD5 416e3129fd5d43af0d23e11451c7fb7a
SHA1 a0c88b35532b89ca525cf9dad30b686a897d5e0c
SHA256 0a41ce263db42f740b94f3a3fc8ca93c6efa63eb48dea07fd5e518a2035bd8e1
SHA512 de7f532d51015ccfbad20e6f49daf33788c55e197dabac45078b52b9ab2fd1393c83e2db43d180d153aad2fd9eb8baaa29959a0a237fba9faaaebe43a1a04303

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

MD5 597c5aa46754141f4e7b0a6619ac2c73
SHA1 3febf22351a1e2b7da9a163f7d5299f11effe6f8
SHA256 368f49d0d9c31862a6127050d6f1831fe0f3903ebb2106c2a99c349ec8b33356
SHA512 48425c5afd86c21a5ef0dff3d9e10077aa69c3e31588c5cc59f51240d467529ee92d3173bb2419c2d3534510e84e7d50b8d5a66c0eb20e894bdb72c8d5f6eefa

memory/5040-470-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\cookies.sqlite-wal

MD5 cde9ca242de39f05c0eff5b049581e2c
SHA1 282f1010de4c7ec555c18f4d8cf3a22749841ba5
SHA256 294e97f84c77e7502e61c6023305998b6195bccc1f2415f2bd6dcf253966c3e3
SHA512 007f62e186ab51926f7bac56d85f0c02f43591b3a127f1cb316a12ef199f40a6821a1f3f86f21c9cebfb3a1162a2f51005fef5b83d937a85c852bb9723a671de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3aa6e31c125d83fb2eabcc9e33843dd
SHA1 ad91b78e1a9853ee876b77b82f75100ff5690d11
SHA256 c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4
SHA512 897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\places.sqlite-wal

MD5 f0356ee53b05256ba0ecd6d3430589d8
SHA1 bc4defc60894194c592233909570d11f0201543f
SHA256 1886d7de8e530de1d0738f506e7de09babde8cec96c664284e6b4519d46b2c51
SHA512 c88751d02f705692d4b497b8a757cf6139c09413bd466ec03facf05daf25e90608fd71ef1b3c9d1eefede1f298d251de855fdc8c68c2096f108c15cc7e089f2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fa87b4c32f56ac4316d48ee23ecaf6de
SHA1 b39ba40d65fb0cbce33c0d30a621b255a271ba74
SHA256 ca0bae193277789f800ddc69f821e4c40140a0e048eb7c101ea022b532b49114
SHA512 df810e9097799c579e818c3aaf7c16776908403847312dc369a4336367cdc6fe505626df440a8000d7dd347918ece82ea88d3bca988e4a0fc70e8419bc09791e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4bf360c9221deb0fe3ad88fa511e2638
SHA1 ae02764d35593b195de2803dc525302a9b84cd95
SHA256 19e5c6d560fe70a351ffa63f1d890a9517e6afbc700a1f27c76eae6bd2054413
SHA512 96aff13f65ea52dac6342e5803bc34b7ce3db0efb58e551cbce6d38f750055bad3164e8980e9b8a1f2ee36e9e570111c14f6642cae7e608c8bd7dc3181e16dd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 294c05edba039ac23ce5ffecafa7ebd7
SHA1 e4e7800fa17f172996f716867f6c969b4eec49cb
SHA256 ef8bd5ba123471c4b16bfb0c9c0b56c7bf55c5312ceeabbef7d5473ea39aed82
SHA512 42a6753a202862ef0e988b35c2d1763a903131209701a4e1a93ce613d2706c53b3ef0d4a4c11fafbaca30b5308f1ef2b87d1a2d8d73709d3b4203d224d1dbd6d

memory/3448-579-0x0000000000130000-0x0000000000D15000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6ad9ff5df4a31f0f28b4a4756a7903a1
SHA1 737d1daebe67398a6a8ecd44f1a039299ce76544
SHA256 5487c337acc09cd4399209c49ff88f291055e46a196e875785ca4f216240669d
SHA512 fcb454c079d6d1d9828e5e44f57bc394920d4e6d3efa0cf7c998c79687713364e674dfb0fe23bdc641b3591f03f353a8f828b9b923873b4518bc7cf86b83e968

memory/3448-593-0x0000000000130000-0x0000000000D15000-memory.dmp

memory/6096-597-0x0000000000760000-0x0000000000C11000-memory.dmp

memory/6096-606-0x0000000000760000-0x0000000000C11000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84aebe54ab9f062d508cf56e47dc8462
SHA1 a19643801e97664d81db7873593f32eb8631f675
SHA256 68c2d5717b84b8394bce9b0cd34722b2d17f1bdb429666472ecd5416104d3dd3
SHA512 72b7440c06f50a05cb990dd616a4612a5674f3f4e1be496b4bab8b69f0157fd930363e2a2e023522e940c07b5540734d5acbae39eb5fc54dfbbbf445e96d1893

memory/5040-612-0x0000000000480000-0x0000000000931000-memory.dmp

memory/5040-613-0x0000000000480000-0x0000000000931000-memory.dmp

memory/5040-618-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\datareporting\glean\db\data.safe.tmp

MD5 f808d300ac3e74780a32652399f4d9da
SHA1 e4fcee42881d8378465913a5df2b3000bc8ef244
SHA256 6bebcec152c240b089fcced00e70d1ec73984969237993449f6bbf253ee19b7a
SHA512 e8b8f17a323674c4160810dc512c894ba7877c2695b6c4ce3ca8104fdbbe9e2061e73e98aa6577c3841c87a7928cf82cb3284bd3fbc7aec3680c08174829756d

memory/5444-648-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\onffaicf.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 ab9786c313a6e4ee6610ef5071a21f71
SHA1 1a3958ac6bfcede0d2bb7e19ee9225688cd9b1bb
SHA256 14757d0fd06cb1f868e02a514a0ca6756d5a17ca283a822750799e1160e775a3
SHA512 ce8c2daabdfd907f07094a69aad108c67f0ef8c4db35d091c010e061e1e16d417eba445ffceae302970a4d009ef134ccc09c68c67b69fbac7ca1176d2a4a7b7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

MD5 b6e2269c5dca2549fce034fd5defd140
SHA1 26ef5a151c62e1f4df27a08a365ce7f6ebf6be57
SHA256 3f7ddf4ff7d41b0a870a221f4a29e4c341cdbb2126a4241b2265da9b9b1debe1
SHA512 2fcffee6f2cb6a1ea40c1e3181c292a7c0cd6b09b087fa504f69405006dda9114783f0d3a9a9f4743fbf02fdfc270c376a8b285e52eb025aeef05fc1c3639f1c

memory/5444-733-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

memory/5040-813-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 210fae483b6f6b05b1b5f852d69ddcac
SHA1 f052489aa7128a3d0fe8b664886d6285583bee6a
SHA256 afbf1da238d4fe60c185d783ea564216f6dccf3bc4bf15e3b8d72cd61f30c264
SHA512 362e215991da581b3c4f9978771bc88688055890b4c3ff364ad96251e42f4a3035934032dca5398adb122e992592af17f27e3d92668a77a76b0f02ae1cd1cad3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff9d75b28c62ea593d4de9430d3b964c
SHA1 7811649e3f9e0cd25d0d756c2250fd0f0aa24c55
SHA256 107535540410d96b6e4458b14c45c81d3abe44e7fa11af45282ec1d8aad03b0f
SHA512 30c219db026e67cc9ec7d4c33f7a971873d15a770a7370f240f2e58e765bdd15d9edfc54c0af4ace08b197d4fefb15daf97bb1efdfa71f0ddf6afc36c12288b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ce66feb32432602f67fba481dfe1e5ca
SHA1 74d35f2aa9e85beecf87db36b1466576871c9cae
SHA256 6481845a8e56a573d19c05b2cf7f953df5a0f661be58d55a73635cd30efd857e
SHA512 3fdd3ea3e50d877eb2aca9fd7b4ec684856771ec0b9f1b91fa4f126fc0fc6bb877135621b94e76337fb4f9a59940b59b9a1102c5ff6b647a135a4b7ebc90e7ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\onffaicf.default-release\prefs-1.js

MD5 68bfdc118108863c717d254d2156bda0
SHA1 9fb7f09c974606f0c01b475087951afe47fc913b
SHA256 0f3ff73b49e096cfa9dad663643a758cc3e070d7760127ca6e2a75f1864ce130
SHA512 412f094302ecdfe1160dd702b4ab98b7f9ee949d2251de4c412379d66c8cbccb66f67c95aeeaa803e6f01484b07cb3df06f386558291dea7e3d413daa53e4687

memory/5040-1818-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 04468938fbcb06739d9f7be87a651488
SHA1 f3e8ec2ba7746b8219321691b10e35606adce877
SHA256 e9913cb8d2b745c25050dbce9d614b4fd58d43217d967938211af4f825c7f2ba
SHA512 88ef459ce4467cda9ef5c8ede31a4002484598958fa4698c060b39150ba4af5258569a631d85b4ee48cf4a18f16885c65c0c04d2e084c9b16751ea21b88517b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f3f8b9203688fe740cf3b3e7af02667
SHA1 23973c3d39525730172b25ddcf17c53cb77bca23
SHA256 f93163c8ec780daf714b49c732ad3730377cae7f9d759226fc585d0940f1b60a
SHA512 35d6d37b7bbffaf446e37fda8b97f883527eead535f5c3f89ae35d8599b77bdad0044bd7f99a62a0d5c97d897afa2bea76d07cd9477db2a0007bf1768741bfe8

memory/5040-2574-0x0000000000480000-0x0000000000931000-memory.dmp

memory/5040-2923-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74a0de564ae90e385f1f4b63f1f02c3a
SHA1 aec5eb245c1dbc8eb7df92752babc7a2e56a7f6e
SHA256 0638e31d0d049ba00f9ec344691acee63ddc49625e60f2367432d6902a041dd1
SHA512 639c07dc74a7a0f0bdf7855811a29dfbe04e08f7638c3d2fe32af7c859674836e762c340bb56c82c480283236fd20263c740d4b729c084cbad40fefb13e8c115

memory/5040-2940-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6da01dccd59285a3b1cd7ce4bc9c5e02
SHA1 81a46bc9e6a6f1b922be3490707ef072361e8524
SHA256 a30c60a7ab5021615e32532e4271785038c11bba387d2214427146580ded9f9a
SHA512 41766c2baf061be38fc2aad3e8772b9af316cecb29952bd60923f5ee8a2096c71289ae791bc35972787504a7c9c29f4f5c02cb3df6ec0eb4b2441d4ae9b337fd

memory/5040-2960-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e08252ac65a9995e5bbac32893631d0d
SHA1 5c183a7774d7d10619947cf126fbe4fa02aebc91
SHA256 4d2f3126540dab06a71b3622499c5cf4ae3b281d901e307b109d605c2ddef86a
SHA512 f534f32afb0a62c920af23253379139ac610b421722c04dc435fb04eea6b6d20c0bf7590f04b31ca61cfec4cd16f58dc554e3b843c5e6cfab990368b62d15675

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0fb428212a8c3bb1fcc8af6b6e2e3254
SHA1 47e175dfc03c4b43394d6b645ac98acb34d6e2e6
SHA256 9a75bb277f395069ceb5f747e37a708676552ec264a5cdb69ff896237b194065
SHA512 b7a0151870f0dd5d460e384dc8df10efe8fc67ccf07993d1fe26ac0d9bd7e84e9d94e7d1919a78450009bafb12ce9e7d507b9a05fd23f5aac35798c88288df2b

memory/5096-2972-0x0000000000480000-0x0000000000931000-memory.dmp

memory/5096-2973-0x0000000000480000-0x0000000000931000-memory.dmp

memory/5040-2974-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da2ea0be6cb0606fee7addb32f52d573
SHA1 b48cac736c003df0f64937c1d714fd2ca4b32b89
SHA256 7828b55c478331c79d480dccc5dcfa2dbd51440d8406e46d76da7759f99d887d
SHA512 4a6183334e7cd1e532e623dc0ff0e9c0479b61aca1e9ee33747563dd07d079496ec7e6ce287f775c28edc031656cff11c32e0f8de27b062fc6d0a7406ba8fbbb

memory/5040-2984-0x0000000000480000-0x0000000000931000-memory.dmp

memory/5040-2985-0x0000000000480000-0x0000000000931000-memory.dmp

memory/5040-2986-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29c7bf5e1f9e33ccba4290aea925ab2a
SHA1 98770431e88de2096601da52218a8eabcc679b77
SHA256 4e8399b1013680fe48296070d37c914c11990469bc75b00f1e10e7743154ad40
SHA512 a78b18c54e3471757065f3ea685f099cbad866e9fcfd288ce78aabe87b9891606359cc3ff16fb997af3c5c41b8906c6be569abd99186173302481e42d63903fe

memory/5040-3008-0x0000000000480000-0x0000000000931000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 49dd020e8e05bbf8e2c1586d4d499afd
SHA1 06001d2ee8e9ba367231f82c4dfe477daf7ae86b
SHA256 43e217f23169954e55afc408e23fe74015127c233f3fa9123fccc337dfabc777
SHA512 bd9016c0498594657ea7b7d9698aaed442e016ff661c53f0e4918c24686f434f5e620e2c85511e0bfd2853f596e62d49cd8cfb17dca4ded2320359598f288aa3

memory/5040-3023-0x0000000000480000-0x0000000000931000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-09 19:15

Reported

2024-07-09 19:18

Platform

win11-20240709-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3171217504-1685128607-2237314850-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2764 wrote to memory of 5356 N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2764 wrote to memory of 5356 N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2764 wrote to memory of 5356 N/A C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 5356 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe
PID 5356 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe
PID 5356 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe
PID 5356 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe
PID 5356 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe
PID 5356 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe
PID 424 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe C:\Windows\system32\cmd.exe
PID 424 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe C:\Windows\system32\cmd.exe
PID 4408 wrote to memory of 4024 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4024 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 1612 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 1612 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4408 wrote to memory of 1820 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4408 wrote to memory of 1820 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4024 wrote to memory of 1240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4024 wrote to memory of 1240 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1612 wrote to memory of 5684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1612 wrote to memory of 5684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1820 wrote to memory of 2592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2592 wrote to memory of 4768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe

"C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe"

C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe

"C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D503.tmp\D504.tmp\D505.bat C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa7ecbcc40,0x7ffa7ecbcc4c,0x7ffa7ecbcc58

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffa7eb73cb8,0x7ffa7eb73cc8,0x7ffa7eb73cd8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2611417-d019-496a-a606-8c21c196381b} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1816 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2100 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00b821eb-97df-4d30-a68b-f5fbf57508b7} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3300 -childID 1 -isForBrowser -prefsHandle 3292 -prefMapHandle 3276 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa655c00-f0dc-4ef0-a8e4-1192163700d8} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3828 -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 3060 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a381d67-4f41-4466-b588-34a67a9ca393} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4336 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4328 -prefMapHandle 4320 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d231babb-e06f-42c7-851d-0a617bfc4283} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 4216 -prefMapHandle 2724 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e29640fe-3188-419e-9f98-1f37bf1b1db5} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba41657b-79c5-41fc-9d3d-8d4695a09376} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5816 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5740 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ca9dd2b-c7b5-43a4-abeb-d963be05a6cf} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KJECFHCBKK.exe"

C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe

"C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=892,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5804 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 85.28.47.30:80 85.28.47.30 tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 142.250.200.46:443 play.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
GB 216.58.204.78:443 youtube-ui.l.google.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
GB 216.58.201.110:443 youtube-ui.l.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
RU 77.91.77.81:80 77.91.77.81 tcp
N/A 127.0.0.1:49892 tcp
N/A 127.0.0.1:49916 tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
GB 142.250.200.14:443 youtube-ui.l.google.com tcp
GB 142.250.200.14:443 youtube-ui.l.google.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com tcp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.201.110:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 youtube-ui.l.google.com udp

Files

memory/2764-0-0x00000000004C0000-0x0000000000971000-memory.dmp

memory/2764-1-0x0000000077036000-0x0000000077038000-memory.dmp

memory/2764-2-0x00000000004C1000-0x00000000004EF000-memory.dmp

memory/2764-3-0x00000000004C0000-0x0000000000971000-memory.dmp

memory/2764-5-0x00000000004C0000-0x0000000000971000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 ee8c22e6860d138e1da227f83a788e7e
SHA1 c7f1ec27a961ab3aab2799544d00dea208ba60b4
SHA256 185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0
SHA512 7d8e090daed5c9486991b97ef1b27174cc76a5b6e73e03c622da12f63d28548c2c2d952199a2855461621427b8be55d647d9c5570f4b46c7358a9c4d16657d2d

memory/5356-17-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/2764-18-0x00000000004C0000-0x0000000000971000-memory.dmp

memory/5356-19-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/5356-20-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/5356-21-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe

MD5 b6bf96c3900b28a9970323938a1752bd
SHA1 fff9ac5ee2a9849759bf02538f8a431738a894c5
SHA256 1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506
SHA512 475848394c20823bf0c05f3d66ff27422b22670babde769f936791881d0da800cadf3ae08e0e99fe0a85abeafaa072672575d020de9267d87142047c1e1033ec

memory/3460-37-0x00000000006D0000-0x00000000012B5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe

MD5 bc08b445116ecc06852a929a5d302c4a
SHA1 a78aa42220b90d47b4cf63119e6082f06b295f57
SHA256 5b232254dd2d33eb576516116977c884fba81d5a8427f742a73655f9e076efc6
SHA512 657a21d453112fb909be4005e0cab1ebf467840e275a159eb535b486432ffa0bfcc60da92475b26f08a0ea481c927654520a43163e04e34324551cb3bfd69fdf

C:\Users\Admin\AppData\Local\Temp\D503.tmp\D504.tmp\D505.bat

MD5 de9423d9c334ba3dba7dc874aa7dbc28
SHA1 bf38b137b8d780b3d6d62aee03c9d3f73770d638
SHA256 a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698
SHA512 63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bc5eae38782879246edf98418132e890
SHA1 46aa7cc473f743c270ed2dc21841ddc6fc468c30
SHA256 b9dd7185c7678a25210a40f5a8cac3d048f7774042d93380bbbd1abb94d810d7
SHA512 73680b22df232f30faa64f485a4c2f340ba236b5918915866f84053f06532b0a722c4ee8038af3689ac04db41277c7852f7a11a0a15833ef66bcc046ee28afb7

\??\pipe\crashpad_4024_JPAZDTOZFMWNCBPT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4656c526f71d2c1122865ef7c6af3ff5
SHA1 61684265064c225f323d304931ff7764f5700ac2
SHA256 7172417b8464d5c2f52edfc867f4d83e475b58fd316b1916cdde30ed5bdde80e
SHA512 c3e4fc0baa216ef561a448e42378af01a50e0ebd9b5fe554c9af0ea3362b9ca2f4a1b99cfab66c18df085250dd7a5ca1b01ab256e28156d657c579f5518aa56a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 23dfddab447dc5a7b43428c576432c9e
SHA1 4fa3c2d84b9da49ce03e1dececd59d035a0bb355
SHA256 9f5a85acb8f85cc14010000dc8a5eeda4c74813f369a752b9c0438c1cf2e2a42
SHA512 4a2a01a524b63010df1ee8a5f1bf093666cb2777dc08a1c3a23d669891c7ad9cfa0825d783dd0d3c24407a9a6316cdaa95dacf794d6c9282668cd22eee2b11b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\pending_pings\f325887e-ccf0-4aa1-8dff-45556be38fd1

MD5 f30ef91e674ca40aa5c768e6a8cad903
SHA1 99863e18f959e04b177b3e6efb84dec25d9e6fc3
SHA256 10909dcac4281f499380279241584c272894119d7b1c684b1cab69d51b9e6fba
SHA512 4a30c990fdc7d7b9f2a933e747520dca266b450ed62b775619735f5ff62953066e34ffe43ee34094d31644560e352de43582e9dd689d5ac0cd2802f007b0e348

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\db\data.safe.tmp

MD5 f692e9b05379c1380ad5dda2f0570bec
SHA1 bce8ae1f609e36bcd099bcba966267f3514557f5
SHA256 77a2b934b15fc7b831f1c2eca2b9e76da706926e938b38039b6a98944a11f452
SHA512 500c396cc5aa54d086b0a9647e0e395b52d04c2230d2d2b9b2ce4d40521879fdfa25947444506bf4420028a0a65fa78f001cc4b6f29f1d3b1782013cffafdd10

memory/3460-287-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\pending_pings\9c329077-31fa-4ee1-b525-15e1c8659716

MD5 7ec4c7d96c6bf24d6cc830e4b3dc14f0
SHA1 3cfb4e08412e1518a50bacc6b023925d9af0807e
SHA256 d01c9179f3bd7a44241448ff770ab02f91ceb927d6d806d18235297dc78635c8
SHA512 c2292cb9b687ca6a30663ad22937ba45805b25803749376460fb908f170b55c387f546c62b5f60a583cb939e10c2caa2d8139fcfec8949e5f68e43a6672ecd3a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\activity-stream.discovery_stream.json.tmp

MD5 de24714c4090cee1a0efcd6556078097
SHA1 4e695dfc6e30bfaa6b34c5cd5203a26a983a758f
SHA256 a49be59e68bc23357b3936720c9a38564c90c5bb6908d333fdc5ee1f6019021b
SHA512 3f8bd1e3e84757c32f4431a73c3aa420f0a64c3281e28d545981876f946655c5fc3f7f3220b6cca0ac7d2359e8b8fe518f1c23a9f4ee8ec698636d1214c538f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs.js

MD5 18cacc8cc0d6ff15169421cc905ae1de
SHA1 7c06f0b9f005da1db19bda11f8df13b3db5f705e
SHA256 72b78808a04c005fb83a9526fb0c8b148bf2ef7f4ab51f69d3daa7c11a0523d5
SHA512 e9edc23d5fc330595c11a7a5e87b3868639e1aa029c139ed67e8fcc6d7208bff28c9fc769c11f3443a4fd5c2384424469e2f39722eb13e1db95a52952da59c08

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\AlternateServices.bin

MD5 8e99264919f50c37cd6e72cf1fa8eb00
SHA1 40c46d697898cd5f927d0b5a18d15a251aea619e
SHA256 d19d1f679fff34ecebdf68e969a084a5d8b7efc91dd1f3ab0c97f04aaca46759
SHA512 f5a682c9aadf2bad46b74478b6b800d9ea809dd54d763d26d587d3e1b9ad951fd93b9aae2f97f9fb7145971ac0a6c31a789777b323dc512e7e51c25e68e0841c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\AlternateServices.bin

MD5 9db0da90f1bfe1575bb0008104367295
SHA1 01bc8763947fd46c3c77617d1d53961aea0e23fe
SHA256 c08569f9e9e1fd060e2b0edb169c721efd6c12ca8fdb394b6ec2bd44ab8c2117
SHA512 4240b66cc7e755120b4477c1e6d43be84105bc075d35a90c1e8fcd43638580747a766c2ae3ec49dc66c237f380668674dd08552b668de2f35839938b844c7541

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs-1.js

MD5 2ae503c7a736897d3ea62c5639f6e2ef
SHA1 6807d71136406a3c8cc25e7fd4513fe60851343b
SHA256 d469a6a843820f1badf0fc07c1cefa89ee70d2987497002337dd5043b3235f1f
SHA512 c050172ea2dfd149e879c9fde5cbdab5a8203f438c2141421c06def11757902571f2d47b32b58521c1534dca755beea2f94c1495ff358b4cb3f1983a953d78dc

memory/5356-459-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\cookies.sqlite-wal

MD5 be8b6249f076190a9daf53cee3fd2e58
SHA1 dc364dc1f5ccaac70bf85f686cafe4275c212e56
SHA256 2c288cf8c85d5f4cd8d8c96abbc90dbb553259abe25c09706563374145b3179b
SHA512 2f6434c8aece085f87116f827e670c7c76e5f17ce6a51745e636c455d951533c1b6d4b062a2500d5a39d1070c21e57502082f4fd3afb902f2ff9b04bc973728e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3aa6e31c125d83fb2eabcc9e33843dd
SHA1 ad91b78e1a9853ee876b77b82f75100ff5690d11
SHA256 c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4
SHA512 897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\places.sqlite-wal

MD5 f3bb8edd7bc374a19544ddb9888ef9f7
SHA1 e5ae9fa0442f76eeacb5161da531654732366e87
SHA256 21737aeafb47568c6b1e9519afab543266cc8bbbd3cef9a5fa2422ec19f9f088
SHA512 cba285278eeb630fb2fa25f91b61b942e315d92861523ffac3c100ece22ca28973e6b321e2da30ceb3c2797ee81e4a351eeeb01283a549b3b0d6f69bdb190824

memory/6444-540-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/6444-549-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/3460-555-0x00000000006D0000-0x00000000012B5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c18d0427dd34902d828d9e1c4dfabd57
SHA1 2338625ba821e7c864fef426bc7e412d3d7ac1f9
SHA256 cd0a0c647210e9274dcdafceb2d818596e046344f5c11381239950f96b472bf3
SHA512 155bc4aa3382970cb25ba313a2645c1049aecebe4d0016c83ea0d0275500d8e69d0017e1260cd4ec68656c0ad8f71a6cacba896d3618e78f276168c99a105f10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ac3b4153d2fd8255a037b60ad5d2e1b
SHA1 29cbd7e4b9e72ff0288cf0b12abdf048cad19446
SHA256 fe0186c19e491a5cf9d6f3b32d827da3f2ea15d3859abb169d071afc7fbf2ef2
SHA512 2361344058ffacef3da1ac26aacbf0895d91d9d6f7413aacc18c05c9ebe8452800d3f2b430048c56b4b068d9332192e52638e7087ccf95e02b014229a6e2bace

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a69ac073b64f7e2804a8e4e46644846f
SHA1 81ffbe1d323f0891090e08200e979f207973f989
SHA256 b3e076b93a12d15ea681ef3045bcf1f563a894f599057e0fab11053d4429ab75
SHA512 8100e38ae46ae8779980915e13bea7494710c14f33a40a070db578ce0f5226e9a365365ccc2eaa11242a2ff7911a3b90495ecb301703b2151f1104ea73a9e575

memory/3460-575-0x00000000006D0000-0x00000000012B5000-memory.dmp

memory/3452-579-0x0000000000E20000-0x00000000012D1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 830eb7354f2e921955d63f9f098664bf
SHA1 a21eaa107f63c4d26eda6532ecd5b3a2e8f2c5d5
SHA256 52e7f63cc9c52a05738b0cb8338bfabf7fa2bbe51aa435fddf4628a4016ab1ff
SHA512 f2bd04ad46c658a2679e30955a445279ed400dc103002790d491bbac8fecf88266f9885fce638b58440790df02f7cab2effe35fff261b91907df0159dd4fc22b

memory/3452-597-0x0000000000E20000-0x00000000012D1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 835131fdc909798a21b5f67a04af6c86
SHA1 45d5fbbead3b6d7a0f9d6728f29442217b9c4f0e
SHA256 c96c8b8323d42c20dc60707d15964cb928ab5f47ad9938b80ad0522a55f3ff7a
SHA512 1fb397e2ab67df1826387b31b1f728ec5a38e8af8ae05308711bf0734bd00d7542614e0f9cad12573ba04538c2c34953fe424662eaa88b18923805cd0da2b903

memory/5356-610-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/5356-609-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/5356-633-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\db\data.safe.tmp

MD5 8f0dfda53ce183a40bc57b37f31591d0
SHA1 4d8feeea1ad00e7476dfcbd0f384b1cc5f47512a
SHA256 3944a8821c6af22ec8dc452caf2a5ff737ac96908e96fb7b440d261e70f67993
SHA512 7d3d2acf73df1c30ff968d6f5c29c157b095eb1f260d5956c178c338e90b7678e111f96a5b6877a21ae894c525572d827b14c866c7bd560a6a623b9833405dea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 d151e091b29d6812b8167820ce1ed0fb
SHA1 b122289ccd40e2bb97ff173fe729718d1d3f83f3
SHA256 c81a08c8729e420547a426f211007be540bdda457545e2a67fbbcc76c657da54
SHA512 8b840c686aa674daa5a1c8a5d4b4648f33b7e9156b40a13d2e0fefd491ff6ca02f754c3ca4e90074fb3251dc054908b181591ba7527d091fda855acfefa28c70

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs-1.js

MD5 5daf287b9d8b06fa1f5418731a986918
SHA1 e1f0ad6d8b4a96091d20db28fe96346825bcf2dc
SHA256 aba1367fe124fbdb2465297647dcc7a6a84bbecacc84b50dbad650c05d231e2b
SHA512 3872720b73c056c52a8132c1f6e59efafa5976be61f7155dc07fc2a798132d37f8bb539685fc02a2cff73f9f43f50341ae348c612f0307f3a868c1415b95583a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1dda92f2c149d9271a94a72c1b22a1e8
SHA1 36118395032bcbea7aa377680ae443a95e98e3bd
SHA256 611cdfc39277666ba0b9228cbf4fbe20cff2b722bb37f11bada6b6fd17784e70
SHA512 059977642ca6a2bf55d970f73245670111ea840a6550d7fa5449fbf02ca53ab3344cf4d79cff38b4f6e1a0b2bc292a849d67d202e6a556df3232d018106ad4c6

memory/5356-737-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

memory/5356-857-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0663158ed1ed20e00991cd3ba5d2a70
SHA1 4a655dd4ee97df0f9f348543eaad1950489ce986
SHA256 aa48076acd68704a5d9bee6fd3536fa8311d8f2ef66efcbba91d2ce495b655d7
SHA512 97bbc1188c890250ed44399250dfd90695f4e21bf71c4a803494e5a900883e16493a7259fed60e697ae66226f6e123978e6fccb75e60dbaacac1d36e82ce7491

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 06debf4a6e91d40485b56ff1fa8f7612
SHA1 9e7164e7f36d8186459ceb9aba6078264e7f8d3c
SHA256 dbfefa617370c7421e8dfae2fc2bdd12d26820679fe877f67036a5dc8fc04d84
SHA512 84a4d44e890ff8c3c4e82400daca01ceca1f73c8d139b68b5d3aaabe7a25bf077e0f39077b1cb9d63aec7d5950b37121c5229463af0cd195b5972e4b928ee1e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7231ae3f693f50b5e000aa1fa51fb406
SHA1 aa352bbd247de950e8881fd8cfdd5d2d98be494f
SHA256 e10807d2d997483c43559794a714dc5e63534bd225f7e93f1f5a47a20c2ece46
SHA512 592034a385bc50fbc0a013a651539eb2e08feaa83a59ab5c9bcaa51102c99dd169436535729779e60e068a10a6685dbd82d99461c159733e0d350af2388cbc92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs-1.js

MD5 3c3991f83206fc3fce0b1c7fc4191065
SHA1 47eba3e4f40687fb41e9a5464d2456ccdd8abefe
SHA256 ef7680e5acf12493ef3ce1778c43096f4ac1398b037e46d1d18ccddb531ef1b5
SHA512 2be74c79aa0d3e39039dd2d512c9fa081a0de5515868c7d56516d0f3cab36a5ba42994bfae083effd1fc474c418fdc17adfb28c73cff8286ee6fef9c23bd342b

memory/5356-2112-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 88c0eeb5b09e47c812b8768bcec7520b
SHA1 65029693a93afc90c450f8a3dc0a915c343cb104
SHA256 d155e18a2cae33ec7ac95d78a5e7cc150aa32f42e8c2c944e31c53e6d4f9d164
SHA512 50e197b6ce460452b82d6852a2473cbbe059ae37270217f61b0c250d9979412fee01cb1f249bcee3812aa6a72c6a80aba74a1bdff7dec20b0470f8162f0f0fed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8e705591ff825c8151e2c7e32513c7b
SHA1 ac424e34d0dae860c91c6c39f50e709395957ef0
SHA256 7e3877cbe6f4d85c36d22ccc197a6a98b7ffd568df231c68c787f7ffc1043292
SHA512 e12a62d3dcf918202ada37adbbcad55465bbd670847d593ae658d20a1cdf443a7b1ac9e090334d35fd8188f3101bbe1fda334ec9e3db580c856b6d1948691391

memory/5356-3155-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/5356-3156-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d57d3c8baa4d4bc5f29aecb45713c327
SHA1 08b7124537ce5cc02a1d996a1d0ca80f0b6b2992
SHA256 8dbc3b59933031b8f9e4a69ff32b758e57de248e343460d6b03389d8a4ae7294
SHA512 cd68cd36bdba02956e7060e381e6ea7ea226e7fb910575fa87181926fd5caa7cbde6490f3e5f6a4600fe9bd933c9b9ff36a81bed34e7ea2396409360d3eacc21

memory/5356-3179-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/1768-3182-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/1768-3184-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 233355b9a8a7d846953c1963f873ea0a
SHA1 2b4fafa3eb6d61970b36095fc077fc10ff6003e4
SHA256 90d52738be8de5c44b573f7d1fb42783d17af647d9794286fd24f2431f62ec8d
SHA512 d4611859ddd27002822ebb990c3dfeea5dc6285f20a65d305bd4fc491f36b7d51ae144bb490faa37006ad2c4dabb429f63b8fc432edbca064e6ae95718766b01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4c5d4b12053773d8b20f80ca23a5df20
SHA1 a5e6479b59729d2ce2e930f1f0639c2c7f88e125
SHA256 67b8026dee2a65882dda9fe1649aaaafe431b8ed2649e9ee3f134be483c90d27
SHA512 68f8b17db1acbce47a4211de26e9d96031c74784d8c7a22a906469d3f03c40c35c9d2f013ae24f777b3d2630926dc300813f0d03ef96321cfcdcfd03f32a47c3

memory/5356-3217-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1a060b3d416b54df420434d247b75081
SHA1 133cf120428710c99ee86ba9616f72398c5153f5
SHA256 ff77e6b1f090d8369a474493bb630029ae28e7d9c2631f435fbf4488e292f421
SHA512 2d1c77bddc4aa44f5c026c0c677d64201fa664c3a8cd6e3059c51e573a8b0da4c32909e8b3635b5682c1025cddd667f33cb3cd8232a4629b7f3552fb1971eccf

memory/5356-3223-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bdae50f33696cb66d0f7b9683f5092f1
SHA1 356d18de06f19755404b00e51f7fe21ef9861fa3
SHA256 57f1111aa9d39567acde3fb21987fd34642f67afc23b6afb6fe0ddd7d6e8a16a
SHA512 e21af2fe0068cf6eb62c2548ad5823bc345d4b32211ba7fd70216e587f3535c51c03e3f18e36b0d66b5b1ec531a16da66bcd2a6ebe571913a79270182df33a16

memory/5356-3233-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e17fe603a1690845a499bc6f3c4ce2b
SHA1 608398b164dfd2984b78fb156b16f42b13504917
SHA256 1219394933d23028c4b2da2fbdea80e0f507fd64471831ef9d788e40e0d1d547
SHA512 c0d64274a5e28d3569746f3d906b70deff3aa5ab93054d50987393dfd700fcb0c86db1653d1e0162273a0ffcf728dd57a46cd9e6f65fe23e4f8117e3769020dc

memory/5356-3243-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/5356-3244-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 82dd067ccf093fb3eb130f8fcc89c9d7
SHA1 31802aad8a95fbee058e258fb37d4ffc661a0e85
SHA256 3d41e6da2207269494347c5cf4b26a69677e0930d948637845ece17a708fdb7f
SHA512 bd75a4a7f082f7ad6a9889f0fa73e4558fdc59ce5246bdd530e95d5bb25298f42e79a0ba4b9474fcc78ef5d9e5f28984c67bfb1659632964d8f32bd4bdfb1d5e

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

memory/5356-3277-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/5804-3279-0x00000000003A0000-0x0000000000851000-memory.dmp

memory/5804-3280-0x00000000003A0000-0x0000000000851000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf768ad4357db497af2c5acca9833962
SHA1 88460e92ac28dd614a5d32a422f1d7f574d2293d
SHA256 a8b61e66f426a8745352de8a2c73a119ea15b9c7ac36f37edd0ffc79d238c887
SHA512 95f09a73bf64a03c2e56f266796fb97488ffbf03f2f5280226c372dbcf436b99810dc34b81bee42ffc5bc82cb9f92e37a4961c70404ccca68e07941cf41166cc

memory/5356-3290-0x00000000003A0000-0x0000000000851000-memory.dmp