Malware Analysis Report

2024-10-23 21:52

Sample ID 240910-m1rcpssapd
Target 7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3
SHA256 7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3
Tags
amadey stealc c7817d rave discovery evasion execution persistence stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3

Threat Level: Known bad

The file 7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3 was found to be: Known bad.

Malicious Activity Summary

amadey stealc c7817d rave discovery evasion execution persistence stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks computer location settings

Checks BIOS information in registry

Executes dropped EXE

Identifies Wine through registry keys

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Command and Scripting Interpreter: PowerShell

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-10 10:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-10 10:56

Reported

2024-09-10 10:58

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\009ffb3e7d.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\009ffb3e7d.exe" C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\svoutse.job C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4336 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 4336 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 4336 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 1840 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe
PID 1840 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe
PID 1840 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe
PID 1840 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe
PID 1840 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe
PID 1840 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe
PID 1840 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1840 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1840 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3180 wrote to memory of 1508 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3180 wrote to memory of 1508 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3180 wrote to memory of 3996 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 3996 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3996 wrote to memory of 848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3996 wrote to memory of 848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3180 wrote to memory of 668 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3180 wrote to memory of 668 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 668 wrote to memory of 4352 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 3332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1508 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe

"C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe"

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"

C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe

"C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe"

C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\009ffb3e7d.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000037041\no.ps1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8dcafcc40,0x7ff8dcafcc4c,0x7ff8dcafcc58

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dc9b46f8,0x7ff8dc9b4708,0x7ff8dc9b4718

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,11926226540857086783,6398432771984952660,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,11926226540857086783,6398432771984952660,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1864 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aea210d9-8480-40e8-b151-53c713255a2e} 4352 "\\.\pipe\gecko-crash-server-pipe.4352" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,11926226540857086783,6398432771984952660,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13934848796091926189,11951546191924150435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13934848796091926189,11951546191924150435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,11926226540857086783,6398432771984952660,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,11926226540857086783,6398432771984952660,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64cc3174-8414-4766-959c-4416d6371c81} 4352 "\\.\pipe\gecko-crash-server-pipe.4352" socket

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13934848796091926189,11951546191924150435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13934848796091926189,11951546191924150435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13934848796091926189,11951546191924150435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3264 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abe39e9b-7a73-4a6d-8584-21ee0d225f55} 4352 "\\.\pipe\gecko-crash-server-pipe.4352" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3076 -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3276 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88f94e8b-2bfb-4d4d-a041-02298bf82ef5} 4352 "\\.\pipe\gecko-crash-server-pipe.4352" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4268 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4124 -prefMapHandle 4188 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68daa33d-5e79-498b-91bb-932031bcb37a} 4352 "\\.\pipe\gecko-crash-server-pipe.4352" utility

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13934848796091926189,11951546191924150435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 5316 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62a7b2a-0f78-4f17-bba3-c6967b07b9db} 4352 "\\.\pipe\gecko-crash-server-pipe.4352" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5560 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c440cf14-c955-473c-96ed-75c02ad4da6a} 4352 "\\.\pipe\gecko-crash-server-pipe.4352" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 5 -isForBrowser -prefsHandle 5760 -prefMapHandle 5764 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d66b284a-af52-45dd-81c1-53c369fc4a3f} 4352 "\\.\pipe\gecko-crash-server-pipe.4352" tab

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4604,i,11926226540857086783,6398432771984952660,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13934848796091926189,11951546191924150435,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 21.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
RU 31.41.244.10:80 31.41.244.10 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 8.8.8.8:53 10.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 103.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 172.217.169.78:443 consent.youtube.com tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 172.217.169.78:443 consent.youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
GB 142.250.179.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
GB 172.217.169.78:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 172.217.169.78:443 consent.youtube.com udp
US 8.8.8.8:53 1.97.149.34.in-addr.arpa udp
US 8.8.8.8:53 158.124.235.44.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:62885 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:62918 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
GB 216.58.212.238:443 play.google.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 172.217.169.78:443 consent.youtube.com udp
GB 172.217.169.78:443 consent.youtube.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.78:443 consent.youtube.com udp
GB 172.217.169.78:443 consent.youtube.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp

Files

memory/4336-0-0x0000000000870000-0x0000000000D38000-memory.dmp

memory/4336-1-0x0000000077994000-0x0000000077996000-memory.dmp

memory/4336-3-0x0000000000870000-0x0000000000D38000-memory.dmp

memory/4336-2-0x0000000000871000-0x000000000089F000-memory.dmp

memory/4336-5-0x0000000000870000-0x0000000000D38000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 a3bc9da8a3ba9ca5053f49ab20ee44ea
SHA1 fc31c189c50723350f68335779aa184fb011a627
SHA256 7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3
SHA512 cd55155fc40730731302cb328ae4c7b1a5988242e993460be40e9ddcb3cddea6dfe60ed5b55f9c410fba5062982350524e9a817423639ed7b6f16a9628b9c45c

memory/4336-17-0x0000000000870000-0x0000000000D38000-memory.dmp

memory/1840-18-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/1840-19-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/1840-20-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/1840-21-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/1840-22-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Roaming\1000026000\e1af17cd20.exe

MD5 9f2ea8da04f80eb3da5aa70a8b0dec4f
SHA1 512b90952420f05ba4e9bbc373ca739e62a09d39
SHA256 f5117e607da6f40b945427386ad04ced62b3473351008eed049c3e9653222826
SHA512 c05467a56476014fe6a4866e74ab0a716bde6213ce2bcf6c0eddc9b4702e5dc83d797722f4fe2adfe5bff1eee1eaae435c89113ab53935fbacb9fc760795d497

memory/4700-38-0x00000000005E0000-0x0000000000C63000-memory.dmp

memory/4700-52-0x0000000005490000-0x0000000005491000-memory.dmp

memory/4700-54-0x00000000005E1000-0x00000000005F5000-memory.dmp

memory/4632-56-0x00000000005C0000-0x0000000000C43000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000037041\no.ps1

MD5 27b9f35dd5e29794e0f254d4006f6fa4
SHA1 95496ffd85e8e55f57832b24c90a900d3cc96b26
SHA256 ca3bd2725a493554e081ea2c5528c7f134edad6374e2747e27230f112cec7f1d
SHA512 44dbb780e4e25e3eccc2de8c3edc7b0a4bb18e1f7f9cbbdd046ae74dc4daee526fdc5339864a66eb9d14b48b0871f474fdbe22eb1766eb4e94b0b6460fd5841d

memory/1840-64-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/3180-65-0x00000000044B0000-0x00000000044E6000-memory.dmp

memory/3180-66-0x0000000004B20000-0x0000000005148000-memory.dmp

memory/3180-67-0x0000000004AF0000-0x0000000004B12000-memory.dmp

memory/3180-69-0x0000000005460000-0x00000000054C6000-memory.dmp

memory/3180-68-0x0000000005380000-0x00000000053E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jkqcry1o.isw.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3180-79-0x00000000054D0000-0x0000000005824000-memory.dmp

memory/4700-81-0x00000000005E0000-0x0000000000C63000-memory.dmp

memory/1840-82-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/3180-83-0x0000000005A80000-0x0000000005A9E000-memory.dmp

memory/3180-84-0x0000000005AA0000-0x0000000005AEC000-memory.dmp

memory/3180-87-0x0000000005F90000-0x0000000005FAA000-memory.dmp

memory/3180-86-0x0000000006A80000-0x0000000006B16000-memory.dmp

memory/3180-89-0x0000000006020000-0x0000000006042000-memory.dmp

memory/1840-88-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/3180-90-0x00000000070D0000-0x0000000007674000-memory.dmp

memory/3180-91-0x0000000006BB0000-0x0000000006BE2000-memory.dmp

memory/3180-92-0x0000000073E00000-0x0000000073E4C000-memory.dmp

memory/3180-102-0x0000000006BF0000-0x0000000006C0E000-memory.dmp

memory/3180-103-0x0000000006E10000-0x0000000006EB3000-memory.dmp

memory/3180-104-0x0000000007D00000-0x000000000837A000-memory.dmp

memory/3180-105-0x0000000006FB0000-0x0000000006FBA000-memory.dmp

memory/3180-106-0x0000000006FC0000-0x0000000006FD1000-memory.dmp

memory/3180-107-0x0000000007000000-0x000000000700E000-memory.dmp

memory/3180-108-0x0000000007020000-0x0000000007034000-memory.dmp

memory/3180-109-0x0000000007060000-0x000000000707A000-memory.dmp

memory/3180-110-0x0000000007050000-0x0000000007058000-memory.dmp

memory/1840-111-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 719923124ee00fb57378e0ebcbe894f7
SHA1 cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256 aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512 a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

\??\pipe\crashpad_1508_RXNOOYANFXHANAOZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7114a6cd851f9bf56cf771c37d664a2
SHA1 769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256 d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA512 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3021193291ae3772d8fea2863ea36707
SHA1 1987a2d751fc76135c64cad4145fdd9211df481c
SHA256 34efa7b826f9e2bfdfee857cd383d6822759a1dd2e5cd901f35b25edf51a5d09
SHA512 dc445e00632aebd3d688fe867b0555eb723aa0ee591d2b3fa2e3ee1c3b53f0597a023ee3766907294758cddbff2059f08eaa2a99afd8dd8931c0160ab1c7a657

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\70212e96-0ffd-4c83-8118-435f5ffba07e

MD5 3e565a15ce67420d478383da2f12c2f6
SHA1 19f890e8979486526bb4346bad456d134e6bc467
SHA256 c55919bdf3e4436f3ac0873326c81da62f6477780b75efa84c4d70c1fa58a55b
SHA512 e65ad9a4c7d484bbd734d2e4279bba6dcaac3d45f0263381470918280f64959c384db04dab07198757ad4267684858739c13b7ad56a4eae8c826126d1115d8af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

MD5 dc35862d4ac34ba5f4fde56cdc45f661
SHA1 0cc4676429c2aad9083e2aefd6c7fd21e9896319
SHA256 3360ce7e2dd9128e04169aa81ad2b54e0aca2d0411e584e55d38717d654ece35
SHA512 d3e65dd7195acddb03f138e9ca3580be25e92af48815f210aa8cf808a72996cacc7c2e4b65934139c53188efdc64405c9ce9ab327295ca1bd75a96e27d1d573c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\6a9a2434-2382-4200-b9b5-64b418ad13ba

MD5 7d7c0c75765f20b887920b1d582cf5cb
SHA1 f8a2aacc057c3869d75d976a9a492b7921fdd6e5
SHA256 b65979fc7958b47b1b9ff43874680cc9ab1300c43b21869bc4a459e3eedc64bc
SHA512 ef6ee331680630895506ea8b9df45d4854b2caf11e24da51222866b420fa4c0ce4e45df4f431e70f40e439f9e3520104ff0589f5bfd3c1939f7cffff878e6a3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\c3239b5e-286f-4e9d-bb34-57723b7eb17a

MD5 36cd4a66ba64825fc42826c647d167e1
SHA1 264e01effcd325b266b8c62f4ef7690ed9f34ee6
SHA256 2a3c669f8adcf8589550fc91d4b04424b1d1f0844857e93f0dad322529b5ec55
SHA512 4c02bd47e9473a65d14db313be67a88cbd7b1938946053e5d5e747c84f78015b228a3770466adf7764967ba3ffc8c77db3ac3337a7268f82261c81b4636215cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

MD5 cbc4e905f66dc0dcc1fcdc4e3f1156c1
SHA1 e4d3bc113115fdb225508b2922b21691164ac314
SHA256 c92ae719ac011a8f6bc1e1d3ab87c451006fc25beabc6ceb595da8446fbb82bc
SHA512 059b38aecd026f30e035bc33c728473392f26cbf9dff242fe04689ed1eb288f576cee312495f144dc1444c2e6a85a008d1961424859606bd81e393cb6abaa1dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a189f92d14d5ddb0fd5ca892254188b4
SHA1 4bfaa34f1bf8141b7f135fe837fb38fdd60050f3
SHA256 268e69f8b71019289f38aa11e55094d42d890f84a2ba1c5ae6c17e912a1fa04b
SHA512 a3b1fb9df9d4eb7e612c0c2f523479e0b7eaa3c1eedd82be85172ad59bede077d23cac2c7d90026df0a09d254bb953fa50461c18932200b5df0c7c36629b123b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json.tmp

MD5 c49201ca8599166607acb2fad361f09d
SHA1 7dbd8cecf550a7d893a95df08d07b1de481a6956
SHA256 b3f98c85ad5582f0fb6eada16b10dd521cd42dcca7d6d08767910dcbf6f86878
SHA512 dc257b8b616c8b90c1a7c230616cc03bc8658bc20a19ad5abee83f56b8d5e95e9600e9ee500dc4fd1114c92550e4d8cfaa7ed265d9556bd25e9b92211f32cd80

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

MD5 bec42771fecff7b43f00de11b0bb3800
SHA1 b939b33de03dd3b21fe1435b37065b3a2cedf227
SHA256 89115bd2dbc7a2a69ce59a559195de766e1ef5126d1aab4f5114b0d97ed19b7b
SHA512 2d1a21b174aa34c55c03d5f18397521b0b96c9f487bd734f55938538a6fc0da28cb89e6b57ef5f5c5fe2aa7d1c7dcf7b679761c1a7765e5686c83f64494f217e

memory/4632-412-0x00000000005C0000-0x0000000000C43000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

MD5 92a069a3b48709f6e1541f098b82fa3a
SHA1 cff03f6c0c78c9f3d065bb6cff825b931b6854a4
SHA256 0fd1999cfcc285d44e052bc46bb5a855003c2978f0851425f6df7abfe5016669
SHA512 9495926fdf9b10f93fa205aa95f42468fab1ba5e98102d5d4ab8cf57b55edb8ccae2fc174e0efa223c972fe13c3b81260f9809908bfe9dcbcbce4e39fdd2bd26

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

MD5 ae2ab09a090a2bd1837b4d113612f0f6
SHA1 1c361487f4f48f2c6ae1877dfe8b7dc10f77986a
SHA256 da029bfb9dd32bd2f30b478bc07d5259ab4b1bd3b599d7980d192a47bf5c6174
SHA512 8004d0ea4e404b04ce92baed60e475634fdb647d4d0555c1dadd1c2e0dac3d62d99d053a42dec41920689078a1fa51843d8e07e4802f6f00a0faf85b0b3d380c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e6fd019802e4caf75cc550b3df828db0
SHA1 f8a85e905b071c3b4309c345e52ebd60f31778b9
SHA256 9a4d03b9c6e9951eb4b28e4d1137d395ffe902e82a5713c9e5179463d5351f25
SHA512 3439e2be3a5146362cc0ac40e9a5c1c55887be0177d7fe5c6b4cafdc3a17c52c72055247dd8bf7d6d0423f816fb2ec4df1b69d222a3ade8fe023fb8b3eaa5b79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 d2d2809abccb934fdaeb28495aad6cc0
SHA1 bb45cdb313bef33258c77fe2bc7a355b091bae61
SHA256 1140160bac9d000fe420508a039047da882dd4e754d87969ccae9226677ff312
SHA512 bc117aa72314a6cba24625b3ebfd8966aac7e70c026007130721b01321cf5b3b1a89884d713b7985f79602fdf3a8c11dd8190813df44b87914834be4cb95dc86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8c2237a5110554fcd63a5ccd0dbbbf06
SHA1 e556231d392dfa725a00efdde2b66f5ad2772cd5
SHA256 95f76ccf36689acf22f84f7482fbdfe1073c855f17708199344c766f4e05e764
SHA512 db117dc06360ce1158aeafe08f7d1c2b8cdda559bc0bc606b792a763ffdeab472303988ac055a826fdab1932f3740f13d0265d4484ba464e8b3b1b1686f2c7b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 807d7b73bc08b2ca7a701d3c42562089
SHA1 d86f4b1801d3e15e275cc95b04ff29dc81b6e2df
SHA256 b6e132ea312fd6a7aaa5949c39aca14f1458b0698d228b82b6b6366aace67428
SHA512 7306b704330175b416c1275968bb4a332cbfc5d9e68fd40b3e03377ee2bb267295c01d683087c2f1f8a47effb1929e9c435ea225e2a8cec29221f6ac8ddd9ae4

memory/1840-570-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cc9b7adff21b4f7726ee731456572b5d
SHA1 7091c570abc4877666bcd5d08c84c57e0cb9aa1c
SHA256 450e5daeea989e37939ca9c63ab10730f570fc802a6bdbfa6f7e56a4ad91873b
SHA512 640965f52e4e5b219216d99dfe834dd23bc0475517d2de9c77da08092310553c950cb460cbae2452fc24d1f7da10315b564ee451a1812cbd62bb6b7265d3bfaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4954584291284bf273aa9707818e60a8
SHA1 c006b1a2969b98aab678084da994d9de7d343cbd
SHA256 d417429ec9940c7d05da63f95f5ab5773fabfa3cd6ae86d28411d31123555516
SHA512 d341e9bc6572fa0662adfa8079bf0e67134e963b463d3e692d716a9b5b943c687259c862574a8d14f7ec835b72d93500329ae4feec013beda04871c22043897a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dac0c245e4eb0f02be8d0785e28cf460
SHA1 8d062c98f9b2f995e1d111027830dcef7600ecc7
SHA256 952eeb17e7665f441d0756fe06c837f470544322ad7d0bdd3a0b9f3eccfdb6e2
SHA512 17de8a8fa31aefae9e4ec5601e48ba28f3dab22f4774caff445a053224a6ad6d4eda4dc4d6419860f19cd47b8bddea23666b67705b0ddd26a5a4ec7fdf5dcaed

memory/1840-602-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

MD5 b9db24362abf69a2f04ec1bd60363bca
SHA1 6da688d2961727932b757ec4c0029638bfae866f
SHA256 af8331c5d54c5f616864f9d4a8906f5a9ec6b607db35edc254170676e90d229e
SHA512 93279b65e4c785f4edc1ce9adb8e3b2989c7a2e44dabd24e6e897cef7ee5d6dc6c37997242587380319c2ecdbba6f2702d382b8f942a3ab6edfbb8949fb6b40f

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

MD5 2cde08741fe70c29f62f7465e0723bb4
SHA1 9aaaf5afc4a4d041f52ca5313b73621354459632
SHA256 d7c344ead974ccc6540501d1cba299a8e2ed93dbe97f691f499363dc7755ecfd
SHA512 fe6c8723b51a4b0606dd2992c1fff42c8664033a6785cb2e9683db7edf2a6ca9b2b01741faa0e90ce37c902bff8fb3a6bc32e45545e2d661e014653eb5d36158

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

MD5 82be1f81871cb9317f06b1a1eb318d5e
SHA1 e5fd9a9f3093364af9ac57a43db8730d7eda9100
SHA256 5e096d120b28cb43bc4ad1526261be9862fe0b45be056f53bb3ba17a61c25b8c
SHA512 39d017fcdb06abeb5c8166d2447890aea416f73267bc1a7fc245c6823ee876948db34490933a8c36159c6daedb2ec14a513e3d46d3edd77ede6432286b5a4549

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6d51d05f292e9fd3ea2658b55a6e5b0
SHA1 5ec3eeea7e703fef5cdb249f1b1e8feb31fc76c1
SHA256 d002850edb534846da325782a6cef7e66fcb0106d18b0e9e53f985569c347171
SHA512 621961719d4cad1eb3d41f392de5c7f73fd3e892d19f9a9bdd00d5e26439cd79c9d5e09134582edabb5818aeca93d48ca1beddee8d7e36951c5e1091ae0c2fc0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3778c9b42fc6dc94702d0483d5a6233a
SHA1 9e3347d80370eff63cf829562b874ef9a532a941
SHA256 b1ed552af5174f1d9165353193d211181eb81af31cf6e92f4ca2ae85671f73aa
SHA512 c6c189bbbcdc67df4efc1e516d6374ce2f3dfabc49a25d01e05d93ba721b6c21a1b80caa0aaed1f29dbd0efdde4fd947e2541eac47239d4621e6677971705f04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e8afe6e4463e256042776f15ea528d2a
SHA1 c5695f1e29b8a988d4c12856a72e9d1f1323ccf5
SHA256 9f0cde0150ed3ab889ebc9269173e4d186e9fa0229c1b20c0fc17000525996b2
SHA512 2b688092c14f141b5f1c67dab29245cadda8a4fb7a5f4d62b019ad36712a449aea8636d7c5d1ad78c4fd55554ff2549fe8443d62569cf8bae79402a80637960c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 44c4ea87ff3c775e767ac4a97a23cc38
SHA1 a20fb9d6ef78d2a5182a3e267b9b4e17f9d6764b
SHA256 4643ab1dafcf29ad4a1af4a2d9f92a31b34c3d60ef195389e126235394aed66e
SHA512 6bf481e9eef8404721162e50aec5e8a6d5d4975dd48a0ce027fe95acd174ccf9be0aee3e0041583f5e6f0e868587ffbbb6c20c9cb6cdd2c111011c1335059202

memory/1704-789-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/1704-790-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/1840-791-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

MD5 54a8176e8a6622fa309568f065e21569
SHA1 fb6717fb3fd20fc12c07787bd5dafbebb47bff68
SHA256 f611d92ac1f3e52d99f2c96b5304379710d6956af1e21cf60bc2860336c2053c
SHA512 91f20115864c39af838924f17e0637131abcd1a3e59e604956a06ab29201ae846f077149c60715a6af9825d903fa9a5a5bd128ffc5a406b7bc7b33b0023f7592

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6eccc29d85b5c7a140c22649dfe95521
SHA1 89f11c08c89374e529af97707c70e6dcea24b75a
SHA256 f10a80a9771ff627bc5befe57fcb05b69a96ca4f8003a62341d6394041472bab
SHA512 44040f694135563900873d53a1bea27fb3fc2152b9e5201c125ef1408f2df290ef28e279a4ac2faad1735761e8f812f3887995bb89aeac0cdacb92deb0cee296

memory/1840-1070-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d232489203d0101274d570478d442711
SHA1 34dbabd1cd5c0b4fb697537a18c94663f0f17064
SHA256 413551f2b8219d5d8e6ff88202448451e2accb012f84631df424c86782d333ba
SHA512 f745147c17c0441cf1aa49812268ed096494c0da0f8911051d1c119148f482555f9d801af258e5f534276c006705b093171e093e81d3e82c4d15fb50f354025f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41377af4d9ac25402254233d922c6713
SHA1 aa6f9fc759de31d03d023b426fc3b39980f4005f
SHA256 92359465e0ceb2478db8f458747a40df0301089200c07bb6c7d385fb82f48313
SHA512 e9369b187fa2790e70056310bc32a6d355bd1ed2ba2e2d866158da928dfe7bd915343993b41b02a11b26af57fa3f071f348c5a1e51eff9cf74eebf4b8ea4b39d

memory/1840-2005-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dab6b908d356d30d0fa942a5aef20a4f
SHA1 f6fc8b4371d2e1e55831e0a65975179f6f704c70
SHA256 bb832453b3924976e9566e2f420ef182f61673164a35c438f1c4f72339a6f298
SHA512 7356a69f945df0a24911afadee9e1845bdbdd1e6d8729388ccc04761e1b5769c7948da751cb3df3694816de5a6f3b62c2f5dbbf1c8182225bb1100d434779da1

memory/1840-2796-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/1840-2800-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c24624a013b7e928120458ff302ad708
SHA1 67418e4e00392889c654539db3a2201409277030
SHA256 f15f950d9c41166fb73d34cf481987af776a91cf63bd8f9ae424076f1126620f
SHA512 4854f594c235ab5d896f87bb6ca138b5c08f9b7d92c57c70c78f9478d001bad0e1f3d2fc32dea972fed44c2d42ec544bdba23745d87da356378ca987d3a45506

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1a664163e3416232bbb679cafd41e0eb
SHA1 d940ba45c3797914ab35d8df64febf11279bd028
SHA256 178ad6b9bf63291617d7cdd03c8a9a7f1a5bfb069df57482c77a1deb65022d9a
SHA512 aa4dc8feb5f7c13c0a98f540f0a55f51474936a7989132cfff91ce152c24a9a1260faf01156407d4ddecaf24d1137c2e92e08f32b0580b5e1fd7e7903526b1ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 44804756ab71ef8b1917e3f3de855bb7
SHA1 1f796d3a8ee5e79c8288ebcdc155eca5dc385458
SHA256 dfa5fedb0617fbd5e2cae9a2bfd337869081a56240a7357268e360cb4ae2db3d
SHA512 3523010edad3ef7197a4c6bd04b17675a6dc1a67c19cab706b9df6d7626d7984bff5324cf3fba4840a3677aa7971d73f0c34c8740b0db92cbd9eb157b0538cdf

memory/1840-2831-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c80cbddcb4e2d9abd7087bf3347bf265
SHA1 78b0ac0d43f473ab62f243b3f2bf898c58a3cc07
SHA256 e51b100651be49e6beb447ce522dabddece9927a206a68eb5edfc9700ec66737
SHA512 9b39896f815bfcf48f2d91a03e7a866ecaff9817ee1eefe4f2db6153fd4a2da51008f1487d1bf51fca612b8170c92059317beb964dd2b926a613ff0e7c6613a2

memory/3628-2842-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/3628-2843-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/1840-2844-0x0000000000430000-0x00000000008F8000-memory.dmp

memory/1840-2845-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3e538ec0f326d62eb0290c8310dc65b
SHA1 846bb8167e4bd2bc12b78e8b6d47eb5efbc7487a
SHA256 1c5b1e9ec273f234d253ee432929bd721bafe7f3c838ab8d9399d6a89d986c9b
SHA512 ad6786a3ba48141710f1a20d46bce760b8ae27b78b36f9d3c22e9a7a93459e5d8fa4472d9055e0c4a315075c8ae4bb1372e09ce7226d9edc183249e990daec49

memory/1840-2855-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a04cf0fbfe69708748e73e289b476ba3
SHA1 eb2ecb2a0d9c62c3838fb015731164730c092f29
SHA256 51a7ff0beac5c6404a2422b2a68c43a107456541ef4e9d934cbd85c6a6733c2f
SHA512 365942dca62c60a0bfc75755e0f1c1455f4e90e89559fb28d4179901a6509c8fd9e6983a7b64a3043028c37ae14d3e2f7aaaf738f136dee674e9e1805158b84e

memory/1840-2865-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

MD5 b65f47c398a5031b962d90186b9b3d0f
SHA1 c785ed2fd989ac7d79701ddf93c4897c5843e955
SHA256 476725503f8c38539bbe103e3cc26e010c1baa505cef458815ef0acced0c5afe
SHA512 2de3f7378df2df515bb151481cf212567a8553ac6f1fe0379aa332edcfbe6f2711407fc183930853106ba30070e4e721ef3a0b214de2071817319dd6e93e3f3f

memory/1840-2886-0x0000000000430000-0x00000000008F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4de03825b06376a9dc7dfaba25b37a81
SHA1 21fdb8278967e5571f9932b6803daaf4f5cfd366
SHA256 fd7106fe96f7e112c6f3aa0264cb9b90d5731dc602a0dac2c5ed06e6b90a4e25
SHA512 a8e3041a40299e5070855a64ea6d5030d02bc7598f85fac011eebc45a9f6e550fa15860b0e2fd48a1cc78ffd29277044ed60ef9362d58fa4bbc5c857825961af

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-10 10:56

Reported

2024-09-10 10:58

Platform

win11-20240802-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Wine C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\0ea85eeff5.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\0ea85eeff5.exe" C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\svoutse.job C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2400 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2400 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2400 wrote to memory of 3108 N/A C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 3108 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe
PID 3108 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe
PID 3108 wrote to memory of 4156 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe
PID 3108 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe
PID 3108 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe
PID 3108 wrote to memory of 4260 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe
PID 3108 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3108 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3108 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2036 wrote to memory of 3552 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2036 wrote to memory of 3552 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe

"C:\Users\Admin\AppData\Local\Temp\7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3.exe"

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"

C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe

"C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe"

C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\0ea85eeff5.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000037041\no.ps1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9901cc40,0x7ffd9901cc4c,0x7ffd9901cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,10538705601734308727,16267672204283618188,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1780,i,10538705601734308727,16267672204283618188,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1980 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,10538705601734308727,16267672204283618188,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2108 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2996,i,10538705601734308727,16267672204283618188,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,10538705601734308727,16267672204283618188,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6800890f-ebd3-4dcc-abd1-c6054d5b981a} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" gpu

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee3ae81e-b66d-4846-869b-f46e91f0780d} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2884 -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 3024 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1cb0bbc-4507-4444-b0a2-84bb6889eb46} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4032 -childID 2 -isForBrowser -prefsHandle 4024 -prefMapHandle 4020 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2fded66-faaf-4967-a6df-faf318043478} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4664 -prefMapHandle 4736 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4c4f204-edb9-441b-9a17-34a6d17c2662} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 3 -isForBrowser -prefsHandle 5584 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d27dd3ae-5ee0-4cc6-ab54-37457d38cd79} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 4 -isForBrowser -prefsHandle 5720 -prefMapHandle 5480 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96aa6140-bb65-41c5-b794-6fd839d195d4} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5864 -childID 5 -isForBrowser -prefsHandle 5872 -prefMapHandle 5876 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50f00efa-3429-45ce-80a4-78d78eda2619} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" tab

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4576,i,10538705601734308727,16267672204283618188,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4588 /prefetch:8

Network

Country Destination Domain Proto
RU 31.41.244.10:80 31.41.244.10 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 8.8.8.8:53 10.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
RU 185.215.113.103:80 185.215.113.103 tcp
RU 185.215.113.103:80 185.215.113.103 tcp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.78:443 consent.youtube.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 172.217.169.78:443 youtube-ui.l.google.com tcp
GB 172.217.169.78:443 youtube-ui.l.google.com tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
GB 172.217.169.78:443 youtube-ui.l.google.com udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
GB 172.217.169.78:443 consent.youtube.com tcp
GB 172.217.169.78:443 consent.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
N/A 127.0.0.1:49866 tcp
GB 142.250.178.4:443 www.google.com tcp
N/A 127.0.0.1:49883 tcp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
GB 142.250.187.238:443 redirector.gvt1.com tcp
GB 142.250.187.238:443 redirector.gvt1.com tcp
GB 142.250.187.238:443 redirector.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com tcp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 172.217.169.78:443 consent.youtube.com udp
GB 172.217.169.78:443 consent.youtube.com tcp
GB 172.217.169.78:443 consent.youtube.com udp
GB 172.217.169.78:443 consent.youtube.com tcp
GB 172.217.169.14:443 google.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com tcp
GB 172.217.169.35:443 beacons.gvt2.com udp

Files

memory/2400-0-0x00000000003D0000-0x0000000000898000-memory.dmp

memory/2400-1-0x0000000077CA6000-0x0000000077CA8000-memory.dmp

memory/2400-2-0x00000000003D1000-0x00000000003FF000-memory.dmp

memory/2400-3-0x00000000003D0000-0x0000000000898000-memory.dmp

memory/2400-4-0x00000000003D0000-0x0000000000898000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 a3bc9da8a3ba9ca5053f49ab20ee44ea
SHA1 fc31c189c50723350f68335779aa184fb011a627
SHA256 7107c368b936ca16f29354c81d66c753f3dd2cb67285d11bae7472f04d2a2eb3
SHA512 cd55155fc40730731302cb328ae4c7b1a5988242e993460be40e9ddcb3cddea6dfe60ed5b55f9c410fba5062982350524e9a817423639ed7b6f16a9628b9c45c

memory/3108-16-0x0000000000380000-0x0000000000848000-memory.dmp

memory/2400-18-0x00000000003D0000-0x0000000000898000-memory.dmp

memory/3108-19-0x0000000000380000-0x0000000000848000-memory.dmp

memory/3108-20-0x0000000000380000-0x0000000000848000-memory.dmp

memory/3108-21-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Roaming\1000026000\cfeeeff423.exe

MD5 9f2ea8da04f80eb3da5aa70a8b0dec4f
SHA1 512b90952420f05ba4e9bbc373ca739e62a09d39
SHA256 f5117e607da6f40b945427386ad04ced62b3473351008eed049c3e9653222826
SHA512 c05467a56476014fe6a4866e74ab0a716bde6213ce2bcf6c0eddc9b4702e5dc83d797722f4fe2adfe5bff1eee1eaae435c89113ab53935fbacb9fc760795d497

memory/4156-37-0x0000000000560000-0x0000000000BE3000-memory.dmp

memory/4156-38-0x0000000000561000-0x0000000000575000-memory.dmp

memory/4156-39-0x0000000000560000-0x0000000000BE3000-memory.dmp

memory/3108-40-0x0000000000380000-0x0000000000848000-memory.dmp

memory/4260-56-0x0000000000670000-0x0000000000CF3000-memory.dmp

memory/4156-58-0x0000000000560000-0x0000000000BE3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000037041\no.ps1

MD5 27b9f35dd5e29794e0f254d4006f6fa4
SHA1 95496ffd85e8e55f57832b24c90a900d3cc96b26
SHA256 ca3bd2725a493554e081ea2c5528c7f134edad6374e2747e27230f112cec7f1d
SHA512 44dbb780e4e25e3eccc2de8c3edc7b0a4bb18e1f7f9cbbdd046ae74dc4daee526fdc5339864a66eb9d14b48b0871f474fdbe22eb1766eb4e94b0b6460fd5841d

memory/2036-66-0x0000000002C30000-0x0000000002C66000-memory.dmp

memory/2036-67-0x0000000005720000-0x0000000005D4A000-memory.dmp

memory/4260-69-0x0000000000670000-0x0000000000CF3000-memory.dmp

memory/2036-70-0x0000000005580000-0x00000000055A2000-memory.dmp

memory/2036-71-0x0000000005620000-0x0000000005686000-memory.dmp

memory/2036-72-0x0000000005D50000-0x0000000005DB6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0behyb5u.zqz.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3108-78-0x0000000000380000-0x0000000000848000-memory.dmp

memory/2036-82-0x0000000005F10000-0x0000000006267000-memory.dmp

memory/2036-83-0x0000000006430000-0x000000000644E000-memory.dmp

memory/2036-84-0x0000000006470000-0x00000000064BC000-memory.dmp

memory/2036-86-0x0000000007470000-0x0000000007506000-memory.dmp

memory/2036-87-0x0000000006970000-0x000000000698A000-memory.dmp

memory/2036-88-0x00000000069E0000-0x0000000006A02000-memory.dmp

memory/2036-89-0x0000000007AC0000-0x0000000008066000-memory.dmp

memory/2036-90-0x00000000075A0000-0x00000000075D4000-memory.dmp

memory/2036-91-0x0000000073D00000-0x0000000073D4C000-memory.dmp

memory/2036-100-0x00000000077E0000-0x00000000077FE000-memory.dmp

memory/2036-101-0x0000000007800000-0x00000000078A4000-memory.dmp

memory/2036-102-0x00000000086F0000-0x0000000008D6A000-memory.dmp

memory/2036-103-0x00000000079A0000-0x00000000079AA000-memory.dmp

memory/3108-104-0x0000000000380000-0x0000000000848000-memory.dmp

memory/2036-105-0x00000000079C0000-0x00000000079D1000-memory.dmp

memory/2036-106-0x0000000007A00000-0x0000000007A0E000-memory.dmp

memory/2036-107-0x0000000007A10000-0x0000000007A25000-memory.dmp

memory/2036-108-0x0000000007A50000-0x0000000007A6A000-memory.dmp

memory/2036-109-0x0000000007A40000-0x0000000007A48000-memory.dmp

\??\pipe\crashpad_3552_JQSPCBPNPRPOFVHA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

MD5 6b97ac8dc95d0b6e140779574fde6663
SHA1 68f9d5a5dbad3fdd48f2eaf810c25de2a96f280b
SHA256 10473b6d72bf8dbe1b2f78fc9b3bad20272a4e9fa8546741140cc5adc6ff7ead
SHA512 cedefd81b96e7549328bddb11298560fadebd1fe692a8951d9f624e02e826653c9ee6bbdd396b40d6514fe3927206551cd04babe9c239de5335e4837d03700e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\02bd1d70-b67a-4a78-a7c8-050642e841eb

MD5 8d5b9256498ad2630cc7d7273da184c1
SHA1 4bdd68323f18066c8daf1615610c2e70ae30df39
SHA256 3ade3de6259ac3e92a85d4866b7cc54c7b22275205d6143b29c5b5ff0fcc89f9
SHA512 a9ae4affaceb4ff7e4352dc45bbb5eb336bb7d05e7011a1b9118ea471c11918a36a711805fc47c594923d41e9bb441c16f758aad3369ac2f18a93dc66cc0086b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

MD5 6c96a44bb25ad9c90a2bc63840f2a847
SHA1 02cc1c93305b90def829bd2405b44b135d035ea3
SHA256 271feaf97fba05b7e817fcee2f1e99eaf35f7d6f9bc2a435810cbc732c9c9761
SHA512 db5c0df2fcc90ffa397ed0ad5d867a373b6d11ba38744068daa70cab5152d29d345c41c2c44b7328cbacfec600c2cdaf1c317c85e40c4b44250343305ec5b462

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\d322c501-8e90-402b-9b2c-da7b6238ff9d

MD5 d406397044174a6a5979ebfd8995ecd7
SHA1 254505d2a35e96fde9a51234c67858aa5dc3ca76
SHA256 a79c74c38f03a4566085ce7b7a20404fc0163a91c6dd1f3f6d2214c8f26b8d67
SHA512 e8ab4727e90f8dd68f13c5cca1d8005ade2fee7b8316a068b39292759c9653a1a3bae3447677a67a4bf4d6753305294c321944efaa91fed0236526c8ef17f66c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\24a146f0-a31a-4d7f-bbf2-48f563d17f14

MD5 5ea55e951152d6ab7da843a982d8787c
SHA1 4aaac549b1e87de4d324dd3697229f668f367f9e
SHA256 40c0b384daedb06484f30ea17b403bc75e8a83e918e7282c1981043577462b8f
SHA512 14ff6cf06b4104faa2dbff2d6700a3bd866baa3bc5f871e3d56522e9d46923d649cc4f4ec0646d114b5aedb2ed836fe5632deb154bd72bce14b259b57d57399f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

MD5 d7490f7bb9811d6c9318c3eb0c787101
SHA1 0495490a8f31deb9cad4792dde446f2a620c7e75
SHA256 ba8b4a8a32a5982f3db689f64db9036bf6e0c9657ca45ee180f25d4872f8addf
SHA512 c131a9dd69451b69d6abafce84805caee481a3a118d119bd6a7104f402773a05a883613f8768201e08aa2b35075808ab4d4884748739710a469fb5a13c76161d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 4d70d64f6fef5b41798583e0c4e1af6b
SHA1 2c0b3de92d68f840e54132148f7557ca61f8bc8e
SHA256 3243374248b8bbb60fc25524776b70cf2c14b8fc2c8130ef0e8139fa9d18f322
SHA512 76b9dae9df155a8b63ab4e1d0a24d00b7b369e35908383ab90f762afe65263d48160b3653026964edb21c05f8ccb1634fbd508171729f41ea74fa1357e453def

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\activity-stream.discovery_stream.json

MD5 3a7ceafd1c8c769e1c755d667c811f89
SHA1 9d939481028a20577710ca5334bdc2fa85499cf1
SHA256 cba228f4d40a1dbee604de5473d765b67c5685547911b3255d71730f7de113f2
SHA512 dceacf953c41ae3276e8d7777f0b3873d54f4a95a09ce616bee9502ecc667466f2b75a48a778b8e124ff99f911d70fb7def0ff2a23a47796f8f7723ae6c56822

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

MD5 f57f38285515543cb76a3d432683c1b4
SHA1 ade931fa20159cb7f9868cbcef39b2ca0d7f006e
SHA256 c265da5df07101686873c7847aec499afbc77232069d5dff82623667d5ca2a71
SHA512 4357587b6ea301c8450145e0c210b933163938ac779c3fd45defc9e4b3f526b6a2998f5b150c24f9bfa0ffc5f166f496fb66aa14340b70203ff1d483eb02cf37

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

MD5 e6e2ccb701037274186033569c8ca4ad
SHA1 a410743b06d386a692d664020e3b8eddbe49e108
SHA256 873b685b57ce015f33cdb92bbaa96897779d010e4cb95782e291ed50e64e822e
SHA512 d9b5de7ef2edfd3cfc380f2ebb74b6ffbbe0fa2c7bcd7f08148782d49c6c2e2c0b6be430fc1125320c7942ea290b4a7707bacdf0dec404655d89c1cc99aad742

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

MD5 53a8f695465fbacb10ad5a640ef9f4ae
SHA1 b098afe47894afb2234de08019ac8bffd8b01465
SHA256 2b50ca55523b5f7d7bc2e1f3a53db050feac7a9c1fb41efa1c8b75a0473a5c40
SHA512 1016213674060d1a238a0c53c213794aa6345b76c5f007f88e6f0f1061e47581235438a4556586c2476a4fa217b1370a7baa12afb2157dff148e88f8e09e1cf8

memory/3108-506-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1c489a4c9ec4bbf1844341c49da09da5
SHA1 a10c07b672a95d8e3cc3af3bccb7b6da4d4a7bb9
SHA256 830d7c756465ff871a8f3828c00de35fb47563e8d167100774e34cdefc174cc1
SHA512 87eda747423706e95b5889751460224bcc1a7bcaf52ceda02d8abca2eb5bac85be68a888cda5d6f8a992d38e21ccb71a5d886f4b409b87dc98eb1507ad636668

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8fc03a9ff9d7f2a44c5f6d809b81e633
SHA1 969826c7259428056c1225a991735c3b92e93c86
SHA256 0d618e538e3e4fe99c2932e035d7a1fe53ae82f99e761a59d1dbe91352040a6d
SHA512 0f90184710936c6095c752a046292967054d791ff59d245a98d145f2e5f6cd51687513b3f9fe250e9198882791999825854df09607319043fd71e034192569d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9ba8912c76fc99d2f3aaf64d088a62b0
SHA1 cdbfc0ad39b3926fda5e925261a9152b6dd2f36c
SHA256 de374328003b022382d257e4a5ba15b16912abfc9962c93a1a8e4ba89a796043
SHA512 cda1f8a97ab843c7d6300e994a4714e2764559013cbf41370211c088cd3a7b1041af9f1735b482cb53dd43d4eae8c06ca725ef2842c4dbca0308239dcb8fe316

memory/3108-533-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

MD5 3cb58ce6f256ce4ed95708a688ef60c1
SHA1 ae6f37c34ee93ed978b98e3b23457813be4b1a93
SHA256 58187c1bcee68f56c54e5acf48b645079f6449ae500e61481c6fe76ca91673fb
SHA512 d4e93025cbaab9759b79fe21aaa919b0ef3c7a24486d74c02db3fab60307c78b40d3add75081a9e31d3b0d9d94aa9b343e42e73dcada03782985b76d2487531a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

MD5 214516d9dd10e17dcf667fdb500a74bf
SHA1 67d486c37b099e2e9818215b5737cb93c7b320ab
SHA256 c0d2dff87e4f730e094808c04d3fe1c9f46903f484bcc6a178369bf1730eb334
SHA512 e21d8a45cd95824020d37d2d4ffc3117d36a5bae79de1e7391cfd255e17486da7e81755603437cd9eb2982478882a73554724748ab91303182f4a6636981a60f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 de59bb61a12ec8f71273d9f37b87b952
SHA1 dda0148b2c24bad7db5ebfc6d195578b5345f343
SHA256 42677693fbcbabc576011bdb7be94c324f70fe2700b5b686bc08e5136fd5b6b4
SHA512 9495e48e0230d89508089b3552d72a8f0f0a4cbc030fe297d25cd35c3dc14ab2dcdc7577980742a802f8a6cda1e4a3ceb2d75f3226aa2a96a26877b35b2cc2a1

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36329b6c138efbf4ec5bf89f07b2ff15
SHA1 af82f70ab62ced691ec11da735ce6e8c95050b67
SHA256 00b6b2d11707dc107effee4e381024db819f0798f9b1dffd6e377c6189ae0290
SHA512 5c3a767951530377abaf5caf86c9dc0c7849e0f8780be7877b85c6ba9eb0c2b464911635f8d682922eedbbcd0c18ca42a476ba37b1beba5cf3c3621cdb9a4944

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

memory/6020-617-0x0000000000380000-0x0000000000848000-memory.dmp

memory/6020-622-0x0000000000380000-0x0000000000848000-memory.dmp

memory/3108-623-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

MD5 ab810e6f1777368b1131d2bc4ef0d0eb
SHA1 1f16992d6fa97b8ae2ed97cc3fd76b0d2fc0c641
SHA256 f22bb8bf7f3e27ba72d39147039638794243a90a09e65ec0830aeee20732d030
SHA512 19457095d9ccd18882fe15907f1abf0e6472f7ce63cfa5febdebab58a74412bc84288d9a592b7839e1ad4f404f3729952c38b4d6d523437aaf90846e26fe0e04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

MD5 d73c0d3600a7efe0c56b1a389d70b7d6
SHA1 902d6075dab28ba29f57675786c768bc04ba90e3
SHA256 75632297fd98357e8f5b2770eb512c01cfdc84e8105849bc9d2f779691244968
SHA512 cd74200b25f2709c616f62424e38b250678ec6d8b12783994fbe3049d283dafd4b194d3ea7ded398e74f3a430209d177d6ae84d8361abfbddc836d8e8c3ae3be

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

memory/3108-687-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d3012a77ea082497741d5137c71cbb4e
SHA1 d34fb0519fe41ee80e929547af47abf5ca5c0983
SHA256 ff5fddb700e70281b7f1a10aaa04ea79d9d34209ca3e25cdd9e80dbb7389c41d
SHA512 bb87dcf5db51b43b56b3d13811396b2061f16dda024009cf41d9128a2cda0a67068ee1994d5664af1a6fef32211e6f720587a25aefe009feb9b1e6ce881c516e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eaf5f7d857a47823e25dac1307192a49
SHA1 3068bceb0dc662f93457bb29d42dd0de84f7650a
SHA256 e0c7efd403590f0ae05473e36c60517dbd0666c09c86c92b3b6475ee8c71d9f0
SHA512 17765c2bafa9ba667f328855c6ab2f96d0788a5e52aaff56562c17a0b53d6eb391afb3a1c28a9723b65474fd76b65771af06edfe1fa2bdfcc7c2aadb938eb662

memory/3108-706-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

MD5 8fce924aca12ffae1734683184d9d509
SHA1 28152cbe32101e985d6de84e65e1ec24a9818fd9
SHA256 b653e7a0b7656cd786febbdf435dd245142c35c984ff3d496480d5075fe0317c
SHA512 9ddd229364271415af867c54aca8e672e27e41719eff10b9c6b77522d309f79bedbcbce5fe3f7a06e76e5bcef583d536c495992825cb72c97756d88ef5a11dd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86e3c9af3ca9008c43b9c76d3da77dcf
SHA1 ecdf66e79240570635c2bfe4d2f210b3d7b7852b
SHA256 073ff4bcd64a5f60f8194822bcfce9879fb204a596ed150bcb4158a47fa13ffd
SHA512 1b6ee776472c9d2ac5649aba16a1d5f5ec9535bca240596a3a0911bf3c1f1c4c8bbf6afd05077607404f06b4019ec119fcd9c68bae1744c8fdc60c743afd2885

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 2a4bd8ad2d1ff2c6cd02d7def66d00e7
SHA1 64a60fc3a631c793e7fcbca980ad600583506228
SHA256 b2a784cb38adb534be363ed75227ed4c116a09ecddbff7de2edad42669edd8c3
SHA512 4d8ca535070f9b0f0f2d34faabf5ddf897929d3ffe9c7e5f81071f8a19867359b2cd7401720a692a83f706e8892a7b335e1a648f4c82c66bd0718c83266f6d9e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 22d25f27de699b81f787c07b1d634a8d
SHA1 598949f79d3906eae2e29eb95c8615696aa33e8d
SHA256 9fafca0b9760be60e32bdc25cf90cd665f83c1edb705296d75bc8e14ca5e819f
SHA512 e50c368c71df6e68879ecfb42a1a8b45bd59d66eb8a984420718844d8f4eb116e54e52aa5fd34e22b7f28c5febde50a61e496e7c9ac78893979b1e7a4cbedd1a

memory/3108-902-0x0000000000380000-0x0000000000848000-memory.dmp

memory/3108-1857-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5995bd20e517bcfb3bebad41cca02bc5
SHA1 3d8eaf4888b988dbe34d2c873a63f6c856674c7f
SHA256 af480ba3a47ca146837c28bcb54533b5add7012bc481fb9144cb921632ff8f9a
SHA512 4720ba816fb2f4d6665514dcb025ed5a1b5b845f476aff665086593e6bc561a2ff0a4b93249a3c9219f14753836bc5ad65bccbd8eb04f9ef05fdcc1df0398594

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b5e68a8bcab357176d910adc9af86dd6
SHA1 bae5cb81545b8f48f0976021c65e3ff549beb123
SHA256 1027e83cd3b927455fa66b0bb131abd5df7779bc151998ba712100fb470a8f18
SHA512 46a3c7e499555ba9ff3d50d8ae2c26726b2ff50f4d9ded5f053512e9deaa2f4aa63cb53e0de2d0ffb4c7763f98b18d360eb522ef40c2223d4d9c16665a96f9d6

memory/3108-2726-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f27e26114d1b9592ff3c99b8754df285
SHA1 e11163f7046e2bfa02fd41619e022e7acb90116f
SHA256 ca05b34ecf35ac1997a2dff59733968b2f9de6b7f6aea2323e47f4e8241083b2
SHA512 0d6dc6f498af85c37851ce706762331340ef508d5f3d5dafb2cbd0e810a262a822ce25be7b0510e3cf4eac8c6a52321ce346ba543f4e01fede23463df1d627bc

memory/5860-2737-0x0000000000380000-0x0000000000848000-memory.dmp

memory/3108-2738-0x0000000000380000-0x0000000000848000-memory.dmp

memory/3108-2741-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e69ea6dbdb3b47709a65a87931a754b
SHA1 7c76ee068786fc6123e389816d8279bef202c0af
SHA256 9ef61a066e83c95d440d5de9f67af4434068a5af243e658c54890b04cb5a8b2a
SHA512 4afdfdda14bf89e17ce52e96a8c0f05e9f70f5b18a6ded79f7edad7f55688df21ee1b6a13124360f4024ecd76cac5170de49c144be374f4bf60a2075cd5fca01

memory/3108-2751-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b216e036ad36b882ca9e248b8958dff8
SHA1 57cf3d1f3e921a9517f823708905476129b7ebb3
SHA256 5df54afe7b1560f8bd0b6b772eea1bc087d2e689a5b01a750c163fc9172a3634
SHA512 9a9be52ce1e810acd5ecb83190c56aa9bb7a49ea8e46ac4904c4895ba82cb6e04afb7666520b2fcefe79ad605adfd5ec0998ee5c9e50ebb937e7452ac63c829d

memory/3108-2761-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

memory/3108-2784-0x0000000000380000-0x0000000000848000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b84c3e19d2355a4724df57c1048f3ff
SHA1 bbfe33b73e779f2c6210c1400f60d69632389e35
SHA256 7493c02dcfd2ec292a5255808bdd235ac96b3b3be1fcb2458b01583222187ae5
SHA512 9e675c1d89ac779308dfbec722576f05d8ca35b22837d5bbdf598681f0690724c3fefbefe103b9a8220e07d646b1ba76a1495dce381cf643aec6eb3c0a7e08f8