Malware Analysis Report

2024-10-19 08:35

Sample ID 240731-ag6xtswfrp
Target 11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412
SHA256 11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412
Tags
amadey quasar redline sectoprat 0657d1 exodusmarket.io fed3aa office04 credential_access discovery evasion infostealer persistence rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412

Threat Level: Known bad

The file 11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412 was found to be: Known bad.

Malicious Activity Summary

amadey quasar redline sectoprat 0657d1 exodusmarket.io fed3aa office04 credential_access discovery evasion infostealer persistence rat spyware stealer trojan

RedLine

SectopRAT

RedLine payload

Amadey

Quasar payload

SectopRAT payload

Quasar RAT

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Credentials from Password Stores: Credentials from Web Browsers

Downloads MZ/PE file

Loads dropped DLL

Checks BIOS information in registry

Reads user/profile data of web browsers

Identifies Wine through registry keys

Reads data files stored by FTP clients

Checks computer location settings

Executes dropped EXE

Unsecured Credentials: Credentials In Files

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Checks installed software on the system

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Program crash

Enumerates physical storage devices

Unsigned PE

Browser Information Discovery

Scheduled Task/Job: Scheduled Task

Enumerates system info in registry

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-31 00:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-31 00:12

Reported

2024-07-31 00:14

Platform

win10v2004-20240730-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe"

Signatures

Amadey

trojan amadey

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Control Panel\International\Geo\Nation C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\68e6782ad3.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000020001\\68e6782ad3.exe" C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f3c253d2b3.exe = "C:\\Users\\Admin\\1000029002\\f3c253d2b3.exe" C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4224 set thread context of 5296 N/A C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\axplong.job C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe N/A
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\1000029002\f3c253d2b3.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\1000029002\f3c253d2b3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2077438316-259605770-1264560426-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\1000029002\f3c253d2b3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4756 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
PID 4756 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
PID 4756 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
PID 1524 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe
PID 1524 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe
PID 1524 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe
PID 2600 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe C:\Windows\system32\cmd.exe
PID 2600 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe C:\Windows\system32\cmd.exe
PID 60 wrote to memory of 3892 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 60 wrote to memory of 3892 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 60 wrote to memory of 2852 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 60 wrote to memory of 2852 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 60 wrote to memory of 1456 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 60 wrote to memory of 1456 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3892 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3892 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2852 wrote to memory of 1080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1456 wrote to memory of 2804 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2804 wrote to memory of 588 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe

"C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe"

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe

"C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B1CB.tmp\B1CC.tmp\B1CD.bat C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc1618cc40,0x7ffc1618cc4c,0x7ffc1618cc58

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc160446f8,0x7ffc16044708,0x7ffc16044718

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9543a6b0-e767-416f-ad86-8265f765a65c} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,3677833631298529975,11792718041942399033,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,3677833631298529975,11792718041942399033,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,3677833631298529975,11792718041942399033,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2460 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b45c428-b4a8-4895-8f77-4fee214afb80} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,2996978076331287385,7558648772184205723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2288,2996978076331287385,7558648772184205723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2288,2996978076331287385,7558648772184205723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,2996978076331287385,7558648772184205723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,2996978076331287385,7558648772184205723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3328 -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3076 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b71ed17-c52a-4d96-99e8-3f044895aba4} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3228 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca928c96-1ee7-4137-a0f5-4bcda15eb83c} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,3677833631298529975,11792718041942399033,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4292 -prefMapHandle 4228 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a522ec77-0573-46cf-a21d-0362540bf5e6} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,3677833631298529975,11792718041942399033,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,2996978076331287385,7558648772184205723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 3 -isForBrowser -prefsHandle 5460 -prefMapHandle 5468 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9680b762-a070-4604-9f0d-c6bd49c1235d} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 4288 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c401b7a5-4467-448e-95ac-8fb95dd90322} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5856 -childID 5 -isForBrowser -prefsHandle 5860 -prefMapHandle 5876 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea0f9d86-4291-44ff-b673-626d06f920fe} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab

C:\Users\Admin\1000029002\f3c253d2b3.exe

"C:\Users\Admin\1000029002\f3c253d2b3.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5884 -ip 5884

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 1372

C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe"

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

"C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"

C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe

"C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\Admin\AppData\Local\Temp\silverrr.exe

"C:\Users\Admin\AppData\Local\Temp\silverrr.exe"

C:\Users\Admin\AppData\Local\Temp\pureee.exe

"C:\Users\Admin\AppData\Local\Temp\pureee.exe"

C:\Users\Admin\AppData\Local\Temp\adada.exe

"C:\Users\Admin\AppData\Local\Temp\adada.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "svchost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4632,i,3677833631298529975,11792718041942399033,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4372 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,2996978076331287385,7558648772184205723,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4636 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
RU 185.215.113.19:80 185.215.113.19 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 8.8.8.8:53 19.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 16.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.178.142:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
FR 172.217.18.206:443 consent.youtube.com tcp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
FR 142.250.178.142:443 www.youtube.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 www.youtube.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
FR 216.58.213.78:443 www.youtube.com tcp
FR 216.58.213.78:443 www.youtube.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
FR 172.217.18.206:443 consent.youtube.com tcp
FR 216.58.213.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
FR 172.217.18.206:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
FR 172.217.18.206:443 consent.youtube.com udp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 197.205.238.44.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
N/A 127.0.0.1:51709 tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:51724 tcp
RU 85.28.47.31:80 85.28.47.31 tcp
US 8.8.8.8:53 31.47.28.85.in-addr.arpa udp
RU 185.215.113.16:80 185.215.113.16 tcp
NL 91.92.240.111:80 91.92.240.111 tcp
NL 91.92.240.111:1334 91.92.240.111 tcp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
FR 172.217.20.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
FR 172.217.20.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.201.174:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.201.174:443 play.google.com udp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
FR 142.250.201.174:443 play.google.com tcp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
FR 142.250.201.174:443 play.google.com tcp
NL 91.92.240.111:80 91.92.240.111 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39001 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
FR 172.217.18.206:443 consent.youtube.com udp
NL 91.92.240.111:9999 tcp
FR 172.217.18.206:443 consent.youtube.com udp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39002 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39003 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39001 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39002 tcp
NL 91.92.240.111:9999 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39003 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39001 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39002 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39003 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39001 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39002 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39003 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39001 tcp
NL 91.92.240.111:9999 tcp

Files

memory/4756-0-0x0000000000E60000-0x000000000131E000-memory.dmp

memory/4756-1-0x0000000077DE4000-0x0000000077DE6000-memory.dmp

memory/4756-2-0x0000000000E61000-0x0000000000E8F000-memory.dmp

memory/4756-3-0x0000000000E60000-0x000000000131E000-memory.dmp

memory/4756-5-0x0000000000E60000-0x000000000131E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

MD5 b7578c50b713ab0f3de31c715e797f81
SHA1 80617bae8006230a63894226663dddaa4222d53d
SHA256 11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412
SHA512 d747f1f9ce2c47c82032ea16fed4038b015d507cbfc9d5df6569cf254032657f263ab498fbc9b9774339494d486b50fdbfe4c5cfb8b24de432c83bb8a17755f3

memory/1524-18-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/4756-17-0x0000000000E60000-0x000000000131E000-memory.dmp

memory/1524-20-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/1524-19-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/1524-21-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000020001\68e6782ad3.exe

MD5 4b67af171faedf1786697467acdbc63c
SHA1 b9bf249f79a7af45119326475533ab5fadd66b6b
SHA256 1dab3f3893bd28640fb2baa2caa5ccc03de88400c03b01ca2a1697e2c9f51428
SHA512 f5e7dfa827cd578dd0b4cc3f798c98ecc2081d214f7c04f70b82373ed54f9d1018435b54395b3a013b759bddb4dc1a9521cfcdd49c93be486af3d998e580265a

C:\Users\Admin\AppData\Local\Temp\B1CB.tmp\B1CC.tmp\B1CD.bat

MD5 de9423d9c334ba3dba7dc874aa7dbc28
SHA1 bf38b137b8d780b3d6d62aee03c9d3f73770d638
SHA256 a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698
SHA512 63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d3901cd618f65d66fb0643258e3ef906
SHA1 c9b42868c9119173ff2b1f871eeef5fa487c04f6
SHA256 1f74c3d5f4d41c4d5358e63ad09f8cede236eb66957f9888f42abf98b238c086
SHA512 89c122ea72ae3f26c94e34040e0f0a856506c8490ba36fce371a731b3f0588407c6356cca2ebea37ac829a67c2b398e298a64d5a72712172f69071264ca58e98

\??\pipe\crashpad_3892_VPPVDZLKTLDJSSOG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 54a5c07b53c4009779045b54c5fa2f4c
SHA1 efa045dbe55278511fcf72160b6dc1ff61ac85a0
SHA256 ff9aa521bb8c638f0703a5405919a7c195d42998bedc8e2000e67c97c9dbc39f
SHA512 0276c6f10bb7f7c3da16d7226b4c7a2ab96744f106d3fea448faf6b52c05880fe65780683df75cca621e3b6fff0bd04defb395035a6c4024bb359c17e32be493

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b1dab6f107904322e222be4a542ae0e
SHA1 869e7ba139d5ae74ce99d27740242e70c07e2fe9
SHA256 189b09731aa1765d1278cbcd0f015f7ab12196cfbf7be32e295b83a3edf809cb
SHA512 82d6b7d905c615cc7fab84d4aa5d4d8fb764866e6252bfc0f0a8323a145003bf62d1ea777be3e39750f45dda1ccb7f5a13e415d666d0317f5de3cb14909e8883

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\myic1olu.default-release\activity-stream.discovery_stream.json.tmp

MD5 30c0afc4c8cfed47ef15e1a97c8041f0
SHA1 0b2cd9d81be3a1f9817eedd0a064454ef6ae7f46
SHA256 041368f706ee562a6bc3daeb132b9113186ef578929fdefded3fab3abdee8ba1
SHA512 6b0bca41cb2ad1689cc85da0e27d309c82e1b9b0998c9f5b93a1ba46d74f86cea1aff3c6f4d75b86e7beb12b63975b5396a4155065a834ee06a71fc0fb20fde0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\datareporting\glean\pending_pings\fa78222d-60d9-4c35-934b-26c5171687f3

MD5 6e4141340aa00eb84f9e738868f03529
SHA1 b01ce8e545682c37f44bee0823efe798dc5ca9cf
SHA256 985b3f6dc511409baeaf21fef991eefbcf8ea33506fa36cc8d87ad1cda9ee45c
SHA512 a746e8e108673fe830217924298e2f385ca4e0e0e2aac7306ca50e9a96a7ba82dea512472e140133b793dfb88ea7b7c28fe4f9076238574b53babc7c7f8da520

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\datareporting\glean\db\data.safe.tmp

MD5 3bef1931863b21f7c0f7d542c45dc753
SHA1 339b530426f88e9c1858594679ee0c275b40a01a
SHA256 eb808dfb922a23414dd78d8bdc882ed5bb352e8d97e7f527fc99f2d2b542f1f7
SHA512 38ca54b606cb16687d2aaee56b0b527bb486a319c2e13ebda0eb8b3f351ed6e6b3eea2c8d99ed538cb5e438f195fcd4a427b09338c8fa00445265db82b52573c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\datareporting\glean\pending_pings\7c8dcce9-bedf-4333-bbba-2b038dd0e39e

MD5 a8896382776cb79d4cd07fcef90fa94b
SHA1 151cbcbeb160137453083065ec741a551a270718
SHA256 e313475cab4a60f6ac8b8ff873ac27b51df58cc100a8271541ebd9c5bf3e82f4
SHA512 8d77fa74f0b97b14ae67e6785ebeef77aac3e7a43dea3bcce320c984ff6b36a8249a0e13fd375eeee9f319d7695f6b7a086e1c91f0931481f18ad3a1f7039d41

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\AlternateServices.bin

MD5 93129d8acecdcd6e1c8d01d98a12b3af
SHA1 148712774c57492d071db3669970b2cdbf352f60
SHA256 846ab722881a7e5bcb4a35e1a908f38b559d66b07c69f90cf7b4876fcbab362c
SHA512 8ad67f06d17fefbafad9a17b831f67541c04b195b1bdb3aa6e0aadc8db92a563f106c038d30e5052243d8e5ce57356e521e2d835b56af570aeb22e912609eeab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\datareporting\glean\db\data.safe.tmp

MD5 83d7d38a0d93e58a7cae82ff6019e43d
SHA1 b66c6199fd96ed7f76cc1562c3d9906d4f58cf81
SHA256 a882de1ab47d8d949c8d56cf860bd268b26ac0542a44173a5415a2405697b066
SHA512 b3cef70c7dbe34bf374146d8af11e42be70549bf73783566e77e605b28e0448b43d37528b086040b7b9cf784a7b2c4bfd9916173166659bde51970f933a976a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\AlternateServices.bin

MD5 dfebe094182ce5589f9f3f398209ba66
SHA1 0b128b399597f1fc24c3f88a423d4df10f3d1ede
SHA256 bdd73c2b0f9f58f2c2e081889a2b91cfa81c5ff065d9eaa6ba918d6a02a5157e
SHA512 e2c889ce566d311076d5554f054ceea6d1100df7252a4dbb758b77f4c2af401508f40a217b03c32c2edf04a132fe3808d0b0e390b54c16b0314769b889ace890

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\prefs.js

MD5 d574916e06040269821aedab9f218ccd
SHA1 1ec5aa2b104c8a447a51b6d15642d598d68207e2
SHA256 0a0ef20b133c10219c9570ae4a327df1f7f94916fb297896d1bae47d2493e85c
SHA512 f4bf0dc3fa16e72963579816dc758d19495d0852923bf0a297ff7462c5946835b2b96c030db34703faadaa2959865cfa9d6009037a4a7c9b75101bd7f5be2a09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 60b8b39a48e099a79b96aa1cc1e0cfc4
SHA1 fdf8cae154235a990f757624591ec05b3891ac26
SHA256 cb5000e7cd62ab7f1fe45f8eb4ce9c4187f7b211436fa7dfb3aa2fef44400854
SHA512 0976939732ffc39a891c13248508fb2473c402a0f83cd1abde02db00c71404ae442537f71b596e6ac64e91f16a9f15d49f3af583d60f87812dd0916468534b58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 8ad98b9733d7cb5dba046cb0622b8623
SHA1 ac19b48fcd3bd8d632b9c8b654fe6349d2eba513
SHA256 d1a0b50df2150a0ac812bbdbb3a61f4f85dc9c226ec918464bf6d51e4a6ccc2d
SHA512 65f7befc24a499d72b07ceef592e49ba3c7b8a55a5c4b651e7fdaad61418bd8167b1950faef7c275bea997dde94b25461f1fd5000985d7a19f38cc75907a37e8

C:\Users\Admin\1000029002\f3c253d2b3.exe

MD5 e70b307e33e856cc9cb70a59a32102da
SHA1 24b6d3e99b0e5ee94b7b591c40f7ac2b0ba6f555
SHA256 8d7e591c16734d05b2b7d4b074a16ce05dc89d904d63e6de9add91aaeef4cccd
SHA512 0c59c31f54214c1875a9314f689346c4755371bfbbfd245f3c90a00cd32b3ff8a378fdcd1b4fd597a956b39d310e3b31993103990166013ff5c61c15e63aa50b

memory/1524-479-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/5884-480-0x0000000000400000-0x00000000031E0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3d3701988d5f6889588d152a0e21c4e9
SHA1 d6ce88f98d7a88094bb5526e0e60eb80f5ed733c
SHA256 de83f44c1b69f103fda6fec9c34278c35ff4eba050047e07537d77d18fe1043e
SHA512 15f3e6d818ad9e40ad02ce6608686301a41d3c22dda9ca85c67364a3989dec6dabc1b155b288daf4784be42e70af1270f20433d01c5522530fbd40d51cb7604b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a3068f6e41467a8d9f1a858b9b3dfd3
SHA1 4325c0094c4c6b1972e510925d552a5fabebfd0e
SHA256 015e4aabfef2c8e5ab433d6d602b24aa438000a70f9a15e84186f2477ca70343
SHA512 8091c6f418fbab3d50dfb69ae408c7f08ffc244ecdf87dfe5a4238e038ff4855836fb327589d477ecc6c3ffab460beeddddd1741dc575fa4651e1e9c033c58fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 983e051ecebed1c552a6e030dbdeb5cf
SHA1 12c0a5fbea72ec2684b71bbf4b6aadcd0b1864a5
SHA256 73a7a5c2263458408922a76bd452c66c7dbf729f14358677b1848bd2577a348b
SHA512 69d3edd65cd449f85accae972cccbd0260147f3697f406e124bef1786a2227f9f6c42d2b4354c8dc3fe35dc69a6285daf7cdb8a512d26255c10455008d290d74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e4cbc34d0f45c10575f9cbdc3901e2d
SHA1 400c841c1561290765fffdfa40b2566068d2f2b3
SHA256 b7fdf4e3e8fe95970dba83c0a6b5f6ef7e9514f35033295f3ae0d7aadc1e8dae
SHA512 15f8f5fae92f3f8df06bc4ec1916db2424314a06aca78c4e832faba71bc9906d95a5f7b1b7b426ff324a6559c3140b96892464cc1d4b90292523daa3bb5f2dad

memory/5884-508-0x0000000000400000-0x00000000031E0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bd7cd84505283c6b65bd061f0a7fb387
SHA1 807019e0cf03cbe00e98f8d13c09bffbca9f7212
SHA256 82fde32a1775ee585294478ac1c87d970f139aed1872f3523d01dd85d73e5f02
SHA512 7ab1189aa908da06ede0a007b40eb36b1d74eb99b5c522fd4f782b430cfeef051fbc1fabe1d759c2fa295bb63693392864cf409fb4e1e3b75efd55db34100afb

C:\Users\Admin\AppData\Local\Temp\1000030001\163804cad0.exe

MD5 248d72640b5697bedb167b6922f7d9ec
SHA1 232be32e0792a7308654b29f2001b4ece7c2dcbc
SHA256 6ea68397c9ada660d60cd92137460f9ec823d57374a5ea490b834362d1641227
SHA512 002d4f34ac151a89a9e778ca2f80d69572af44ff8c936ca8c2b383706d07598729b1908ed5f49921dd9fca9c4f920d5c2660cb8da2ad0514097dc7ad6291d571

memory/4640-535-0x0000000000D40000-0x00000000011EE000-memory.dmp

memory/4640-548-0x0000000000D40000-0x00000000011EE000-memory.dmp

memory/3240-549-0x0000000000350000-0x00000000007FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe

MD5 58ccb4c9da26dbf5584194406ee2f4b3
SHA1 ae91798532b747f410099ef7d0e36bffeca6361c
SHA256 2f502689b799fd964bced77e57edf4206809bb11da16cf4f7895df1df54cdc97
SHA512 dff6b4bf25fc5b5cf1a64ee645fb0310b072ec69c89a6e863cf9e0800e1d36f8dc4e567cf19c7dc8ac704d351b604cbf8d35959c3a64a10aa6b54f5c8fedb3c2

memory/5296-565-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5296-567-0x00000000057C0000-0x00000000057D2000-memory.dmp

memory/5296-568-0x0000000005820000-0x000000000585C000-memory.dmp

memory/5296-566-0x0000000005F70000-0x0000000006588000-memory.dmp

memory/5296-569-0x0000000005860000-0x00000000058AC000-memory.dmp

memory/5296-570-0x0000000005AD0000-0x0000000005BDA000-memory.dmp

memory/1524-571-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/1524-573-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/1524-572-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/5296-580-0x0000000006B60000-0x0000000006D22000-memory.dmp

memory/5296-581-0x0000000007260000-0x000000000778C000-memory.dmp

memory/5296-600-0x0000000006AC0000-0x0000000006B26000-memory.dmp

memory/5296-601-0x0000000006ED0000-0x0000000006F46000-memory.dmp

memory/5296-602-0x0000000007030000-0x00000000070C2000-memory.dmp

memory/5296-603-0x0000000007D40000-0x00000000082E4000-memory.dmp

memory/5296-604-0x00000000071F0000-0x000000000720E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp9D6.tmp

MD5 a182561a527f929489bf4b8f74f65cd7
SHA1 8cd6866594759711ea1836e86a5b7ca64ee8911f
SHA256 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA512 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

C:\Users\Admin\AppData\Local\Temp\tmpA6D.tmp

MD5 40f3eb83cc9d4cdb0ad82bd5ff2fb824
SHA1 d6582ba879235049134fa9a351ca8f0f785d8835
SHA256 cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0
SHA512 cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

C:\Users\Admin\AppData\Local\Temp\tmpA42.tmp

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\tmpA3C.tmp

MD5 49693267e0adbcd119f9f5e02adf3a80
SHA1 3ba3d7f89b8ad195ca82c92737e960e1f2b349df
SHA256 d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f
SHA512 b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

C:\Users\Admin\AppData\Local\Temp\tmpA26.tmp

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\tmp9FB.tmp

MD5 546977e3a641a2d2bf27e814c867a744
SHA1 052e8088dd0b04932eb5b6ba6e91de840a80ebd8
SHA256 c31c7ef19ea4b531cfc0068e961e380b9fa2bd1539926eae55db0802a8f59cc9
SHA512 1bc8fc811dd692cf0520046e75ab53331d29f0cc7285b0e8f018c116caf984b8aa48fe839a0a0d593b67b7b549c5ef1bf5a80940f14fcc05cded3141717bcf8b

memory/1524-762-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/3240-761-0x0000000000350000-0x00000000007FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e950dacbfe3d53666b9cda730493e794
SHA1 0a63438c57bd83a6479f900709110ba0b9816a27
SHA256 d8ca60c122dd66f0d2ff012d4e1c6387be4116d4fd7eacb80cd3368841d94ce6
SHA512 735c8ea03918a0a24a1867a3c60f30129f52024aabe75086cbb8c7a19c87bf6eee9f7b0a09887d50403751e5c8771383d19e939fecaca6a408058f79a7cb6fc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a57d46b1b8a2d998751e5ed105dba419
SHA1 817dd54025737500872dcb3e56e4c23fde6b77be
SHA256 c5b6c7adb35721996625a602f69a391e3f0be1919decd35432ddc06c0f4d4513
SHA512 e0ff235d2188b715fc6797bac6475dbb2af69f6d9fb17dcf6f6aa85ac35916498643fe1f2f7651fef731ee1e0e864b583dd523f63af19acf651d08aeaae73f82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f82caf57a5ee21421f9238734e8936e
SHA1 dd15fda77b475c5005f0428f71c7893a27016944
SHA256 b44d7885cfbc9b41bde138c423b8ad4066e95ce650c101ee3663bf1dfe9f2750
SHA512 6cb45bced73cb7682a6f09fea2d7841ed2751354830286dc0dc41e1fd6772ab72878b1dc5c637ba4d417113793c7785c508116ac0823d5d0ab0350088c01e77f

memory/1524-787-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\prefs.js

MD5 ec25d8f09e24421235c7390cee75a116
SHA1 e042c8e8d9d35af6846d80670a8a958da6896c04
SHA256 cfee61cae3ad8bfe957dfd8ed13840225e96de2435eeaf8173f2b942264bbd98
SHA512 33f5e9334eaf975bb008d7015a6042610f955118b8ebb94c523f700b445c09efbf06ad0b08b42aac1760de99b9ded123c9fcf94499a026f2043479e65954b01c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\datareporting\glean\db\data.safe.tmp

MD5 e42afd34d4eceadd93e412d9c98142df
SHA1 af41e6f1f8bc18613cfd27cfe82a9ee33e368f0b
SHA256 2c00b50958da77cabab63c6be98e94e15f156b6169109e4fa61483b3bd47d6c4
SHA512 b0fcf6a861017eb11f8b81282070394d68768cce0afe1fd3c091d8861520bfd16b140cf115667acab97d66c085458ed422465cc410d951f29cdc52f01a4e5123

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\prefs-1.js

MD5 5e9888f7786784c3d17554b7d6537259
SHA1 3d8c745a57b306e5dfbcbcc4e3e82895f4e8ff78
SHA256 ac934e88eefcb0ab7c7da4d71bd31a93478aa6b4f2b4dbf755923d46073e0746
SHA512 4897051ee68025ca7ebdb33afd38b8052a8917d67757463dd303db192f6706c95fcf881902de54e6273f29b856e1d9997c8563da5668e1143a98db156b02ace6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\myic1olu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

memory/3240-870-0x0000000000350000-0x00000000007FE000-memory.dmp

memory/3240-891-0x0000000000350000-0x00000000007FE000-memory.dmp

memory/1524-890-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a69129efd193ff2808b6bf8269edfcf1
SHA1 24316c49e2bffe5eed6849540f055d043950e70b
SHA256 50c9d9815f475ca0cf6d91d9256a68e5682011860c7c521e5662ba3b38b2b0b8
SHA512 a69f1881c3baa7c4e892f26690d3dd9ec2103da6b8ff40c566c6cedbf3ad2a2f662872c00cb2a36747c246f1f9f0e0f9d5db2c089a63a6a7a08c5d495fcced08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2fb78ff6ac162b5013d6b085b9a8a3e1
SHA1 fd2d0feaea8df8bbbaf879daad002e885d7b880c
SHA256 429390cf3e239a617b93427b9af28e22828ee5e28d3c3e481838fef9033657e8
SHA512 a8680c82dfce104e9b7b95322a1f6df2e570a1524fbb570c59bb26496d34251ed92dcb2e58edc999d32f4b63a7517f89bc8e227c59c9c0a06815230e41f3013f

memory/3240-906-0x0000000000350000-0x00000000007FE000-memory.dmp

memory/6780-910-0x0000000000350000-0x00000000007FE000-memory.dmp

memory/6772-909-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/6780-911-0x0000000000350000-0x00000000007FE000-memory.dmp

memory/6772-912-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/1524-915-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\silverrr.exe

MD5 2753d87e4b9887ef89c00c9940b61ad6
SHA1 d787408f7f335f71844b963c8e35788ba238db62
SHA256 ab0486b2252a7c4c577ca2d3082084418b624f6c28a5ae27aa22add6236d05ce
SHA512 4c1646864c6fdbb2fb6d9b681102712278ebe80a6a539fde2fd87835c283e48dd0b4229deed68046cb33a14ca0780ae1ff8fa2de0ee79ccc75a99d3cb90611e0

memory/7016-927-0x0000000000120000-0x000000000012C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\pureee.exe

MD5 0006ad7b9f2a9b304e5b3790f6f18807
SHA1 00db2c60fca8aec6b504dd8fd4861a2e59a21fe9
SHA256 014d6c58dd7459c1664196ccd49b796f861d7d7e7e6c573bbb9cdc7cadc21450
SHA512 31fcde22e25be698ef2efd44cc65b758e8c9e8b62504f3254f9cc44bfaabdaa0c94cefceac12833372f8b2797b6bd0205bb9c8f1626e25ee4117d886198fb7db

memory/5132-939-0x000001229F4A0000-0x000001229F54A000-memory.dmp

memory/5132-940-0x00000122B9A40000-0x00000122B9B4A000-memory.dmp

memory/5132-978-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-990-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-988-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-986-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-984-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-982-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-980-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-976-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-974-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\adada.exe

MD5 9c682f5b5000cd003e76530706955a72
SHA1 1a69da76e05d114a317342dae3e9c7b10f107d43
SHA256 36e6a3dd4bfc86c4e707f43cd9515707442d6c424b7661cb41766cfdca322522
SHA512 33bd859542e1ae74d8c81427af44022cb91861dc02ee4202505f1e010487d06cb27e1aa83be6af17be4e2d8973289595b2ebe9bdf99a187956662df30b6dc88f

memory/6524-1910-0x00000000003D0000-0x00000000006F4000-memory.dmp

memory/5132-972-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-970-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-969-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-966-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-965-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-962-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-960-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-958-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-956-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-954-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-952-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b33c01a0daf36a2b0d13b99eb3f0e767
SHA1 7b0ae8f3cfbadbf39d91d627a56bdabf0ed3bb68
SHA256 ebfccc47aa22cf254b9d0d81188785e4694965c5ca24c5baad04cf26fad55fbc
SHA512 8758ac42ae1e269809f4ffa414ca2a296ad213a9ac0c1e08189a22c12fc932fa8096b666778dc7dde097618857873de8d00ce9d8473f62d5a82ac51efd5724d3

memory/5132-950-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-948-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-946-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-944-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-942-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-941-0x00000122B9A40000-0x00000122B9B45000-memory.dmp

memory/5132-4975-0x000001229F910000-0x000001229F966000-memory.dmp

memory/5132-4976-0x00000122A12E0000-0x00000122A132C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a2b96c980ef0d87555932672ac6ab45
SHA1 770d609cbc9158221cb5e2942addda92cfe7f1e1
SHA256 7c5ede58ff78abb027a990e3f3b4fb857d030fd2bf9ed9fb982b91b29173110c
SHA512 e4a2341ead539ea782df09aa847c3f6f9c70e8ccf16cd62c0eb0df74ae3219f00ea58fa1a8a38912f7da97d64f80a87a886410d610299cecc4bf38f732f04f8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ace50afcc38bbcb087d135e6295240ca
SHA1 c2f85f44ccf618f65cf9a2b66bc7a172758d87a3
SHA256 4fee3531837cfd1b73d73ddf7daaa55659f494eeee3c2676e9bd5ae6a3f26547
SHA512 18a4ba0843c05c241a6274822c1d855f8a48f460a40b95bff6f41586fa2bd2da40bea2feccfb88d1ece988a23f361da6ccbe0fd68ffee5e17f9ff8e7535c90c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ef7795459277b30fa29f2dfd34689c0a
SHA1 4f7fae91e1473836cb40008579b0bbcec1159a7b
SHA256 49acb95f3ffeb83b750c5f5b5d3c0aac4e33e624d6040df6e0d95fd7d31dff6f
SHA512 93d70108251e4ddc2b19c201cf1feca2b95378bcac72f031367b9512b42918487b51e94a2ae50716759ad06613c42fb2d625bc4f25d40d00066683659dc80efd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6fc6dedf8ed839de0c3ac7ac0cca3520
SHA1 9b87fde1f63e4f1c23cfc54394200891dd1413a4
SHA256 6c5dfa845863cbe6f8e3328455395030463167fffb8adb0b9fcd6f645d107b30
SHA512 731a7040a5e9f00aec6b729f7119d3d1a519c193178bdf6ab5704fe5767f82076783b02e4a154eef0f25deec61eb8a9d49accf39df853128639712304ac5eb1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9995c41a053c2df114fd992bb9224747
SHA1 4332fc63938d624f145782b6de24cd4771b855b2
SHA256 f961e64b59582f83345e45742e74216544ebeb9dfe78821f2de4f2ce1037ef4a
SHA512 82734fc5e7ebfa68e032c88963e462068532f78c9006b405329ba6c5ae43c9e69e9b69811bf97f89d05382cc38e346a7eae4c3af8ffdeebe2f9934c618ba1fe1

memory/3532-5046-0x0000000000350000-0x00000000007FE000-memory.dmp

memory/4456-5045-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/4456-5048-0x0000000000AB0000-0x0000000000F6E000-memory.dmp

memory/3532-5050-0x0000000000350000-0x00000000007FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ca31554b89e885f67925b69eda57fa5
SHA1 ca743dec62e1eecc75d3efe12a972273c6f89aab
SHA256 d57fff02e2293b16faa8f61bc0684c90ef46f2daff91cf8199e40163d3d841b5
SHA512 7731aec0553279af6c89d12119c5272145f4260297197f8b88f1bddaad72e3da5b2d7cfb01eb877432cbba87921887baffe9c32e4631df3a64986a7988c493ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d0403a5d33f3d15c1789e3033324b68
SHA1 d5d5198c4a76365da9cc317577c82614cda5ef6d
SHA256 1fdacd27d1f41c026d93c9106be545e010d3e0471fcfedfc0b7c574050dbf9cf
SHA512 bf9bff8732a7acc6309f8916126d72d71ac943fe2a655cb6f6bb9f3974729135a09b2651695b63c9cfbf8734a025a652913b16cee07234b113e84fb85bff631c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a2c3f10423832ac190a39a5746d78b6
SHA1 12005cc526392082ddbe5146f8aeb5f76346db64
SHA256 06e792737bac27b40300fcc0ad5ac24dfbe311017113b40b94ea096279f456d8
SHA512 ef7a55c0a28c628ca8aa80cdd2ef612992ebe8cdcbd43e718f5430ae0f8b90fa44d2165a7d86a9acb076414cca7f38f4d3c289a1ad7a9a6eb5290980c0845dbe

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-31 00:12

Reported

2024-07-31 00:14

Platform

win11-20240730-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe"

Signatures

Amadey

trojan amadey

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Wine C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Microsoft\Windows\CurrentVersion\Run\beaaefad6c.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000020001\\beaaefad6c.exe" C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000\Software\Microsoft\Windows\CurrentVersion\Run\12450677bc.exe = "C:\\Users\\Admin\\1000029002\\12450677bc.exe" C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2988 set thread context of 3208 N/A C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\Tasks\axplong.job C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\1000029002\12450677bc.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\1000029002\12450677bc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\1000029002\12450677bc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\1000029002\12450677bc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A
N/A N/A C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe N/A
N/A N/A C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\adada.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\1000029002\12450677bc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1340 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
PID 1340 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
PID 1340 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
PID 4392 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe
PID 4392 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe
PID 4392 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe
PID 4608 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe C:\Windows\system32\cmd.exe
PID 4608 wrote to memory of 680 N/A C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe C:\Windows\system32\cmd.exe
PID 680 wrote to memory of 1096 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 680 wrote to memory of 1096 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 680 wrote to memory of 3388 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 680 wrote to memory of 3388 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 680 wrote to memory of 720 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 680 wrote to memory of 720 N/A C:\Windows\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1096 wrote to memory of 2516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1096 wrote to memory of 2516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 720 wrote to memory of 4900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3388 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3388 wrote to memory of 4908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4900 wrote to memory of 3732 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe

"C:\Users\Admin\AppData\Local\Temp\11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412.exe"

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe

"C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9357.tmp\9358.tmp\9359.bat C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9aa79cc40,0x7ff9aa79cc4c,0x7ff9aa79cc58

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff9aa4c3cb8,0x7ff9aa4c3cc8,0x7ff9aa4c3cd8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1912 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2190f078-32ef-4c88-af4d-62e73095b5f4} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,15371962353826212954,5959764857003956046,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1824 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,15371962353826212954,5959764857003956046,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,15371962353826212954,5959764857003956046,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2224 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67d094bf-5fef-4ebd-bc3d-afd5ce3c7f36} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 3380 -prefMapHandle 3376 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {272e1262-3372-41fb-a83b-e2e126f1d2a6} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 2792 -prefMapHandle 3236 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfafea26-f404-4240-a6a7-dd2f1b0ddc16} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4276 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4260 -prefMapHandle 3240 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c64ea242-d051-4135-914e-0039f576323d} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" utility

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,15371962353826212954,5959764857003956046,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,15371962353826212954,5959764857003956046,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5396 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6476f8c-7f20-4fa3-bd57-0a1abdca330c} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {118a57fd-e823-4438-a968-7b0563385bed} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 5 -isForBrowser -prefsHandle 5776 -prefMapHandle 5784 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e21e6e97-5b0a-4171-8809-14f53bd30d9a} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" tab

C:\Users\Admin\1000029002\12450677bc.exe

"C:\Users\Admin\1000029002\12450677bc.exe"

C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe"

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

"C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3560,i,15371962353826212954,5959764857003956046,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3612 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe

"C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe"

C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe

"C:\Users\Admin\AppData\RoamingHJJEGCAAEC.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5700 -ip 5700

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 2496

C:\Users\Admin\AppData\Local\Temp\silverrr.exe

"C:\Users\Admin\AppData\Local\Temp\silverrr.exe"

C:\Users\Admin\AppData\Local\Temp\pureee.exe

"C:\Users\Admin\AppData\Local\Temp\pureee.exe"

C:\Users\Admin\AppData\Local\Temp\adada.exe

"C:\Users\Admin\AppData\Local\Temp\adada.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "svchost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe

"C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "svchost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\svchost.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4108,i,15371962353826212954,5959764857003956046,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,1786782061535615016,6697054384645369405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5708 /prefetch:2

Network

Country Destination Domain Proto
RU 185.215.113.19:80 185.215.113.19 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 8.8.8.8:53 19.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 16.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
FR 142.250.75.238:443 youtube-ui.l.google.com tcp
FR 142.250.75.238:443 youtube-ui.l.google.com tcp
FR 142.250.179.78:443 youtube-ui.l.google.com tcp
FR 142.250.75.238:443 youtube-ui.l.google.com udp
FR 172.217.18.206:443 consent.youtube.com tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
FR 172.217.18.206:443 consent.youtube.com tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
FR 172.217.18.206:443 consent.youtube.com udp
N/A 127.0.0.1:49793 tcp
FR 142.250.179.78:443 youtube-ui.l.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com udp
FR 172.217.18.206:443 consent.youtube.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
RU 85.28.47.31:80 85.28.47.31 tcp
N/A 224.0.0.251:5353 udp
RU 185.215.113.16:80 185.215.113.16 tcp
NL 91.92.240.111:80 91.92.240.111 tcp
N/A 127.0.0.1:49808 tcp
NL 91.92.240.111:1334 91.92.240.111 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 104.26.13.31:443 api.ip.sb tcp
NL 91.92.240.111:80 91.92.240.111 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
CA 51.222.21.20:4782 tcp
NL 91.92.240.111:39001 tcp
NL 91.92.240.111:9999 tcp
FR 172.217.20.174:443 redirector.gvt1.com tcp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
FR 172.217.20.174:443 redirector.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com tcp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
NL 91.92.240.111:9999 tcp
FR 142.250.201.174:443 play.google.com tcp
FR 142.250.201.174:443 play.google.com udp
FR 142.250.201.174:443 play.google.com tcp
NL 91.92.240.111:9999 tcp
FR 142.250.201.174:443 play.google.com tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39002 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39003 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39001 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
CA 51.222.21.20:4782 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39002 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
FR 172.217.18.206:443 consent.youtube.com tcp
NL 91.92.240.111:9999 tcp
FR 172.217.18.206:443 consent.youtube.com udp
FR 172.217.18.206:443 consent.youtube.com tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39003 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
IE 52.111.236.23:443 tcp
NL 91.92.240.111:9999 tcp
CA 51.222.21.20:4782 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39001 tcp
NL 91.92.240.111:39002 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39003 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39001 tcp
NL 91.92.240.111:9999 tcp
CA 51.222.21.20:4782 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39002 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39003 tcp
NL 91.92.240.111:9999 tcp
FR 172.217.18.206:443 consent.youtube.com udp
CA 51.222.21.20:4782 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:39001 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp
NL 91.92.240.111:9999 tcp

Files

memory/1340-0-0x00000000008C0000-0x0000000000D7E000-memory.dmp

memory/1340-1-0x0000000077CE6000-0x0000000077CE8000-memory.dmp

memory/1340-2-0x00000000008C1000-0x00000000008EF000-memory.dmp

memory/1340-3-0x00000000008C0000-0x0000000000D7E000-memory.dmp

memory/1340-4-0x00000000008C0000-0x0000000000D7E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

MD5 b7578c50b713ab0f3de31c715e797f81
SHA1 80617bae8006230a63894226663dddaa4222d53d
SHA256 11a012a9ea53a482539cf9a42ca1d67882785692ea96b046e1cb2b3e3f7eb412
SHA512 d747f1f9ce2c47c82032ea16fed4038b015d507cbfc9d5df6569cf254032657f263ab498fbc9b9774339494d486b50fdbfe4c5cfb8b24de432c83bb8a17755f3

memory/1340-16-0x00000000008C0000-0x0000000000D7E000-memory.dmp

memory/4392-18-0x0000000000040000-0x00000000004FE000-memory.dmp

memory/4392-19-0x0000000000041000-0x000000000006F000-memory.dmp

memory/4392-20-0x0000000000040000-0x00000000004FE000-memory.dmp

memory/4392-21-0x0000000000040000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000020001\beaaefad6c.exe

MD5 4b67af171faedf1786697467acdbc63c
SHA1 b9bf249f79a7af45119326475533ab5fadd66b6b
SHA256 1dab3f3893bd28640fb2baa2caa5ccc03de88400c03b01ca2a1697e2c9f51428
SHA512 f5e7dfa827cd578dd0b4cc3f798c98ecc2081d214f7c04f70b82373ed54f9d1018435b54395b3a013b759bddb4dc1a9521cfcdd49c93be486af3d998e580265a

C:\Users\Admin\AppData\Local\Temp\9357.tmp\9358.tmp\9359.bat

MD5 de9423d9c334ba3dba7dc874aa7dbc28
SHA1 bf38b137b8d780b3d6d62aee03c9d3f73770d638
SHA256 a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698
SHA512 63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6d3f8df50f4e8800dcbd5fd773aa6da8
SHA1 bb98e6a9da020326e7fbde6fe37e330e90d1d546
SHA256 036b439d9115e20ed1f57085fc45f342d4e487718b07fbae2036ff4c2dcf6a9f
SHA512 f6e0d0c564a1adb05457e9179b7b4e82e0449f7dabd08fc2daa4eb11720680d4b2339ca06fd9f6cfabe38714c64bdb95a9c6d4885b70115870fb57d08424d733

\??\pipe\crashpad_1096_VQNXHAVJGTMROVOX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9ig7zofu.default-release\activity-stream.discovery_stream.json.tmp

MD5 027ad0dee460ed7302df0b3dc5c2c650
SHA1 50517b21b9c971222f63189e847489ae84250a82
SHA256 f3f38a34ce1dad4c23a58f603cfbe8b64ec7078465fc5c0f8d2be15291456e34
SHA512 529d4f37f2a55b1569cb5de96e4d035b7458841af03ed9f20ebe8e8a03012713ed16347bcefccaa1b4cdc4534b28b7c5a92cbcd0aea99d4ca9a88f84be664a40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0f7c8f29e855c33ef4092cdfc2ec0a4c
SHA1 db6eb184137c0480fc73d6803e9b71a20f0b2066
SHA256 b01c3d129f1a499fcade8496bd824bda062a0390bc4d04ccfa77696112c89d58
SHA512 1025c240c57325d5bc394f4c593b61a951f35448868f179e8fcaefa00f60e75fa6ef5bc84e768d2526831a4a6070e67e78b159b88d72ca789fb65f55535d2f60

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\86eef759-92f9-4938-a1fc-f992a9a75e37

MD5 0531ba777d207258434d09df54370d64
SHA1 e707360f7aceae01fb0809a7bd336f835af85ad6
SHA256 a4bf75f7f6f24986a1623d6afc13f6445589e7b182ee5f6b5e100920698c71b9
SHA512 493c658d64517e5aa0a37ac3963a984d38fed10f1b9514906cbd3518fc3761c60a7a531dbeb31cb3c3208c49fc20c1e7b209957e21674c0083264cd634ae90ca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\pending_pings\39bb935c-1a4e-4434-a531-0d8da27d3268

MD5 ecf8f30de3b6e55f36cab211b21ea291
SHA1 816d7c8bf49f8dc930e5acd20c357668530cbb49
SHA256 7a404f19734938d684a944e706ae9acc6704f7f079fd8fb24c582c3465533d8b
SHA512 13c82fdd2e9cbe097806be835823aa54440358e63e052a08a332883186404171be03415fc0a36fa37c7a7353c55a569141a8b3fcac831c41897f7f56b3d849ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\datareporting\glean\db\data.safe.tmp

MD5 7a9cd94c340e56a599aa0ce6f287bd3e
SHA1 1eb42d3cec195a84119c7ae975e4f0a387c0b0c5
SHA256 d3d7e010acd6fb8698c96162a49a93341b19a63e2e4ab5d6fcb8484b5600194a
SHA512 e4a8b345363f38014a14c78cba18b89b613137d52defe21f55213314ae6797ea5db958f0f3d1299a60d993f9e5298fd708cf47b27e4e7e4aa06c65c641bd8284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3a3e97df4618d8714d6c3add475b475
SHA1 185ee1367fbc98dbbc7ddc8a489a4446d76d9143
SHA256 d779224665687c12fc342b41141d866dedc49e78085dc274ee3472320c950a8d
SHA512 3c074d5d48fdb96885e7b1147f90ab4edfae7d8ace00ac82b47b83216781ea194cc199a76a7de57cb2d3e96f2639159c0f8f95352623dac1163103472cc49e45

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\prefs.js

MD5 af68ee576acdd8e5037f491b3267352c
SHA1 1225937458cbf4961183cf2895d56c322e443342
SHA256 ad941aa154b00dc8455beb236b74057cb156e7f533f2db6bb43c822f6d2a014a
SHA512 4798345831691cc14101d649c034d2ad3d8fd539c9afeaa91ddea43e74a4ad936d564534f1c67861b0edcc86cd11e28c4bf24f14a7aba335540cb8e3e3a8af06

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\AlternateServices.bin

MD5 136a081b9f0e42e50aa33bbbad7ac8eb
SHA1 5e85d114391fce2dfede11e899ee3e5f918ba447
SHA256 931f97a08491d43bffc4eba44fa28f8677771fe04cba3cb2800db6fd95e28659
SHA512 b6a052f9babd2a3fe4718d54571c29124ded96923457b1141bb4d6fa06c6bb76cb917b1f28e736429c4ebbcfaf89fea69694872ecef68b9c6394e9d72f9cb932

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\AlternateServices.bin

MD5 56abf5769eb854b6d2c59fc89cb3faf1
SHA1 03f7c5c3f6bbbbaf290747157c45e85026ccf253
SHA256 b4bdb2d10860179c5dadcd0a1ce6742d7585e5bd99a8bf570b1726c5bb77b26b
SHA512 1387d7d8eb200e839242092a4c16e1a3959ac0556713f898b7605d061e86a1e4011ed47d42fcbb3f1511808e0b7bc4d801ae45b5a07bc1b2c16c61a40d22e2b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\prefs-1.js

MD5 e806e5e358280296acbbfc922dfbc982
SHA1 5072f080866d5272a5053a7351c9e9d7b9344474
SHA256 fdafa9dea124c4c80adb39fbbabd51dc4d0af79bac88276c9454eacc8217cf5e
SHA512 5d16076aec6d4425d77d3f251884001e2244322ceae4161b817e418bcb0dc2d82381bfe9071e8977bde8baa55345e65be7f97085ff4df7358c41dd3a90f2e84d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 60b8b39a48e099a79b96aa1cc1e0cfc4
SHA1 fdf8cae154235a990f757624591ec05b3891ac26
SHA256 cb5000e7cd62ab7f1fe45f8eb4ce9c4187f7b211436fa7dfb3aa2fef44400854
SHA512 0976939732ffc39a891c13248508fb2473c402a0f83cd1abde02db00c71404ae442537f71b596e6ac64e91f16a9f15d49f3af583d60f87812dd0916468534b58

C:\Users\Admin\1000029002\12450677bc.exe

MD5 e70b307e33e856cc9cb70a59a32102da
SHA1 24b6d3e99b0e5ee94b7b591c40f7ac2b0ba6f555
SHA256 8d7e591c16734d05b2b7d4b074a16ce05dc89d904d63e6de9add91aaeef4cccd
SHA512 0c59c31f54214c1875a9314f689346c4755371bfbbfd245f3c90a00cd32b3ff8a378fdcd1b4fd597a956b39d310e3b31993103990166013ff5c61c15e63aa50b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 8ad98b9733d7cb5dba046cb0622b8623
SHA1 ac19b48fcd3bd8d632b9c8b654fe6349d2eba513
SHA256 d1a0b50df2150a0ac812bbdbb3a61f4f85dc9c226ec918464bf6d51e4a6ccc2d
SHA512 65f7befc24a499d72b07ceef592e49ba3c7b8a55a5c4b651e7fdaad61418bd8167b1950faef7c275bea997dde94b25461f1fd5000985d7a19f38cc75907a37e8

memory/5700-472-0x0000000000400000-0x00000000031E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000030001\23211a74a0.exe

MD5 248d72640b5697bedb167b6922f7d9ec
SHA1 232be32e0792a7308654b29f2001b4ece7c2dcbc
SHA256 6ea68397c9ada660d60cd92137460f9ec823d57374a5ea490b834362d1641227
SHA512 002d4f34ac151a89a9e778ca2f80d69572af44ff8c936ca8c2b383706d07598729b1908ed5f49921dd9fca9c4f920d5c2660cb8da2ad0514097dc7ad6291d571

memory/3600-495-0x0000000000130000-0x00000000005DE000-memory.dmp

memory/3600-508-0x0000000000130000-0x00000000005DE000-memory.dmp

memory/4392-509-0x0000000000040000-0x00000000004FE000-memory.dmp

memory/5436-510-0x0000000000470000-0x000000000091E000-memory.dmp

memory/5700-516-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 eebd2e3cc43496b21422cdfb253db17b
SHA1 d35b61d04e5b0ea1ca4e28949a46342bb5424c2a
SHA256 638371717231f82bcbd66769ab1377db93260eacef25874a7f336ad43ee215ae
SHA512 d99cf3845e10de91e406bc42636adc300b36093ad8a24a23ab3aa3d11b3cabd62237055b0f180f3ff76ebbc72b26b33c23a6203c15051b0ea6bdef138dbf3f33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 ec95e2a3946101b316aa5b729448f38d
SHA1 ad3ce4fde5d90a340ba0b466d221914423e4236f
SHA256 5c9c3043dd0ff0ce49723fea92c8d7e787445fedc9c8edf2b4ee5f5276add12f
SHA512 1c588389b843730d4011001ce4f26d64fd1b5c563e83736de5f06e77793e3418f89ff50263ee27f28f7f5a565082f1194c33ca60c09cf0154a0656b916a27484

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 f4b583a834f25e2f4318d622f329c9ba
SHA1 7138965d4904c84196cd2f37403be269322257ad
SHA256 7a2cabbde9b5c3dbfe64d0a9115b1a622948ac140749d223bcc3bce003fb5285
SHA512 5bdc1478fa56a59257b3edb665360421b206583bcd735342b2f3307ef0387abe5e0fa438cd5277fbe3c27a1613dc67a0c706539625ce1462a99e97a8781f026c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 3ea97efa4c0c66b0f7ff688bce3fdebc
SHA1 ec142910f791c133b952a9b5718179eecb4fb917
SHA256 f09cca57c4cb44d9a7aa6400db2559e36e200d708bd31fe4fb895e4e4ec73f1f
SHA512 a573625b6152416522ba4a3959e8e82609e4882df9cdcf23c918c5cc6527373f785db8ef4c1428108eeb4380b4912550e4a19215f7a9ec46bbf1ab07a46f1816

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 b03274a8ada5b0d8e84eb304950e686d
SHA1 7984de3758fa5e369bf19444f86c16ed4893eb5c
SHA256 e04aff8e61583068fd37d81ffe0eda35cfd27f3f42fffea3cc119846fd34192d
SHA512 d1cad3ac52af82ccfd1a01a76b0752e919be01e5c5e39a0978fecfb9b315eb7001229bd83d50d2e5247bd90f805fbf53ee49f59319b43622f5eb2d379993a859

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 66c09e4f23088b0b557fbd7fee7cfb2f
SHA1 d92882d66a5a4c90ec7e77afdf8dba4562a9d182
SHA256 3e9ae2038abbbe6adab8cdaae99664f565714ea65ff64946281294049326df38
SHA512 3e8d6cac0e8265b65f516b7ef91e415e60d6ea70ab737ab0fd713d4c02887703e940178a9bfc471dff516abba1c2c6f4f61915986c4d4167ebc745e641834ee0

C:\Users\Admin\AppData\Local\Temp\1000056001\deepweb.exe

MD5 58ccb4c9da26dbf5584194406ee2f4b3
SHA1 ae91798532b747f410099ef7d0e36bffeca6361c
SHA256 2f502689b799fd964bced77e57edf4206809bb11da16cf4f7895df1df54cdc97
SHA512 dff6b4bf25fc5b5cf1a64ee645fb0310b072ec69c89a6e863cf9e0800e1d36f8dc4e567cf19c7dc8ac704d351b604cbf8d35959c3a64a10aa6b54f5c8fedb3c2

memory/3208-567-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3208-579-0x00000000057A0000-0x0000000005DB8000-memory.dmp

memory/3208-580-0x0000000005050000-0x0000000005062000-memory.dmp

memory/3208-581-0x00000000050B0000-0x00000000050EC000-memory.dmp

memory/3208-582-0x00000000050F0000-0x000000000513C000-memory.dmp

memory/3208-589-0x0000000005360000-0x000000000546A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7770c44bd745407ff3ab3cc107187953
SHA1 af674dd31f0bd44df01bcd3118ddd192f0faa6ff
SHA256 8ff91ea1b2de09585fb4559b988f445fe7b607236e0c88a2e09af37da561e281
SHA512 c59d6e1550f8982c345a73d48fae84f505b5c48f29fee19c9f80dc230e3835b9d05ce367fabf6facdb80658f948d5784b83e7abe0336f3f536ae9b537f8ed42d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9ba8394bb35aaa01d26d0f3fb57d49c
SHA1 63bf8196f3fa7bd21315a35eb777111af1e04c34
SHA256 ef9a2785971aabb9ca693bda1b705c030ae62a599898d635efb498131fffa43d
SHA512 a201073feef88191c4ec2404cd373b8041b3173836356fb1e0107cb019a6ba15c54cd4b48ba09e73580cda4a62646e8373aa0283b0b57411a49af46e091f252b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4f4e98bc727c14db8dd0c1f8230df55a
SHA1 82f8d48fb15a0b7f9370379489138c8f51d89008
SHA256 8e3a37f1d26abf80b1ec97c555637dd4d4b49d4049c1bb8dd7c4adcdd82fbb2f
SHA512 f83a767b4319afd0e914ac4c2ed61f95d46480fe6a2837e0873085d7bfad02048b1facd46178d559d84666b8612b51561d7d84e483456a35a311b04a7ad7e596

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 28dd46e9b354881c74675307e04c704c
SHA1 d208161ef6d1cc07cbd359d67394f0fc01fbd913
SHA256 8e9109c9a5b53282bc9a27ad97ddd55777cf59316c701131168254b0960121c8
SHA512 4c9341090035f15b95be13585b9db663adc1f590af061195b9d7cd78214570648bed2964480a16f2fbd80911a1ffb389d372479e23c4fc6f316be3e650a1d058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\cookies.sqlite-wal

MD5 15c6f91dc74dec71100c08206fe3e97a
SHA1 ca778f3db3a0f106a6bfccdd131e9e055b3431c4
SHA256 6a793bebc58e5526c242dca585b469c90645a9485b7c3d1a4b63d6745a9b451d
SHA512 92ee9074fa4e643dc3dd78bc4f0fff344e8904d1d6cebcdebdde624e63784c07b480a0fc2b7c88213895c5d2508453d0c49847e854044bfac282997fb1d2095a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\places.sqlite-wal

MD5 500f19b7ff1c50fb7eae4f4305fef191
SHA1 bc2efaa0b202c45b5b540944987a7987b40b5929
SHA256 74dfbe0c6479a37e31a0deec60ca54f93aad477b013d84ca81c3648f446804cc
SHA512 124daa56f7079dcc0e3b6e09ff2b2a06424977d258b3a12ff0818c2b16803404c0f83c155d1fd79be068eae4b397f35b193fad73b7489fa089fcc81ddf9bb5e3

memory/4392-684-0x0000000000040000-0x00000000004FE000-memory.dmp

memory/4392-692-0x0000000000040000-0x00000000004FE000-memory.dmp

memory/6756-693-0x00000000004E0000-0x000000000099E000-memory.dmp

memory/5700-690-0x0000000000400000-0x00000000031E0000-memory.dmp

memory/6756-696-0x00000000004E0000-0x000000000099E000-memory.dmp

memory/3208-695-0x00000000063E0000-0x00000000065A2000-memory.dmp

memory/3208-697-0x0000000006AE0000-0x000000000700C000-memory.dmp

memory/3208-698-0x00000000065B0000-0x0000000006616000-memory.dmp

memory/3208-699-0x00000000075C0000-0x0000000007B66000-memory.dmp

memory/3208-700-0x00000000067E0000-0x0000000006872000-memory.dmp

memory/3208-701-0x0000000006900000-0x0000000006976000-memory.dmp

memory/3208-702-0x00000000069E0000-0x00000000069FE000-memory.dmp

memory/5700-704-0x0000000000400000-0x00000000031E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpDAFF.tmp

MD5 a182561a527f929489bf4b8f74f65cd7
SHA1 8cd6866594759711ea1836e86a5b7ca64ee8911f
SHA256 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA512 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

C:\Users\Admin\AppData\Local\Temp\tmpDB14.tmp

MD5 4df9347138f8c5c21f79e304feebc39d
SHA1 f25a489867d6de01aa96a3962fef1fe940dc7996
SHA256 399cb0a264188746eb17e7818d93916b71a8c2a6d44e06158c5de158e80738f4
SHA512 f98e2cfedc519bf12c97f2f4d2b5ce470eda25bb2cd02c5dadfac4d17a454762d927b4545f96ae6c544a1c4201a23468e16bd709add7019280664062250ecca3

C:\Users\Admin\AppData\Local\Temp\tmpDB56.tmp

MD5 22be08f683bcc01d7a9799bbd2c10041
SHA1 2efb6041cf3d6e67970135e592569c76fc4c41de
SHA256 451c2c0cf3b7cb412a05347c6e75ed8680f0d2e5f2ab0f64cc2436db9309a457
SHA512 0eef192b3d5abe5d2435acf54b42c729c3979e4ad0b73d36666521458043ee7df1e10386bef266d7df9c31db94fb2833152bb2798936cb2082715318ef05d936

memory/5436-828-0x0000000000470000-0x000000000091E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpDB96.tmp

MD5 40f3eb83cc9d4cdb0ad82bd5ff2fb824
SHA1 d6582ba879235049134fa9a351ca8f0f785d8835
SHA256 cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0
SHA512 cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

memory/4392-820-0x0000000000040000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpDB5B.tmp

MD5 87210e9e528a4ddb09c6b671937c79c6
SHA1 3c75314714619f5b55e25769e0985d497f0062f2
SHA256 eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1
SHA512 f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

C:\Users\Admin\AppData\Local\Temp\tmpDB40.tmp

MD5 14ccc9293153deacbb9a20ee8f6ff1b7
SHA1 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3
SHA256 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511
SHA512 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

C:\Users\Admin\AppData\Local\Temp\silverrr.exe

MD5 2753d87e4b9887ef89c00c9940b61ad6
SHA1 d787408f7f335f71844b963c8e35788ba238db62
SHA256 ab0486b2252a7c4c577ca2d3082084418b624f6c28a5ae27aa22add6236d05ce
SHA512 4c1646864c6fdbb2fb6d9b681102712278ebe80a6a539fde2fd87835c283e48dd0b4229deed68046cb33a14ca0780ae1ff8fa2de0ee79ccc75a99d3cb90611e0

memory/6860-890-0x0000000000F10000-0x0000000000F1C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\pureee.exe

MD5 0006ad7b9f2a9b304e5b3790f6f18807
SHA1 00db2c60fca8aec6b504dd8fd4861a2e59a21fe9
SHA256 014d6c58dd7459c1664196ccd49b796f861d7d7e7e6c573bbb9cdc7cadc21450
SHA512 31fcde22e25be698ef2efd44cc65b758e8c9e8b62504f3254f9cc44bfaabdaa0c94cefceac12833372f8b2797b6bd0205bb9c8f1626e25ee4117d886198fb7db

memory/6940-902-0x0000026D6FC20000-0x0000026D6FCCA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce0015fab75152e98c84b7039d7ed210
SHA1 140f9e427257be9f06c6f8c0575e3dfb3792b7c8
SHA256 6575ad21b98b3165831b3c014f59befdeddcea2d26f421ba6d278430b5910f16
SHA512 035dbca3493ee6dbe2156cfb92f48815dae06c7325a405cc3fdb7da50c1810a3723f442afd07f044bc0ce24265704652ac880824244f6dc93abe6868911db8dd

memory/6940-908-0x0000026D72200000-0x0000026D7230A000-memory.dmp

memory/6940-916-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-950-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-948-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-946-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-944-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-942-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-940-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-938-0x0000026D72200000-0x0000026D72305000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\adada.exe

MD5 9c682f5b5000cd003e76530706955a72
SHA1 1a69da76e05d114a317342dae3e9c7b10f107d43
SHA256 36e6a3dd4bfc86c4e707f43cd9515707442d6c424b7661cb41766cfdca322522
SHA512 33bd859542e1ae74d8c81427af44022cb91861dc02ee4202505f1e010487d06cb27e1aa83be6af17be4e2d8973289595b2ebe9bdf99a187956662df30b6dc88f

memory/6940-936-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-934-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-932-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/9164-2834-0x0000000000D30000-0x0000000001054000-memory.dmp

memory/6940-930-0x0000026D72200000-0x0000026D72305000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3b6cc72077ce7dc43e1ff54cc64092c2
SHA1 c9d0b398eaccbff7f6ce494a8512239143cec830
SHA256 1031096fc24d8c62aaa668fdeff72f3430f0f72ad8130643347e2b6fe3e3b619
SHA512 5720854d0ec7243a1a3506e98fc3a2085e537d9e637c6196bc7e00a237ea860723badb9ac16e63d2d61323e13f26a5caac4b4b0af8aa65d7371a5370cce8db81

memory/6940-928-0x0000026D72200000-0x0000026D72305000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 613651dc93a83ae33b8db91b7074d9f5
SHA1 afaa3d27c0c6b0fc99db1c2e6c5ecf0179c374ce
SHA256 10291ed8032b917837c13d243ba4c6be7567dfa127912bc9a82af872f8190401
SHA512 d8631c47d7a31a5f63c81c18b6c3071a7311d48814be3bf821533706aa274f42dee4bc22cecc4f053d8502fe6ccda0173e5f5b71bf5f38aeac78f41448f45455

memory/6940-926-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-924-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-922-0x0000026D72200000-0x0000026D72305000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c85a3e575c80ff90c81b86aafd538d49
SHA1 b7a01eb58d4d39562f9894ee9ef37d9c51722a3a
SHA256 1eb48d6479f41af575c229f76bffb39505336aa7f5d239e8b660a09e3d933440
SHA512 d1daa29ee79a81377e7448d1a7552daedccd8be01e335462123788ff815948e854943ee4f1d70e9137835a51ca2b7a0100c98692e08f1b66132275d908ede04b

memory/6940-920-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-918-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-915-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-912-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-910-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-909-0x0000026D72200000-0x0000026D72305000-memory.dmp

memory/6940-4964-0x0000026D721A0000-0x0000026D721EC000-memory.dmp

memory/6940-4963-0x0000026D72140000-0x0000026D72196000-memory.dmp

memory/7052-4969-0x000000001CC50000-0x000000001CCA0000-memory.dmp

memory/7052-4970-0x000000001CD60000-0x000000001CE12000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\prefs-1.js

MD5 c10241b4691c36b20a31843e12ee449f
SHA1 f300a2fd7fa7ba8ef83cee2029a88ea1d87157f1
SHA256 8946e83121d335cbbbbef8e2bbdaf4f11f8eb3287fc1f8d303d5f19b6bacccab
SHA512 a44fb298d18391ac0dddb47fb45a1327a58de28f387796e8b4f50c68ba818f8a7460bf0a91fcf65cc7b945a684dcaabb6492c1da25217fb4b9102a3c5e1ebc4e

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9ig7zofu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

memory/5436-5061-0x0000000000470000-0x000000000091E000-memory.dmp

memory/6324-5068-0x0000000000040000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1f5b4a3022f83d645871f284f3ee91ec
SHA1 556f37493e2173c594e4c34c3d3da652531b3f0d
SHA256 3ca7d0415034dc408b6052f2a34d51df36bde3f8ab0d386de34a001fb390ec3d
SHA512 5ae2b6fc66c3240ef44daa3e6e57f37e56db2bac30c7f53d1b105c3b53434909cdc3e294b6962b5e03678d860eac6a32686c38b55abf0ef51ca8cbf7fd038ab9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cb12d9186c68cd74b455d40fd85eafe6
SHA1 425cbffd021daa82527ab2ca0013964d74c9d86a
SHA256 b61ce246d9640aecf7bf09d1c997b1a338c3fc63ed535d68af9e03264bb33dbb
SHA512 d28ed992cb6857a2aed41681b5099d90d4231eca9f1bee9994c5dbd74780dc7c66abbf01dd1f943135ac8673793456a71b3b38d37d8092619a2a3965018e11a7

memory/6580-5086-0x0000000000470000-0x000000000091E000-memory.dmp

memory/6324-5085-0x0000000000040000-0x00000000004FE000-memory.dmp

memory/6580-5088-0x0000000000470000-0x000000000091E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1e9e826b0ad374c4a9bafeaa2912303
SHA1 8c0b12aefe76875107a10ae6e77168cdffbf2f92
SHA256 21a7317f85b3302c32487505601d452d17a1e821eacfa48ddd8aac0341a8c88c
SHA512 541bbc5c1d978e7646848979db695e3f4b4719766a5b79ae802118f09d76fda33a41f4dec266f8567ae909e9ec6c81f4a3822f2a54f516aefbf95b241b37ee10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f2b433753fd542aeeb2f295e2e054265
SHA1 8e36e5f58a4432116835e43b9eb0ce5886ad7d97
SHA256 2e9f79e7aed60057887960681693c7791a1d3afffc4374ec1cc21962191ec298
SHA512 b0500285b77cb5c8a29d04ac2edac76405037d20c8949c9357658396cd68f03f7bbc5ec87ff1c334896d62458c25cd9917c7f2c2243a7b8b40692c4a5981e0ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 67bc81406eddedc4a86a7d4b7b6f52a4
SHA1 96d4e1736af93021e10fcb5c6daab0f93f8a293c
SHA256 254a5762d53aaea84ac8df9e1a3b8143e05b2cc876b4c137ad1c0220d371adf5
SHA512 d9341004b877745fb993cfdc923faf96b7dac5515658f42618bc7049e673caf651bc8aaff1335e620f1a24de91a5d4cd189da5fcc03c5191898881175ab12e2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 368b902848cee4da96d643bf35b37f13
SHA1 60e8cbc91e12f5a00f226a3e4eb4f6f4caa0c91f
SHA256 22043ef1ae4c21be58ec92a45b7d0e3a152adaae4cb715ce0ff95988a18b79dd
SHA512 bbdf45db8e7f080189a9d33eb42f6c33bccd007463ed36871fff63bacf01db320228b45924a021965a7acf597375a9837746971e01c44bb991c7cd6a3b586d8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54aeaba3de86279d30c1409dd7e5443f
SHA1 18c895fefaef802403dba02dc7c181ff457445fd
SHA256 99fb60aaffba46981d3d043eccb7a403d496d09a6d361ce1329b5c31e56ec221
SHA512 dd5b8cdae9ec02035899232717ed6322124d032216e6824d0024a5d6abafe27a9579d7ecb1dd985cdd6d41a7d379fb5a833e0f2287132a4f6b03c32ad295c5eb

memory/8152-5193-0x0000000000040000-0x00000000004FE000-memory.dmp

memory/8152-5195-0x0000000000040000-0x00000000004FE000-memory.dmp

memory/6432-5197-0x0000000000470000-0x000000000091E000-memory.dmp

memory/6432-5199-0x0000000000470000-0x000000000091E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 484b17c97e1f16c539d19d014cc2d132
SHA1 aeb38b0e055ea81c0c0751600691a9aa64739d46
SHA256 8a5960131bd753428dc53fe9c89e9a747330fb4f1dcec98e40d13bc813aa51df
SHA512 0f600f02f76b3cdfa5bf696375949047d0e3bd85abb6e5002653243c1027351f8095c459b9138511f4fa9bfccdbb5ce6c5ead7a1d1ce14fdecec7f726b1b0555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 37c782c6b96ce4ddd60b39b10cf875fd
SHA1 1580a2bc4c0521050e2722ea2c868a9bc5a6707b
SHA256 764b715bbe09d89996b3ab2d44204989ec4e02ef698723eae146338d9e0af13c
SHA512 cae3a9d915badedc758f261b6276de1fc7a1f94e1e0a293e17d8b5ab825292de0c1f33daa1b83965a891ae44e333839d4898cad45ecef13c3d09951501571222

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ae4ff06a299f65a65e6539572a09426
SHA1 2b1ce19bc203f2230af0c271ed8276ccde856ee4
SHA256 1cd81538dd946cfe4450642ae6ccf3c699357ec075f30703f786d9a16f6964a8
SHA512 59c814d044c04c85adae8d604d02949ca181600b4b285cc442a522a09247d3f38484a9b330c8447d02c1838271be32343df2221efe239f62ba1956ecd3d5e890