Malware Analysis Report

2024-10-23 21:51

Sample ID 240909-3qbr9swemp
Target 9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377
SHA256 9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377
Tags
amadey stealc c7817d rave discovery evasion execution persistence stealer trojan credential_access
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377

Threat Level: Known bad

The file 9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377 was found to be: Known bad.

Malicious Activity Summary

amadey stealc c7817d rave discovery evasion execution persistence stealer trojan credential_access

Amadey

Stealc

Credentials from Password Stores: Credentials from Web Browsers

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Identifies Wine through registry keys

Checks BIOS information in registry

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Program crash

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: PowerShell

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Modifies registry class

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-09 23:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-09 23:42

Reported

2024-09-09 23:45

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d176c2925e.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\d176c2925e.exe" C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\svoutse.job C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\d176c2925e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703989844425730" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{560C1480-CB33-480A-8D5F-E19E3D7E1D95} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2196 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2196 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2196 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 1320 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe
PID 1320 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe
PID 1320 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe
PID 1320 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\d176c2925e.exe
PID 1320 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\d176c2925e.exe
PID 1320 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\d176c2925e.exe
PID 1320 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1320 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1320 wrote to memory of 1296 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1296 wrote to memory of 3440 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 3440 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 1928 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 1928 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 736 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1296 wrote to memory of 736 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1928 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1296 wrote to memory of 5100 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1296 wrote to memory of 5100 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5100 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1296 wrote to memory of 4592 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1296 wrote to memory of 4592 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1296 wrote to memory of 3124 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1296 wrote to memory of 3124 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3124 wrote to memory of 3496 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 3928 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3496 wrote to memory of 1308 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe

"C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe"

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"

C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe

"C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe"

C:\Users\Admin\AppData\Local\Temp\1000030001\d176c2925e.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\d176c2925e.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000035041\do.ps1"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2484 -ip 2484

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 1012

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce268cc40,0x7ffce268cc4c,0x7ffce268cc58

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffce268cc40,0x7ffce268cc4c,0x7ffce268cc58

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce25146f8,0x7ffce2514708,0x7ffce2514718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce25146f8,0x7ffce2514708,0x7ffce2514718

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c252a1e9-a2c9-4ce6-b8d1-f80af5e66ce8} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6550918550351869771,9728619728018517840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6550918550351869771,9728619728018517840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d0f4f6-9eac-4591-b627-50a8de02082f} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2796 -childID 1 -isForBrowser -prefsHandle 1020 -prefMapHandle 3248 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab195fa6-9972-4f35-b576-8461a9d3dcbd} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3836 -childID 2 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f37fb6bc-3560-4c4f-a38a-065afdd98663} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4076 -childID 3 -isForBrowser -prefsHandle 4072 -prefMapHandle 3612 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee1bd220-61b8-4b07-9162-453da86f570c} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4036,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4568 -prefMapHandle 4280 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f30bb0c1-180f-4a90-a1a1-c0680d65e11f} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" utility

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5948 -childID 4 -isForBrowser -prefsHandle 5940 -prefMapHandle 5976 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ad0e24-2511-4e8a-81af-f17be35590e6} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6092 -childID 5 -isForBrowser -prefsHandle 6100 -prefMapHandle 6104 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1a2bc35-065e-4dd0-a1b9-4fdf942dc254} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6288 -childID 6 -isForBrowser -prefsHandle 6296 -prefMapHandle 6300 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c516cf-4863-4e58-a226-7e1fb17c4841} 3496 "\\.\pipe\gecko-crash-server-pipe.3496" tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3784,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3680,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4644 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4840 -ip 4840

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 1012

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5260,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5324,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5332 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4852,i,5575530509408646400,3132372637250839812,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4705257756254973219,17871680967805721706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
RU 31.41.244.10:80 31.41.244.10 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 8.8.8.8:53 10.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 103.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.102.84:443 accounts.google.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.179.238:443 consent.youtube.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
NL 142.250.102.84:443 accounts.google.com udp
GB 142.250.179.238:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 143.180.12.52.in-addr.arpa udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
GB 142.250.180.14:443 youtube-ui.l.google.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.179.238:443 consent.youtube.com tcp
GB 142.250.179.238:443 consent.youtube.com udp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
NL 142.250.102.84:443 accounts.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.187.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:51126 tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com udp
N/A 127.0.0.1:51159 tcp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
GB 142.250.187.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 216.58.212.206:443 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.102.84:443 accounts.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.179.238:443 consent.youtube.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 142.250.179.238:443 consent.youtube.com udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
GB 142.250.179.238:443 consent.youtube.com udp
NL 142.250.102.84:443 accounts.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
NL 142.250.102.84:443 accounts.google.com udp

Files

memory/2196-0-0x00000000001C0000-0x000000000068F000-memory.dmp

memory/2196-1-0x0000000076F44000-0x0000000076F46000-memory.dmp

memory/2196-2-0x00000000001C1000-0x00000000001EF000-memory.dmp

memory/2196-3-0x00000000001C0000-0x000000000068F000-memory.dmp

memory/2196-4-0x00000000001C0000-0x000000000068F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 fb715bbfab832a6a7b4e05fc94a74b88
SHA1 b2f10e8bcd6e86d52d2e40d45fa79801e45cc4bc
SHA256 9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377
SHA512 448ff097de5c6bb92ed9fa4e09f303408729f14b7156bcf4fcb2d6fa8b5859aa04cbbaeb8791e9cbad6ab437cb5e86e582b715a07a13142215341a8ce8c3f9d5

memory/1320-17-0x0000000000E80000-0x000000000134F000-memory.dmp

memory/2196-18-0x00000000001C0000-0x000000000068F000-memory.dmp

memory/1320-19-0x0000000000E81000-0x0000000000EAF000-memory.dmp

memory/1320-20-0x0000000000E80000-0x000000000134F000-memory.dmp

memory/1320-21-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Roaming\1000026000\c155236b5f.exe

MD5 f47cc7dc355ae01926f6065316c3bd68
SHA1 6b575930185f216e4fa5116fdcc8906eb9f53af9
SHA256 25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794
SHA512 cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e

C:\Users\Admin\AppData\Local\Temp\1000035041\do.ps1

MD5 1f5ac0c26ba396b7af106e48db46ebcd
SHA1 5b504936cf427af26479bb1c0ec275a2fc77270a
SHA256 280d4f5ce7d8f2a3551ab509ad321971ff8eda76dad33ffae5b8961070209cef
SHA512 65eed3f167c83f53b7e2474dd5b2ab58c7dc7ddedbe89fafc016cd1441dfd02e5c92de3dfb9e2f0ca98b8f438779868999e3212ef64210fde27072e7ad64f68e

memory/1296-60-0x0000000000EE0000-0x0000000000F16000-memory.dmp

memory/1296-61-0x0000000005150000-0x0000000005778000-memory.dmp

memory/1296-62-0x00000000057B0000-0x00000000057D2000-memory.dmp

memory/1296-63-0x0000000005950000-0x00000000059B6000-memory.dmp

memory/1296-64-0x00000000059C0000-0x0000000005A26000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mdjaavv0.oiv.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1296-75-0x0000000005B30000-0x0000000005E84000-memory.dmp

memory/1296-76-0x0000000006000000-0x000000000601E000-memory.dmp

memory/1296-77-0x0000000006040000-0x000000000608C000-memory.dmp

memory/2484-78-0x0000000000400000-0x000000000247A000-memory.dmp

memory/1296-80-0x0000000006FE0000-0x0000000007076000-memory.dmp

memory/1296-81-0x0000000006F40000-0x0000000006F5A000-memory.dmp

memory/1296-82-0x0000000006F60000-0x0000000006F82000-memory.dmp

memory/1296-83-0x00000000076D0000-0x0000000007C74000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2c76afc5a2c5731743f37706c1fc87cf
SHA1 7e9b3c33b0e65d011882eae9d8224a3f2e30f7f6
SHA256 77fc781aa22f91c1beb606634a96088bfbbda95c1c2f08b679c281f2ffbb2dd6
SHA512 6cc81e2569857200dcd7f7c161536e9dd1fff4c9fb993fdc58c7f86b79b064713001de5d6af01136b4666439ce16532626559734549150408c8c101601ed8683

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

memory/1320-91-0x0000000000E80000-0x000000000134F000-memory.dmp

\??\pipe\crashpad_3440_FVITBRKYTFMXILSL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 553121bcaac45951d956c58785780005
SHA1 5a8aa1e97958eb6ea8fa34ab65727e560240c202
SHA256 a5a394f58fc819f7a7f8ea4cf3cc1eb47570864b343e7efe0ef14ff41f7bc563
SHA512 3bc47e448dd5b17744ad4876310b8fb438eff9d1c481b8494e8442fe949ba1b1bac2d717d32efc98b43cf4a5b5f2c1734f9c12721bad89664e2e30bb79e8329e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa67212cbb8ae1fb4624c735ed0bbfaf
SHA1 274468a7cdc5fb7af64e80a9b2674c7aea336cef
SHA256 bbf5393bb2ed6a7dcf40abb71986e01dc3a457780eb92da4b941a4c273f36956
SHA512 ce5f16ef1caabbc356e4e2f855c15876fab117fd4e5110e3c5ede59c043fbfce90e9af5323c9557d22ee7ab4814c149232e22810eca120fed4fe800c71524cec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

MD5 307a98f85fc562a888c4bcfbdd30cc04
SHA1 86aaee71a988f98c274103ae42cd294bca99f5f9
SHA256 89197f021c6a11bf2b39207264c9f4d69c8225fb205ef38097cc2493a0a71883
SHA512 25fd2d2a7b82c5fed7365413d1ae0bab1e48a4e2ebec2e1238ceba15e4c29a4856fae647a4af5319ec923117038262ed8ce8fc14116af59a52f56ba8ca9cc99b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\1ed23821-0ae0-491a-bb41-8c5df1c8fa77

MD5 d0b0873ee4043c18069096d213011d19
SHA1 1a800701871ad00766a96cb84f0a5d630cbb8949
SHA256 4c2ef279f0e5390762ecdfbfdf59a37ed3714d67bb9356337ccc4b16b0043315
SHA512 9c6ce269b95a8feb68a5128227aa748ce3740a6e16725f17adffea690811e91292bf03beb256c3debc812c87054709e0accb266c6364090dc72789353950750a

memory/1320-358-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\7a7ee295-cd2c-4342-9ade-24efe0d31ad1

MD5 7eb6248deccd462455e2b84ac92782ef
SHA1 98a830c82608c8007f484d20ddff8226ed3eb04b
SHA256 5ce2d155655efdd7280544fb1e0e9447b68178987f81180069381c13bbdd2cb9
SHA512 176a2b1d62e3d94978cd6f377b3bc4da0910487af9ba4bdc712ec5027f5dda064bcc854ac9a29c7d6207d55bf695158a00adc784f8a4fdadc7bd873083c9e19d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\6d355a2a-4351-4e9a-aeb5-8db6c5a2eaaf

MD5 d8c7ee92da4b9b68fcc7d043a912f25e
SHA1 48bc4d626c6154b4e382b65bef08572d8d06063a
SHA256 6203ed34a9da7de16899ad9561554469915fa06d3c5b6acc6bf74da515262f39
SHA512 dbba81e8fec809b1a5a441d2f74d03bf1029ebe1bd404806b384e4e0b9d983881b5e567241fb03801a4da2a7180aee173b92751b85aa99f7ec2add6c72269389

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

MD5 043b1567d4fac1f8f2cd12bfdc35a071
SHA1 aea07623240184f3b80d75c6d49ab9a8ea07ae5d
SHA256 1b42927e121e3c718602346163e446e0f6d9b82acc4ee04913a639823ca69e08
SHA512 c9fa423476ebae8959e473bcbd3b4769f82518521d3631ac93f0b3dd7a098058a1fb052168edb326ede5b6ecf84a38bffa5ca63a0e51d1bd93406169fd712f10

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

MD5 bad1cd68e4916f3387a54f94270dceb9
SHA1 44c514d110e96ae08aa120f999055e8d67e6aa8e
SHA256 5b8b6a9de558df1c3137fdc1a5ae94308c77c58ca153facf62268793051b938f
SHA512 f332855e70d3165a2fac6fed8adef480d936c0983160fec6e35d19939408939eb49a340279bd05edda652f2e90253565274c2f31324d266854de5f9967740302

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js

MD5 bd82d40dda99f9c488ed28397a15f47e
SHA1 4a1ea3c91b94635e67b41d5de80088359b173aa1
SHA256 2c6258552253a90755a0e06686068c94eec798e1a1ec6368a64ab40be788bf78
SHA512 d75835b774eb5778f576ff76aa338306183c9bf25b4fcac52c935305996e3784de8dd3401b3a890290df283f8c623573c3dcdabc4ebfe865ff55996b9982cd71

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

MD5 3f1f271a2d7d176708856351006db17c
SHA1 3ceb1071cc60a79c4b2c3c1f4a05f690bbcb3699
SHA256 bd82da91a1b960967ceea3b552252172affe02463e4dce82973a88c57de25f13
SHA512 79edde7d6265c7545b6cda04a2411b98f09c4756c522d33aa8628885ac12d601b8f42558dfdb60c2db363326a717baa814c8726a85d4ae70eecf9bf3912c8372

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

MD5 5f82d6e42bbd81e681b35a907483002c
SHA1 7a9366d2c2cbbff64b0187267c46a248e428d10e
SHA256 19d2bd7bcc8850ec39ddb8c6a524e7aab883ae66f3fdf16c3b11e9fc3a73162a
SHA512 0398d938a32c1d18391fcbbaa595b11c504cc5ac5179ab56c63ce906591cac248a17e3000deee26dcb7e367cd077fb155f02f8c21fedacd2037cc428e2b69e18

memory/1320-412-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 338ea86ead3bdc42f13d17d0619b999e
SHA1 a4c8ca6f61301241b6b46be310dbcbca0a117d59
SHA256 056b4d1953862455ac36ef76bc5269d837dfcf366aa99fced53976807131198c
SHA512 aae9f2cb132e27e0673d87661fba902a816892cdaa225645a226cf0f7b15a1f19168c99f133daf096f15dd267a2eb7f248aa3f80adfefc914cce0c495e0982e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

MD5 bc2742adfb0d073037c32f1bda1825b1
SHA1 6bbff91746228cdb7fa5e9d61ae00930be6722e4
SHA256 257e79b3fb943d5b8c62fdbe6a30178c88a108dce217a5c4a6f041cf59b4371f
SHA512 1b60199f1f3bf6ef8074410daf42275b38dc4221fbd23e861de2e6a39ae9de429e2a26ec7062edb42115319fb5e71af49845319940a6b5faf05bb6b59bc78963

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\activity-stream.discovery_stream.json

MD5 9d6f1a414125fa53c37a5c22a7f837fb
SHA1 df1c8fc84298cc4f690bda7bc609d331ef0be1fa
SHA256 50580113c8eb459527304d8cf02f727ee4371d609cd8cf86a3ba8e41c18ba38f
SHA512 5390fcb39d013d9050f45ba15a443afbab4a880ccbdb5dcd046d33bebdd22ed380e7f492490e4bb0d5f934e7f0f609e4367c67689131b46eae00413e9e9989cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

MD5 44e5237219391d709ae1d383e50cd4eb
SHA1 e9401a17988717c1d650bf2af5e1fd8db4a4054f
SHA256 d1f70f3247420742e2fdfb8c79b2acbe28a624eff6f8620baebc5ee848d12aef
SHA512 fe368eb6a9fc4a5d728f64c4af47ea6c27ebb4e56a48dc58c826f4ededd32d98d0bc597600f1983e9eee5de6c5bb444e8117b25bbc3afd8a4283e79e7150934e

memory/6052-514-0x0000000000E80000-0x000000000134F000-memory.dmp

memory/6052-531-0x0000000000E80000-0x000000000134F000-memory.dmp

memory/4840-554-0x0000000000400000-0x000000000247A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 e6fd019802e4caf75cc550b3df828db0
SHA1 f8a85e905b071c3b4309c345e52ebd60f31778b9
SHA256 9a4d03b9c6e9951eb4b28e4d1137d395ffe902e82a5713c9e5179463d5351f25
SHA512 3439e2be3a5146362cc0ac40e9a5c1c55887be0177d7fe5c6b4cafdc3a17c52c72055247dd8bf7d6d0423f816fb2ec4df1b69d222a3ade8fe023fb8b3eaa5b79

memory/4840-639-0x0000000000400000-0x000000000247A000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\3F6BAE390F7FB4267066C23DBD35348B57989359

MD5 dd5f59ff378185fc2586116ed3b6e38c
SHA1 6eaf3332c410c219bde6e64f13aaa6cd8aecc8f3
SHA256 2963978d2f5d974d02b62f9212efe9a854ae52bae247f2514324c95c3227e72b
SHA512 7202a5932474bb39fa9277346fe8a841a005b3bf22b7357ea368ef67aeb9c738235bd898c63eeeec1612d342e45a85c2448e195f61208ad80d2db8b1ec39bc1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

MD5 9b337ff5e9234825dcbae629af4bb3a5
SHA1 d83d6dc4d8805820b933cbbbf2c6f9519ae7cd5b
SHA256 fb05240884a97de5cd65f157951eb3091479786b6f27cbd4803a7a10110f6eda
SHA512 39f40633421826da5e0c4453cf78178d2e16dd1e59ecd4fbd7099984ac5abe937f64c564a0eb98f4aac17a0c6d0f002f5cebcd0d3a3355ba0c98b93ba60421b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7ec87c179dfba2e776dd7f76ebb05e08
SHA1 a293e642e87613a5b0fcce898cacdcc96950778d
SHA256 eff4f7b9ac91c71b39a7c364de5dbb9c5be790570cc9ef00c54d65e1b6c797a4
SHA512 5c3234cdcbc78c693ce4cbb845abbb8f62d3ce27229473d9e17e987c64805915a97b4547f8a416d606e57cd1d71b45a7496e4777dbaeb5e3c48939ed0bc09079

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a890e8b77482dfe5c2062f75f6379fe
SHA1 336a99bd32231ae685e775d723c94a4fe347fee8
SHA256 5ca2fd630df77d721c179381d508251f79c5d9703475894dd2ea80ab7ee43d88
SHA512 6aec83cc302d1528a47b8e2dffbf0ade72297f2785225eb5f78ba09b9c42df4c9f488dcd55450a4cbe105d2cd49b2ec6f78b9ae5d0ae906b75c82f63370cf3c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e1a079b8d09a117b3ccf494d4d871bef
SHA1 bb6386606f6b0baedb975db6b2299926b9f98de1
SHA256 07652b10805c1038e3a61ce374b9116d3a4a64a57c4da090a8d31eb120ccf86c
SHA512 a3651239dc969ff16ce21db05d932a21d0a64aa4cbf825d87c8ab6567071972aafec20a546e0191dc3cbc52b8e71a5c40abf25d154c8cff8962c21a8734dad3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44f85613d02cb77fb07c1612929b8ead
SHA1 d8b9a4a29716ec68012449864abdd0d2a8f661f8
SHA256 b20b1efb809fff9e33d83f5c60b0effd2a9d72b4bb71940514a1a9ac7c17e40b
SHA512 96d358ed55d5ce4612bb0b6b0e8b6fdf653994502abf9b4ff3a6f91184aa4630fe61c97274a845ae34ccec2b6147c8deda83e0720d208e1ea978e3bade5ccc3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 455b59fab71095a28fbac9db4a55f378
SHA1 dde7828d86e2a1f6cad847e7696354cd02a27fea
SHA256 fdc3725c10cd5c447fd63bdea8dc1aa06196f63d27c7cdbec6b38b14afb800ec
SHA512 74ead52fad8ee5d26f48506562e29333a6254c5ebb03fb4ccbab8e1395a2740c3844763ac63357202071016d7cad5a61faac17365a090da5cb07eb7d17a1ffe2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8df8345a1e5f8aa26c0ccd70d8f874f5
SHA1 ac05a9eed4a0d81ee2aa81e6ce37b6263f5bfedf
SHA256 1430f70ba19274216eb23e20ce2a161e48de712aeafc493d8e4237e7f96be12a
SHA512 63a2c0ceb0a551a575b8622f9c95a8b9491c0091ef4f29e174a919c2f5074c6db989cabdeee6f248fdc19b267cd4a4a86caa9347233415827b79a4d4e7f70b68

memory/1320-732-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

MD5 43cab902c4e0a1355b596a3d3105ea23
SHA1 8b38eb117d565cdf44138932de7d9cf325eeab6f
SHA256 610ab6326719939d36da9965b909f2bff24a3891d5d7f3e22e803c357d0d03de
SHA512 0f7a5e36c22c0de401791586f18467e078cbca6ea1d2599cfc15e269b0cf5a9ce4b0c1f3801478f4f209353f038633727fc5055098edaf73fe201eae22bb9b56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 9428a3a8b95408ee9cc4ce8842ae3b5a
SHA1 bc742a853cce14bd32e43ecd8fd843b49dcf9d7a
SHA256 7418e2518a132c8349c91a4adb8aab336f672b67f26e85aac41270468cb35f3f
SHA512 3302e8ec2176f2c24172848495f970a22e4c8a88a1f043bd44bcf36be3f17a4267f683568c4ee079de495fd113de159b4251de7eb750f114779c688306fe2b2f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

MD5 cbae572bb10570b2d3f9a310f53f55da
SHA1 b3b8c7ead5082b13ccec321aae78bcf7ddcc8675
SHA256 5618e93c2888880b8fe4fff698fee9dfb7b8b68a410a444ae1bb3b571ec4e607
SHA512 0880600a9c253501184aa80b82366e749204d4afee91b44e1067b05285aac23a424eeb3b0615d5dafd46b9a647b33b6f1ff0cc962989cbfbcc3d4693ada94013

memory/1320-768-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

MD5 c15e6b15c1e98722758ab6e1cf5fee3d
SHA1 01aec7c3d6a550cc40383a6a5357f6f885accb00
SHA256 4457369bf975a3f8943a979cf84be1718e7b7d3f42322bce7f281e5e0a2ef6db
SHA512 7800c15e222e36ddce10560c3ce691c6e5fffd283a9f4d13c0faa83a5a01cbe3d8ec8ddfaf6a260503e282cd7358f999cdf1440f6b8d7b6f90d76653b8ddc3f3

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 94cddc2dc1268e10ad375c14e1113347
SHA1 70bb0d146fd4ef7e1420bc03008990d19fa9c760
SHA256 866c2ec27567ac372968dac4a6b636395105531a948eb82388c9962b78d6e08a
SHA512 c9529e0711c3f2370259aea28cfd3e52fe0e22b05e68963b7272adac603abe963db55a453056a1fed91a21f0676a2ec7721e9fd9a1fe86082b921c3fd791843c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

MD5 5595c6414e68ea83eaf85592f85305a8
SHA1 ada86ec6f64817cce40a7aa169f55ed39c36f336
SHA256 90132f789079d863219d9b2a4633e3f08953addaf28f9fd89338f1ac926ff7ee
SHA512 d1c3dfbfb86d56b7daadb26f5347b0726817405bd006eb771e593a00fec0d33f949aaccc144b1b6424f56749e4dd903e6ecccf8ee3cba2aed9d550be5f8a12a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

MD5 146f6f89d6510f9eafe48a2070a12ed0
SHA1 8b5f741df4c1e4a5011a1493669ebd47c7905f79
SHA256 e01f2ee158763258fe74bb8006e04f79d4f58d8f2e02175e65bc11426b7ee27d
SHA512 f57d42ba4ca486b34d70f0fe717ee8603329b96e99c8314801fe60c964055a7d7232e3ec8fbc881e02379d6d1ac77fe57ab59556749d30fff414a525470fae6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5c3f4d2cedf2f7fae344e382452d01c7
SHA1 92908f4b6a9d560fd11554f94aebf5d6f68cfd0b
SHA256 bdf890d87f564f90d6d0191d7f228947954ebb585702e076832a065b05e0f309
SHA512 1899d43c612b0f76cde08fa77b096db910480f7cb97bee8af9a713472e8229e06a3fc842a5c69183f90f33c14b3f81b370b00055e102e4e74f8b03940cafa8d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e1c78baa219ca5cffe2541c855948b32
SHA1 5ab5f26696147e8b73cfe317dd3f1809140c4e0c
SHA256 00adc62d2be34cca56d424dd0ac8634299e38a61021157f2d40989e73ffc1908
SHA512 63ed76fa616be8f29085f87027b184d3f7b558253bd0559da9c3caf5cce4118db20878ba3bf3d727e8dc0aaf629731ff6ab2364464713ed48c7465f0650221c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

MD5 6663c4bb235e6253bc224f6434ea9b93
SHA1 2d7eb240e0b983928ba1c71cc109fd15d3798a01
SHA256 0edbcba9983efb48cc0bdf5826e58e4663c594cddb3cf1a2c3b8b8bf23e85bc5
SHA512 b993ea6281be2ff9c03635452aea53f419d8485f2fcbeb91d2c4bc92516f9cfadc9ec01e6682a1b80161ad37dc0e0ce7725c51c567f96e67ddb6caf2dbecfe9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3852c39d13a465d226f228d432ef6ce2
SHA1 03bff3c52b25a2a1b96cba995e6a019b42750d03
SHA256 a1ae11399462c973160c412818015a6314441f54c72451caea45a0ab39ace852
SHA512 47030eb369445da1bdce4c12f7acae01bd84461ecbb9c69f0baa663abb1a87b140cdabb2b41071b8aceb17b6f91fe63cd52e1ca09a1c0e9c304902c421fbd6a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

MD5 bbe025544bdddf62a76eca40fbb62ee6
SHA1 4e790b4184eeaa03d084be5ebab4be9d3d8fb534
SHA256 84fa115c6dc5dbac5e2b01e1463a58f4a0b0c08ca96611987551e722f20f39da
SHA512 4699e2fde808e5e15e40c129daa04b8b3d689358cce4a1dd1333f542bc2c2451b00f57fca871949f0f106691ddce6f77ea70b8b754367e556b4008e798625612

memory/1320-1006-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

MD5 def044dabcfadc323a1e330e11af5fa0
SHA1 85a53129afba7f9c959c796637ca4950eb7d489a
SHA256 78ac5e685a152d7cb9ba8771763eb20a992006681565ad9a4cb62069b0eef9c2
SHA512 527af85b953381f0d029ac3519b6c118348345051f1d0884202ac381e6495b71c674a2a2bc56a3ad9101f5c2e7f99385cbaa6b3cc45b18a526731a7b20df1cac

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ac2e22f0ebf026b15e56d9dedab9f8f3
SHA1 f0a75ba2c3f67e4021c41c2192dd86fdb81b4b1c
SHA256 ad8d82dbfbc194ac7b5c40caeac2d1ff45fc0b210af278f801058dbf3036e0b8
SHA512 32f3d2330df76d163ed7c3bca20fa4ceeda562e9dd9aab381491d5ceb9edfebef83145e6327cd408616cc2da96001a5a67359b2200e052cf3441e2b5cf80cb39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b93a7b5fc169a7c012abf3fa2c5a082
SHA1 ec7f4d8d47f9c431a0d2deb2055be30d4710db74
SHA256 1b1936b08801fac65c50ec05cb7a31747981fe794d9456a3d1bf332d33f8628b
SHA512 c0c869637cb85c3a1c401f62187e2b9f9f16bbd24e192d5a807ddabc04aca1cacaac5df2397260c72750ed8b78cc4727afd993da78cd08f860c566135805b747

memory/1320-1068-0x0000000000E80000-0x000000000134F000-memory.dmp

memory/1320-1071-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc242f8d9c66aa6b3c4c3f1f975099df
SHA1 21a0695963e37196c4faaa8d97b426d4995c7298
SHA256 27b0117c86471247f98caabde36238e809d587ed1cd6674cf011e75b9404d736
SHA512 cc9531d552e0e6ce1eb6b05d3213cd3a5d8689e840f5a7eeb4ac21c28f1f186c69037c78ae1ba40b4a55f19379256582e4f9b568df0df96b2ff271a10e0e7619

memory/1320-1086-0x0000000000E80000-0x000000000134F000-memory.dmp

memory/1584-1088-0x0000000000E80000-0x000000000134F000-memory.dmp

memory/1584-1089-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3e8d8e1917bebc94ab927078f85a65e
SHA1 2409978e437618342bc46e945ee83688f0380580
SHA256 08cd6b83a3301b066a1711c0cfce9dae18d4dbb596a8a281c4171545736ae035
SHA512 1ddab7300a59289ffe874406e91759f164227e5cee285a5ccf1e1834a7a631ecf867fde1684ff498b7a8cccd551ec2d8dd45d7fc216693137fd2f1530d538239

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2e50e8466da82b925de4ca856b760d21
SHA1 6df00fea304843cb708c66346294582e70d1068d
SHA256 ea59d2066871d383f5945e7d1bf7345e5487c89bc0af70237efbca76693f727e
SHA512 29a4a7d113d54661f50daeae2baff6af94a4d142f3249d9d61d1b9043a69449506bc0d11cb60c28c60320cd40330e957c8531c8f110cb57235742b8d1c862a44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5cb21ce0ff8e3cdfa84f21a9e556daa1
SHA1 b7263e67e7309f484865cc58ac5a6dcb2a45c2a6
SHA256 e8737f69588f5127d45288cc13dc60eb4a76b989f5b323e820249fdf63cf6bdf
SHA512 ef40f3c35a60ed13b6bee45d49ee760510f289277d3d9ab4384bd6d6e2f13ae5f7a8284583c5f8935de95ac07fdcd3eff5eeb743e2239a3b3a80f48c427993a3

memory/1320-1118-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

MD5 4ecffc4e27e885c2e80de3ac34db87a3
SHA1 d5799cfd1d2d3b0becb0bdbf2d2091c9e6303fa1
SHA256 a3d378caaab4e9cda0c6bce0905d890980e6f9dda187529e287e8d5c0afe928a
SHA512 3fe6e63cbd9db3861f45e458896cf70dfb82cf89609ffdcb98cb9c5033672897ff43a088547ea1101a44d7b39fc328c36522eef4312ee2653b03c2a6303a846c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d5c96895e79cce0431c31475c557552d
SHA1 19641f650929f1070d1857d2f7acb28aaa6ff244
SHA256 8a3c98e1bc25259df1ce40ff0be90f64acc7ee54c2aaf62f948d0c6a263b95d7
SHA512 9e63fcd336f21b534f2512147e07707bc755741cb2e399da294f0a0f13928de72794d7807fce62ca67011b3ca1693b244ad20fe4d7c1e0435a2cdcb09558ea09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590788.TMP

MD5 62c387d974d8ce9947d4c9a099b329d7
SHA1 f6646a5025fdb9725f7cae468657468dce1c9d44
SHA256 1c9163a0791418a0595eaf773ec45da0e20a2e3e3480c3811dd2d60ef963c0c3
SHA512 770c27bfd37d0057ca6d804842fcb6fb7cfa2f6956f558945de3b00b31e8d5d6691239de7ff890c71d6fed5be387d91df9ff29fa3c53348dd6d28df58b2dee87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dac2c18bd29b01b488791c90133b6a7b
SHA1 6c30c496ba9a527e59fc6312c4aa7590462b5eb8
SHA256 c2a48eb602d4fe8a761c709380b7cea89668e6cff03b11924df2f2b15c078469
SHA512 6246bfed1d8ebdd604a39c0997ca2a53ae1621be65f46001150fe2227b2b52041690db90e81060c02820d6923c5fad0a17d49fc1374a05e1cb67583d2f23cbe1

memory/1320-1138-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f4c14624b4a9e40dcb7ac0ffe5c27fd
SHA1 885bec8a8cc5189241f17d04c3a9060f36bf6db3
SHA256 a5623356a36b05263928e76add1e0db443e9cc289fbe9e65e8cfe8198ff13117
SHA512 6f7187805250019d6f2534601ebfaec579060e373b1733ed5eeacd76d3f4bf719c13f864fcd107d52ce1d9a0552cfad5b607166d8790bfa9fa1ea63d640d760b

memory/1320-1148-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7030b043a7883c043bb4a5ae57648527
SHA1 ef5835f70c834a9fe2f8d6a098d75dcbcd3e8797
SHA256 52d4b08da561a49448ceefad787bd024b086e8dfcfbfa1736f4e59925cde382d
SHA512 eb06b03baa21874eed2c190c68075665a66af3fa9b23b40da738fcd3c7baa1c0a3c90e6346d2522b50c3fc9bb8953ddc193d34ba0bb7f0338eebb70729624f92

memory/1320-1235-0x0000000000E80000-0x000000000134F000-memory.dmp

memory/1320-1238-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 958008bdd5a81b979e3376a75b44c759
SHA1 a39d1fe5eb198779e96d2049ee8b28bcd06e0541
SHA256 7a477ebcf658a31d81eb64d728b939ce508b349796d68a2b72b7d51390df80a6
SHA512 f3571e20cc11b821e5cbb145fcf30123e21596af464162226b20dcbea8ce5651304f3df908078f2630d3a669d91f398543c372b6c6d514e3566ed375b5c685da

memory/1320-1266-0x0000000000E80000-0x000000000134F000-memory.dmp

memory/1828-1268-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75cecfc564f40306690e01f7fd0a6806
SHA1 03e7c6ebb8d42fa5bc2bfbed0f16681bdb05987a
SHA256 125adc02fe7ff84da06c5344f35d0e3cacfb4f6ac10a54bed2b2afbb7ae12855
SHA512 e08ae0925747cb2808abe8d1eede531545e1cc02c7023b0cdd953b23349a897fdcfa0730badd103640a59bdc6abe98f778cf1bad2f0d0c9e7f2fc04da3535a96

memory/1320-1279-0x0000000000E80000-0x000000000134F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 533433dd4994f70512cdc0381cc61afa
SHA1 3655aca63f178c3fd030acf6f2c6e5265d79d987
SHA256 8a9c08fdc081a3b78e50b948f47054b73a213a36bbb33d8074b3542c46489142
SHA512 7d8cbba221490e21e02266190c030b0cd6eb82c77d072e0731d07f5ee0dfd35c30534c4645e6f6f02a5ef02b454e33f831b4b3ac10ba1848829b7f4548deaa45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 635c8f83fcbab12727af36d2ba8f4bde
SHA1 a0f311134e8a5885fb465f984c49f59fba75876c
SHA256 47df5920ace9feafbecb65b2e3530aabc41b13b7f63093018204670ac6bea2c5
SHA512 37101a8dc499ddc83b717aed41407f61eedc0376728e2a8f355ab165fdaa2b639729af6d2dc0a2371e83704bc4371fd18efca2db61563d7ad3d308811e5a07fd

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-09 23:42

Reported

2024-09-09 23:45

Platform

win11-20240802-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Windows\CurrentVersion\Run\5696039a54.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\5696039a54.exe" C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\svoutse.job C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\1000026000\818c1de439.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\5696039a54.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703989787255563" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{2A4E0C5C-55BB-4F06-92E0-CF5BFBF09E11} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3420 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 3420 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 3420 wrote to memory of 4020 N/A C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 4020 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\818c1de439.exe
PID 4020 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\818c1de439.exe
PID 4020 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\818c1de439.exe
PID 4020 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\5696039a54.exe
PID 4020 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\5696039a54.exe
PID 4020 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\5696039a54.exe
PID 4020 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4020 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4020 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1516 wrote to memory of 4248 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1516 wrote to memory of 4248 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1516 wrote to memory of 2728 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1516 wrote to memory of 2728 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 2672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2728 wrote to memory of 1820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2728 wrote to memory of 1820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1516 wrote to memory of 4708 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1516 wrote to memory of 4708 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 4288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 4288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1516 wrote to memory of 1244 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1516 wrote to memory of 1244 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1244 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1244 wrote to memory of 2664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1516 wrote to memory of 1064 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1516 wrote to memory of 1064 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1516 wrote to memory of 3372 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1516 wrote to memory of 3372 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1064 wrote to memory of 1980 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3372 wrote to memory of 4088 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4248 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe

"C:\Users\Admin\AppData\Local\Temp\9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377.exe"

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"

C:\Users\Admin\AppData\Roaming\1000026000\818c1de439.exe

"C:\Users\Admin\AppData\Roaming\1000026000\818c1de439.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1936 -ip 1936

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 1096

C:\Users\Admin\AppData\Local\Temp\1000030001\5696039a54.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\5696039a54.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000035041\do.ps1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4998cc40,0x7ffd4998cc4c,0x7ffd4998cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd4998cc40,0x7ffd4998cc4c,0x7ffd4998cc58

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffd49843cb8,0x7ffd49843cc8,0x7ffd49843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd49843cb8,0x7ffd49843cc8,0x7ffd49843cd8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1804 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1928 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac4dc23c-5508-4b29-9b8c-39556ee128a8} 1980 "\\.\pipe\gecko-crash-server-pipe.1980" gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,4302670541217634661,9002101108419944751,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1788 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,4302670541217634661,9002101108419944751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2008 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1728 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {856574f4-0070-456e-8a9e-0f188bb4a3ad} 1980 "\\.\pipe\gecko-crash-server-pipe.1980" socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 1180 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9cd428d-abcd-4aeb-a81a-7b6ff1ac00b3} 1980 "\\.\pipe\gecko-crash-server-pipe.1980" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3632 -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2976 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {961d6cf5-2616-4bf5-8326-b896a81faa04} 1980 "\\.\pipe\gecko-crash-server-pipe.1980" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4260 -childID 3 -isForBrowser -prefsHandle 4316 -prefMapHandle 3752 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81609527-fc1a-4d8b-a1aa-a2bbec48f6f0} 1980 "\\.\pipe\gecko-crash-server-pipe.1980" tab

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5020 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5096 -prefMapHandle 5092 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c09df35-c3ed-4de0-9e83-7d17f4f3ca70} 1980 "\\.\pipe\gecko-crash-server-pipe.1980" utility

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3780,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 4 -isForBrowser -prefsHandle 5696 -prefMapHandle 5628 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc0573e8-6663-4ee4-8418-d001efa87987} 1980 "\\.\pipe\gecko-crash-server-pipe.1980" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5856 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0318292-8782-4069-b802-fa0ac71a2bef} 1980 "\\.\pipe\gecko-crash-server-pipe.1980" tab

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2128 -ip 2128

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6088 -childID 6 -isForBrowser -prefsHandle 6060 -prefMapHandle 6056 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {368ec224-d739-4fb3-a925-e8a5c5bf0e6b} 1980 "\\.\pipe\gecko-crash-server-pipe.1980" tab

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 1120

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4564,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5008,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5016 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5264,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5240 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4840,i,12062762421971456909,2134618512047285361,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,18374297066510429621,3528331215146896846,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5532 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Network

Country Destination Domain Proto
RU 31.41.244.10:80 31.41.244.10 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 8.8.8.8:53 10.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
RU 185.215.113.103:80 185.215.113.103 tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 accounts.google.com udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
GB 142.250.180.14:443 www.youtube.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
NL 142.250.102.84:443 accounts.google.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
NL 142.250.102.84:443 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com tcp
RU 185.215.113.103:80 185.215.113.103 tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:49849 tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.238:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com udp
N/A 127.0.0.1:49887 tcp
GB 216.58.212.206:443 www.youtube.com udp
GB 142.250.178.4:443 www.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com tcp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
GB 216.58.212.206:443 www.youtube.com tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
NL 142.250.102.84:443 accounts.google.com udp
BE 142.250.75.35:443 beacons2.gvt2.com tcp
BE 142.250.75.35:443 beacons2.gvt2.com udp
NL 142.250.102.84:443 accounts.google.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 142.250.102.84:443 accounts.google.com udp

Files

memory/3420-0-0x0000000000850000-0x0000000000D1F000-memory.dmp

memory/3420-1-0x0000000077C76000-0x0000000077C78000-memory.dmp

memory/3420-2-0x0000000000851000-0x000000000087F000-memory.dmp

memory/3420-3-0x0000000000850000-0x0000000000D1F000-memory.dmp

memory/3420-4-0x0000000000850000-0x0000000000D1F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 fb715bbfab832a6a7b4e05fc94a74b88
SHA1 b2f10e8bcd6e86d52d2e40d45fa79801e45cc4bc
SHA256 9b79444f799b4643e0332ee52281b406639cc9b7e63c61f7796d1fcfa56c5377
SHA512 448ff097de5c6bb92ed9fa4e09f303408729f14b7156bcf4fcb2d6fa8b5859aa04cbbaeb8791e9cbad6ab437cb5e86e582b715a07a13142215341a8ce8c3f9d5

memory/4020-18-0x0000000000530000-0x00000000009FF000-memory.dmp

memory/3420-17-0x0000000000850000-0x0000000000D1F000-memory.dmp

memory/4020-19-0x0000000000530000-0x00000000009FF000-memory.dmp

memory/4020-20-0x0000000000530000-0x00000000009FF000-memory.dmp

memory/4020-21-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Roaming\1000026000\818c1de439.exe

MD5 f47cc7dc355ae01926f6065316c3bd68
SHA1 6b575930185f216e4fa5116fdcc8906eb9f53af9
SHA256 25741e3975370f8b2c77513a0941ca4263a83ec08e1203c9dd7cfd5c18474794
SHA512 cf076a077130b8dd48f3e27a6aaba411a6c8833ab8b926c99fc3fb66130694db1ce668103c44aba6196705a9722b68da16287ea8a63ffed250bcf92bba68154e

memory/1936-54-0x0000000000400000-0x000000000247A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000035041\do.ps1

MD5 1f5ac0c26ba396b7af106e48db46ebcd
SHA1 5b504936cf427af26479bb1c0ec275a2fc77270a
SHA256 280d4f5ce7d8f2a3551ab509ad321971ff8eda76dad33ffae5b8961070209cef
SHA512 65eed3f167c83f53b7e2474dd5b2ab58c7dc7ddedbe89fafc016cd1441dfd02e5c92de3dfb9e2f0ca98b8f438779868999e3212ef64210fde27072e7ad64f68e

memory/1516-62-0x00000000029C0000-0x00000000029F6000-memory.dmp

memory/1516-63-0x0000000005510000-0x0000000005B3A000-memory.dmp

memory/1516-64-0x00000000052F0000-0x0000000005312000-memory.dmp

memory/1516-65-0x0000000005490000-0x00000000054F6000-memory.dmp

memory/1516-66-0x0000000005C40000-0x0000000005CA6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jl5pnvds.q1o.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1516-75-0x0000000005CB0000-0x0000000006007000-memory.dmp

memory/1516-76-0x0000000006180000-0x000000000619E000-memory.dmp

memory/1516-77-0x00000000061D0000-0x000000000621C000-memory.dmp

memory/1516-79-0x00000000071F0000-0x0000000007286000-memory.dmp

memory/1516-80-0x00000000066F0000-0x000000000670A000-memory.dmp

memory/1516-81-0x0000000006760000-0x0000000006782000-memory.dmp

memory/1516-82-0x0000000007A60000-0x0000000008006000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 7bcf62155ff790174eb7d0bd933c377a
SHA1 f08f3142332cccbb197645a06a2be53556583b45
SHA256 3e4edede42ac4bbac1276ba6d12ce318ce1c583e6de3f30049f1110fa1d98779
SHA512 5205f8b027d8ab8bbfcf3d0c6b162c5c52d8e073d27e2a0765c82d31f849d43c5bffb00a5631eca30d63e92f481b8dfc18699151fd9977dcaf85b542143069c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4bf4b59c3deb1688a480f8e56aab059d
SHA1 612c83e7027b3bfb0e9d2c9efad43c5318e731bb
SHA256 867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82
SHA512 2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4ae6009e2df12ce252d03722e8f4288
SHA1 44de96f65d69cbae416767040f887f68f8035928
SHA256 7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d
SHA512 bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

\??\pipe\LOCAL\crashpad_4708_YKSYVEWMTSGBCZSA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb03febf7e0d5395a5554d3298ee6124
SHA1 ae4f405351b12daf4ea2461794ed68fd3edf1da0
SHA256 cfac94f861ce273bba8a52de4a3958d683050e44fcac6aadd79873a0f81ab1c1
SHA512 b29e618bd3f561b861bfec0652757f5b50f99c485fd6fbf603f1076167aff4205cca492e4933bc10a1e7443e4be18cd59e0c787b6511ffa13ac4bde205dd4da9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

MD5 5053bfd97a1508b6b5c01f6986b230f6
SHA1 664d2499314c76f8e8790d2633b4ee6cdcb3a4a2
SHA256 c34e46319e6af564d82d35b16dc79543a2abc98793dbc3dea2b43047de6d8d5a
SHA512 e80fc419061d3b349f27404f3f1a41b18421e80beb23bd79c7a57bb54ff15a1051915cbd4397bafb4e3f70ea61814db81ef8d75574fbfab6c7eb5f170a657958

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\48d3e6c5-55cc-4259-9ec5-326848b488c2

MD5 b0db9e833bbb1fc5b0de4ca123ee2055
SHA1 5a4ea7760fd58a4889b24d98bd89ee1fa1422901
SHA256 e26460d32c144c734365f653f89cd0488c6a7c62e22b7fcf5bb27e1276a24e49
SHA512 4acac865d5acd94cfe717261a3bd6a098592425211b7561663a956cefa49a5daae581f8c1a4b5e787c68022f40cc8919aaff6eefd750a817413f5a46374ea28f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\63aec0c6-cd42-4439-b5e3-92696bf1e4ae

MD5 849768ceb136da0bd97bec029a2705f8
SHA1 e460a97fafefb99f62773f438c135b33203e77fb
SHA256 3e4f61ee10a565a1f817b373d714c2b53bef398062b7d04ab647e2955a61008d
SHA512 1559c40def97e99b9881c9d7564af585a93d0b6ad5177d988a803e572d0aa2fe6a4deb7bc6c7dfd98546fc6b38febfab85983016b8acfe140fa5c1406bae227e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\24fbe076-340f-4466-9e2a-03f053b73df9

MD5 ed970e0b8a4f762dbafa406d134441f6
SHA1 863409f175f8175ef15143c378e495d5a1c57cf2
SHA256 15a9cd3278b75fda054840d83099ae484867947580e829b40de1b126e44b777a
SHA512 a3bb4b50ceceb996c48e43b8fffabfaa0ac90009ed9770f9991f3160e6dce19516b02086fc75520a3136f1fc4dde07dd86aaae0d7bd355679250ef23a8399bd5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

MD5 b3a5cc8ffd64132a43ee368b19dc1226
SHA1 ff7150d2baa8e4d7aa5f8dc69188ac07d99ef905
SHA256 1df300a578d09db2d6bce5c8c61fc35eae7fa8666ee71932c186a3afe3219c45
SHA512 acc40c259fdadc0a3f8dce29bc91e978c36c7ee7d6ad3a1d1ce625e42a69e4c5643e8078732d6a471ec80a022aea9124fcd26116311fcc74f59aa0400b64ff18

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

MD5 406739b3cd9f650f04a81b95f09f6f8f
SHA1 86e2907a1ccb11606a5c2bef1318bdfac3422c85
SHA256 51b63de39e604c29ec75a0b24ca772587011c38601d90b639feb83f03f68766b
SHA512 9f4722f105312ef8d47b1bb09b68d570697eb00783d7ebee8bbaa3da8deacc162ebd0eb8946d30fb2abbda6074cbaead569918043500e346e4d5c06431d7ab70

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\activity-stream.discovery_stream.json

MD5 d9b33d87db58741ce7b901017e05924b
SHA1 c10db502c2b04b22e88ac7fc9b628d4ab4c51914
SHA256 c8a0efe9e2b3351bf8b37bf7c30d33995cc575804703b9a9dc3d4c8afbb91330
SHA512 f9f740ffeafa18447d629b40872ce8c68d35ecf76c2c52ccc2a0dab9da77ba074c813a361133fa2047661ab29931c99a1089721a3d81c5ce9360523f935cd8a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6e290b3ab8f621416ec4836815f5d90
SHA1 04f3f7b369bd38a501f70ecad811c457093c68bb
SHA256 457dc238483e05d7d1b6cc8f795790aefb64c82287f738b20c30a057dafcd189
SHA512 b137889ad36b2eb696f14197f7f9dfe4ebdaf01e1a76db153f40d089518fda7d5938a652634c0b3a2b7243c39f942d584a58dd488aefa55cb7007f878bac5518

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs.js

MD5 e737fb045ddd54701af8ed9329bb3918
SHA1 8d340dd98ecfbeed130aa3c25c572ecab9013a28
SHA256 487f0a2c4a3bae7ccc324614f3ac64ce3c213e827d0fcfbfd84185e243cbfd23
SHA512 64cb543bd0bd5ab4a859c61a333de6fee92535ba786610fdde55a3ae76abe75f92de14477464dc34b231e9e67a04ed343c135e5cb1fe3101b86e0510b2507603

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

MD5 e5f26ba90d4b46bd82ec0214edc85d23
SHA1 b0a61a2d0de8df5c2bb2cf01ae29f1aa4e2d5759
SHA256 9ea15aca10dad2e8c2dceb414b4646f70b2580a09c3c06a03ca42e12dcce2890
SHA512 2a9550340ec13716e205f38c227881c23e349e76b7de81c5af2c7c63904dae6c96460979cde045d0d1d16bfcf10f9fb4ad594d15ca447ca4dbdaacb12734b4f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 bba31576cadd7695b5ac582301b88ef2
SHA1 e65d99b7da2be3355caf84e22de28bab1e046db2
SHA256 9b14b0d8f9ed1414221a5ca7fc9a9385ce0e857bd429bb1b342f208b9114aa83
SHA512 17f67646d1d2dd261a10911d800473059aebe6907f9094b847fb7cbc5cc194044fb57b6e9706bfd5bb0e04bc64baafc548456a480e1ee270b8982914cac8d862

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

MD5 66726d0fd8aec7b1591ba2d78f85ae91
SHA1 29044b5db38e7d56ee45f053ed88714afaf0b786
SHA256 8a6822a7c2fd140ad5543ab5dab036b4e0d9801ab9452103ef9c9427fc572e12
SHA512 2963d12ae0e4c93fe0538d21f5da7cac5b998182b9df2afc0f5b1bf3e3e4507f026df069b318395d6fd18be73fc676dbe05afea1f08fd71bf130ab2b2b581771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

MD5 f9f7792a06eb3e982385c3efdf34a5e3
SHA1 52e5df3c6c5fab0d9439f8d0bdeac87a0ee235c9
SHA256 6f8ff5780e43b15b8491c7658b3462f88f6f4d91d39e90116777ac32224faf64
SHA512 b486470b722d4a1c3fbb2a6e62c7dbb6ec40b20f8bdb9dc7035826469407cf1ed3edd208038d78ac2d7da61ae5047e45d763e677d71c0b3265fc6437f7c9d76d

memory/4020-472-0x0000000000530000-0x00000000009FF000-memory.dmp

memory/4020-473-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

memory/2128-521-0x0000000000400000-0x000000000247A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4020-563-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

MD5 6f96a097842397dee3e4e853693187cb
SHA1 8f610f2542cb64c7a00e5b056c3f143396c92c89
SHA256 f3415a1b8f47d3e3533cca214f4ef765e02aa54d5dc99cf57ffcdd273da3ffd2
SHA512 1f0a1a1b8cae35b2c1e396516550095236821a98f2afacb950418f3cbf70a0be62823405f770fd75bedb95701abe6381bcedb1fd2587d7da909e02ff8e88a913

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\3F6BAE390F7FB4267066C23DBD35348B57989359

MD5 16e4f52ee178193709285a4fd86dad5c
SHA1 1df0498d55b18e3ac40048e4149928638f2b62e3
SHA256 0495fd9a598bceb7ddcde505d6fca6d8f049e3fe104d3857d2a9706b6cd4fa42
SHA512 b7520c6c527bb3ac2b3366b5bc73b7315ce2edd64217792849deb021aa84a7a01ae41c848d1d9bf6a09aa2aefc3725722a51d181111a316ae8fef489549a28f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/6120-651-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

MD5 c993942eba1f3c17e9b0657668c2bfcf
SHA1 69e4267f44d0a545f40797fa3cec1486e7e580cc
SHA256 cdfa3948de9a59a6e2f60167f186ef5690a77fb20adf2de44bf09b5a378d4adf
SHA512 3b9058aefb75f2ae6dcd4d9acfef90ed67637ae615dbb77352cf1a787df78018997ae04614ad7d05623a6aa7883a4af0589be67c49646086b816ad9e1149824d

memory/6120-660-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c011bc94a60e94ca2a0fdbc86be8b5a6
SHA1 3acae427c6ff67b7cb5571e537679cba6363106c
SHA256 f94a695c51f509ecd2d5fa62e722c68cee46834ab0a1826c4fa9ef1627869991
SHA512 1f643476bdd8b0cf8a70bd8c8f69fba302c4623ced275eed1e63990ef7ea508a5b414a8c7ea926d4dea1651146ef8b81f63c9827064dd3decff610e6712cc50c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5094597bde5008317233f07e51ddfd7
SHA1 68fbbd823b8a9e554b31278abd46d0a6b3cc8064
SHA256 1547f9b868bb697db95a990a997545ccb5baa59f22b8b6bcc7e651394368936d
SHA512 340ec32e5bb0798dc6b566610fbcde5fb3e47b7b4af77ba54d306e3a0ed45772ab8c76a1bed9b9bd8006f1d77894cbb7c667e1f0412b1b5e0874fdd25e947919

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce5827635d7d34494270d9b5d4422914
SHA1 14785f577c8a644be81bf2aa1113384f71df6a41
SHA256 1b9a784968a0cf20e8d4e8c7b77e5947cf1b28796572e491bfa950014fda1e22
SHA512 653a1ad9a5f19888ece7434f30dd2c55484649653ed79476d6b1ca211b8a0179fbcc6e3e1547154dd9ed635771c9b66ec2c5acb0b9717306650dc38eff1d0e8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 edd3fb0ca99748adaab0f68d5fc9750a
SHA1 39b604dae88930b31533429648d16631aaeb3b9f
SHA256 e0f75659c431d7426f3a097a05c1030134c47cc0749aa117fda20cca03f63413
SHA512 abe7b1fd60ff9ff3c9d4e5a7324041c1a54377ae25b2fdc6444aef23cc9b12248bfc577a9af44a0b4fbe41668f9504ddbfb6bf92e9dc18f4941cf6df33ba6c5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5674e1352adea884e0623c9c1f5e0385
SHA1 f4dd7b0c66e74c51e30678286b0406e74b0a839a
SHA256 5049d92dc0f41a2c01c2a68ae15067d6e48e657fd9134e4e5896881b385c8c5d
SHA512 fe977837bb018bc5cecc8d1a0ccac86c83bbcf88436a97b4db3ed233f56c0dacfbdc5c16843751e182ee214592c1603f4832f2886104952fd750dcb8ccf58518

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dfee94794991d12cc1c7b6d55fe8f049
SHA1 e764a99a2fc9cf6f473d376c5e84b94fb3d231cb
SHA256 3bea9e58d09b77e260886d415c8c2ba96c4069eabd9b27566919031d9dd307b5
SHA512 c85c35c3984e90d8c443dde537c02cf3323958772fd302a421ba341fc232092482ad938f19b4e4eee559b0a9fc660d145a395e9ac631d28a2d10cafbbfcb70ac

memory/4020-721-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

MD5 cd7e7dc780fa95a98590cb400e67d038
SHA1 fd6fbeb9d773c01ecb808bab254db260767b1cde
SHA256 089efacd8400d96917900a55f3fc4db52d9d0aa5c336318605c8c433ba4e8795
SHA512 16fabecbfdb61dd0035012adabaa7ee8cfca9b137b5ef6b47a25b438f3a2ec07f2a36532e83b0cba5d8f810604352b8e73e4e219619f545bf6c8a377f7c12c27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 fedbf3575463aae46274f9bf2922458f
SHA1 d0aa28627e7b2c81e9f10b4b86e3765293020fc3
SHA256 d3414ff7120aa55d188563c91ea83ec3f852b0e3748bc655138b7ff24329348a
SHA512 8fd6a1118d179ed691368bbd60205c7d80fc732f7d0dc50611a72932ed23e4a2c8124b9a1a9694b3d665d43e2a79e21a97e5125d1fdd7595dabb1b42256d2cff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

MD5 dac0ddf0f447465c3db202619b252a0a
SHA1 73a35e2ac43c2b5add5fdefd84e912caa0f03fea
SHA256 b3f19f20c5d1f11a5437019055273fe2d8bbaa6446a3820c5bdbb050a0a3b5ef
SHA512 39beaa47d917d2532f185cc0c1fd58f1797c515e21b4e76255c5972958f622c60c492d518b6e743ec1ed7dc21daf701684f7633dad07077ee263f8345a91e0c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

MD5 eca99ebf8cea5ab9cd3c881e7fc67972
SHA1 0a6146e8d0c60bc8e5023a7688b19638aa616a10
SHA256 caf78ac6e8756d46b0768944195ac660884001c4d135e88b74cf214cef391a66
SHA512 1b733ff904782c1ca565012b0ce5e892719b358769d1e3f878bf0aef70fb594ce7a7e8d132384dc1a0cfefdb0424a724b6663d6de7329a23ca880f555d3844d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

MD5 729bf4f90d017cafe276de7c47542e4b
SHA1 3f14ca014cde7dfabf63f2df8d0aff7af4733f95
SHA256 a8b749d2e49fe84c994a80b509066081a57c3ea4a36136f38a45771380e6150f
SHA512 58948ab7215267629e3b70a8088471b88824969cdc670c40a5c54c617cc4b519db73a5718aa814bc61578aee15d910f74af9bdefa38588c3b23a3c086fed3150

memory/4020-788-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

MD5 3c13610e6c5f5d53126e391173f3f0ae
SHA1 f4301f130bae094de163c009c36dab03521a531d
SHA256 3ed1f56ebe0a0c37fb6e4eea71c686c6ef74a200802a6bab36323e3281ac1cbf
SHA512 a8d14781c8973093451764350a07a52dee7e72592ddd74be552038f397a4de8eff861b8ce00d41d0d2ad60462afbaa800f056c2735968215928f134bd86675ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

MD5 d2ead05e42316d5ccb27b7909e8dfdc9
SHA1 12501cf647c5e2e9c205f55f5f4490d9a2121351
SHA256 fc2c97bb684be704f26c18b7d101b477553d234af8aca9b1886763615c39606f
SHA512 6a84c016b28a5d5f411d02f9742c39ef3ff958f259183fcc34e37a2f4b37565d46be9ed4ff2b446b4c974097d1c107f6644a91ca360911f41ea2dc9472cc3c1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 883c0c2abef3a9b5be02aedba062df56
SHA1 3f92b641e5b72e455cf43f883bacd3a077bd63a0
SHA256 67629ac27a69c74864d46a1fdd6ada868747cc49c66f194dffc8f74ed382c89a
SHA512 bce8450fb1a60f0e4d5337ad9ff5b71d3067b38f0fa2c4954c54058a141b43354ae55d1071618ccbaf4c1b44de3f30762081c5c2acbfdf83362d4fbd81feed93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1ced65327f257a0d521f02aae2bc415
SHA1 a2db6730964346dee3fb0805fc9ba728f1c2f500
SHA256 59fb8d81739adb1e1d62cc59480606c419f0a48662f16ec21b8a85e4f2a4f15e
SHA512 102f5a13bba414a10b946740c5b7defca5ed6b6ef5ae9c46447db625eda3b2bb9d70fd33294deddcf90f5a656602c75260c63e21a8eb5375191dff52adea858e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

MD5 9597035bdd8e8408b22844065e6c33c0
SHA1 4501f380602215396c5df93161d7d5f85436dd6c
SHA256 a3ecc6ee5c5eec5c54d9133963c95cf6e65c5bb3d513141e076071ba478a5b19
SHA512 d85a7d868b1ed12b2853c2c09e713693859fa25a78fa79ffef4ee2197c1fb83b81c062bb68197ee8ce7cb881c77df5c256f8955eac419377b2a6b433caa2f296

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9359d2b453d45b2f0b30d31562beeb9b
SHA1 acd34fb6391e389021644595a21c8ba7dcfe55d4
SHA256 5508d82b06e76e03d62c420eb08246d3d922562ee4d7d67fe00b47caa1532db7
SHA512 11ffb02031f104167dd5ef335eec55c647d43c1982b2dcc7786cf8d4e0d5ae638170aad425a4aac0c641a9b59066c9719b8495d735b491e4d2c33d17771419c8

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 4473e09b1df12d314fa33d6a846cc838
SHA1 671e241800e73d221a54799cae8aa1704672205d
SHA256 6e47b54d720588467074979c4a845d59323140dea15aa660bad4bcebbf4cd625
SHA512 0d5e50e598b4e74e74f718312d126fbecbcb7ffb443d5e8f58d68b29a23f14f769ffbcd35e1c011ee78d0d4c993877d462a6037cb2924336ecc11959d9950369

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

MD5 7c68c40f606674f1fd9172f07479a319
SHA1 a963bd0c6935ebc7abee6a4b21bec600e9b8fe78
SHA256 0dd90dbc7bc4ff29ae0fd6b1a32fb9ff1350eccd9d0ca04856686b58cb2213f9
SHA512 2bb7062034f3d226fa34e5e78faa2ef48db3cf067333145bd9d32cd8eeae7e7aed3ecba552b682ca7c885d8e821284026222489bd1f73e6087e7db87dfaaec36

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

MD5 ea37c9e4def63db0606166fac58cbe99
SHA1 e0b53574a3ad221a7b56b1a6d2c826148cd2b0f7
SHA256 276e3db824e8531356c1d93db0e882d4fd2397c092ac16978c9c6c6b6089fd4b
SHA512 6738dc4dbf9e758afdd11d74c0dfd05a4d579fc52c8a7483deafa8ac6e0f267cfa9d7eb3c3e918d52ec9eea355f61b87e77adb5c3b4158d30ecc2ba6069c946b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

MD5 e7bebf3ae96c45c7b72bc97f6507edf4
SHA1 482987e360022dce58fa7fcfce25ba92a69cdc08
SHA256 dcb19db02710f3477dd53dba332b6e30ce0b7a2fa75a164e1fb7f8f07de4fa21
SHA512 512894a710f83d18c23c61a36899914b8fae2feddc0f862fd526523d1e35931ef112c36798182d29caaf82791de0d7aff86b20101981a178e93c081a533b92be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionstore-backups\recovery.baklz4

MD5 3335bc12adc52fe61fbfe5c11d6f43c0
SHA1 c55c1a9c1a6286fac7f656baae00d836ed4c1789
SHA256 e516635ce414ac1e07c9f00232f9c26d0fe09b9aa9187e9e9d29022fba8d023a
SHA512 c980d9d55c299e4868ac4c029fa405306d9b3d8330d2f55db988c831983051ea99693d0829e064bfe9ea2dfbe537b252344e2930a14d92daf45769f46caf8cdb

memory/4020-1044-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eec7440b89f5bfdb5926ebf8867221e2
SHA1 c1fb7f21285d7b31601c2791fb28bc09384f5841
SHA256 ca66e23f267ff66d386af0b549cef6106a4de37b5f44fa760b642ceb7e397b34
SHA512 8148a751a9bbabb5fd9fe2db19ce6631656f44b221f5d2347512b7ebf6f29c7669a805d51077d033c8043759f790e16c51b3eb19c356755b4400604741897153

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b30e64c3-0bd4-4ddb-b59b-a2ef12acf6b3.tmp

MD5 e130e62afc516dd924d7daee933de1d1
SHA1 ea0c53cf2169b28454e7a581522d97574e686fdf
SHA256 7209df2687b241b52d58aa613279c596ac008e9749440263fc036e7e0fbe1773
SHA512 d813c29bf7df323ce8ed00dbd15fe54dfea6c3ccaa744d618ccf5a3e32c14edaa47d4e834903bf03d04940eb04f74a08a4a908a7b2c322538f5670cf5719d06b

memory/4020-1399-0x0000000000530000-0x00000000009FF000-memory.dmp

memory/4020-1984-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a7bd2d99f09696bcabc0ac4a48d1c402
SHA1 d4c1c7c4440a3b1a816c112469c2f582f0eea136
SHA256 747132d9d421588edb3e13ff99a2c19ac6e10959520cf9dc91250244b71aaf21
SHA512 287977297c41aed1b14e9c3ec50f6c2039e2d06c763b5d7b5cabb238f5ec3c460d455cdd29e5ac73e8f2fbe52966d20352f226129fa0983ca8ec690348c9c2c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 04d4bf48e56bf02a327e435e45cc8dd2
SHA1 c63d3b035108728b8ca41976284c6503f0712c3a
SHA256 2c9813cc236135e8ad61669ed915b1ef00be2eff796daf828db11d607e512108
SHA512 e15889c2c2643a3757e0ad3f5a91d9c206857a16f32a12576041705772e2cd262672fc7e3d5da879095f3258b3f9b0b81dd1828e7cf2bba004726d5d8571e447

memory/4020-2668-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 617187544f55c9d2031b4494c6073285
SHA1 ea193648e08fcc6bd055e7e522f2486f756cece6
SHA256 08287fb9350d1ed061d22a5cad0fee2fce13ca1f74cf4a7f0517ebeefd476e72
SHA512 414a8556376acde0006d4bdfb7fb7892f8e03e48508d58a6da1f3f7d5806b3d0eee1475647744c6f6abfc9aa56763e5992b86ace8116cefd83f87fcf28834e9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1558e8e788e28839a600b3853d1c4204
SHA1 1727c19cbfce5b371848019720b1893ef856dd8d
SHA256 b0e7a09addd9c060dcff471179ac8c98bdd06eb4dee0f2432e46a974d27ba785
SHA512 8313a79511ae788c3df6ae2c6dbf3b97829f471f5ee8653b2aad8b10feb884daeb6709d47df27d20fa173fa5b7a9c20bb7b404bd5e3c0ac7d90daf197fd4860c

memory/3264-3033-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0c41729b08d65e7afda3b22ae795dc0b
SHA1 6ef0c2712cb1ca5d13b42e4e32394ee515fc4b87
SHA256 450e7ee87017f5032fe1854037f11e4fa18100d2ba7e300c758ccbb12253205a
SHA512 29b882a12432e4c1a11d28497c1d0396cca19d87e8ab96063402d2967797d7a19fd186e3d733d4e3474e9693866e8bc5616a426c4eea55b74a06e9be7f3b5e83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 09807a80aa27cb2e550432713c8b127d
SHA1 d497f041429d7da7e1797881fa43ba164bde666c
SHA256 c04668ffaee807e663b35a6ed6f619ab981f8fbffe348779708a5db67a8dfb61
SHA512 a6b63ec95fd48e44c3566f44880f836b1d334b65e87d25ea4199fa61430bf9d12f9bbe17a75ccd10fb2ada9522aeb2d3e2fafeb00e3455bfe6b7201938c08bd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 af46e51300f7d41e4ea699980c96baae
SHA1 627f2f5156abead938eb5d44852d14775ef59d7a
SHA256 c7ca7fe5f38a06db948450d269a437e1fbf75b193eda94a40ca1583afda4abad
SHA512 1a0475154fcfbef156a373a1d61141e7513321ac32c1e725412c19b575e45d4c1e2c2e9c16a607cc80f421bde02056c866833fc1fd5d26f1cf28f0eed896647e

memory/4020-3053-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0729561ef4082897e9c32e472d44ea5e
SHA1 180467aff1da36dd3a70dfe866c978db315d163f
SHA256 4c84071f888d3c3bdc6e494538d1dec4802fdb9d2b20df775d671afd30a975cd
SHA512 b6c269f07f0f263547e0e17ac35db60d416eda81cbc2e98a3b7c63df1f4e8bdd272f6d6d8ed3509259aff72e8a7a80cb48c461841dae4dd913e87cf2e1842a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6336e1ef0ceb0f606f000465b561fe68
SHA1 1f29af3b69496d8776ff3c8a761b939a60e20185
SHA256 57105edb0ff1e95da1dbeb8bc5a02c47e1fc91361dfd947ffaaf9ccbeef44972
SHA512 5868e83e2e19c83567209c6caeb147e05bb9e2a9352b1b5e691cfe32190a1e3fab72da06bd1758a3f6591ff88d3f9b25806f7cbd36b5baf27874166e0001f0cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590dc2.TMP

MD5 68cc756b3a2a8c5e492e407be94cd9f8
SHA1 ef428f7f102de6078339c912c72cbb00c98add0c
SHA256 d6f9b9d28a42573a656d393be0b043d06bbc5de927cec15d55c83552e495377d
SHA512 37e0ebc85326fed2c1d2091c18a7dad011350c79b39705d5770f3237de2849af014e385152d36fb4fa0334e342571d4b4971acc79495c0aaee5a176d50cd672b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\AlternateServices.bin

MD5 7c40abb21368bcdd05aca71d9485dc51
SHA1 47172eda0b098ec85bab119c87527b6f3d06ba38
SHA256 690720930845225c24a27eaec13c77f8030da5f589c6470f87efe6efb52493a9
SHA512 ac1ad7346a2713f665f95ce547ea339b8aa7078317b1fe4ba1b13d126eef08c0f305ff5827a9801148779897c0f1fe8e22191d00549d83483acb40eddf3644ca

memory/4020-3075-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5914ebca0d3f664c3a4bce190a8e1d8
SHA1 e0d722b4e00b0d4506df63ae58a36603ce2bb0a7
SHA256 d5d2cb565b420d9d6dd95125db47d1d07069e73c430694be23f39bf385e67717
SHA512 93db4489704e563102d0afbaa2627914bc7f83ab17c3208e4b15ab8b17c96a3f357425b51646cdb3141b38c93b10d7e7764c417cc48e1989aa787bf6a47c8d2d

memory/4020-3085-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18e52be8f687883056442a82b1850783
SHA1 6461b0c6c4b3c416daa3e19abedcf4f55c0863f5
SHA256 010dfba402377953586779757e5285c81c5f401e28a42f744bfd1e2965fd5f99
SHA512 7d925e0ef369b3635d94d331e66c39e332bda9893b351526aebdfede6b2da7182a79a6d0524de6b4774eb9f9c81f35edf407f11b01ee1172ab4c0ed73e95a524

memory/4020-3095-0x0000000000530000-0x00000000009FF000-memory.dmp

memory/4020-3096-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9aaba84d804238aede95d156576ae85d
SHA1 46aa9ab44e7f44a70669f5ff20c0a38c9849f77e
SHA256 64a25c340b705ad4f411407e239c4cf2ae7db06adc0c04adbf4369af55d842d4
SHA512 f8645dcb51aef07d2a57794eb9f663e47846f21beacf516e180ae7cd0ba95a6301e067882a553e597562553b8cb303f1a4500204d265d27523034c90009eff8d

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

memory/4020-3130-0x0000000000530000-0x00000000009FF000-memory.dmp

memory/2568-3132-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b3a025a36608d7de0557d59e68a510f
SHA1 3d840479a577c9c60d0ef3d42a2f5f123ca534f1
SHA256 792dc0a2e0480d396b91d48793594b2a499c08dda8380a42f7dc432538eea201
SHA512 d6400b7dd622d8ca98d043627ad105115c2bca652b430478dc278a6e9cc0570d930f9589307791f68dcc0dbe70604b5641eb4b6b8dbde400f103ad91a11645a8

memory/4020-3144-0x0000000000530000-0x00000000009FF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 512e54a713869f132e3c8627314c5a20
SHA1 34a92cc82c96a292a40b779c936fbb44beecd66a
SHA256 302a7dd0f1051effad3ff9c66678cf943a383c2cb4a6d99f671064d5ac6b4d14
SHA512 fa3c58cf3575aae404155afac215ce61998bfbca459302b0e9100a72b4a73589b7ef124a7ded42e64e611ea43755ca86a48c87f6640169859a02951e89286a15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 210afd7085343ff5a55bff69b1307151
SHA1 6fa61a79f2e54e4075e359d50dc562d0917ac267
SHA256 105535279ec582d22e6be0e65921ca790bb41b116bf569e6f4a2f4c33a2bf87f
SHA512 bffd45e7147f8172a1a5df2b58686779365e0299f13ead867ff6c902fe3104172c4dea7d0244dd4abe2edbd85f63ccf7a7abca931a33660aec202eaafa67f9ae