Malware Analysis Report

2024-10-23 21:50

Sample ID 240910-n2fs2asgjm
Target d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469
SHA256 d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469
Tags
amadey stealc c7817d rave credential_access discovery evasion execution persistence stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469

Threat Level: Known bad

The file d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469 was found to be: Known bad.

Malicious Activity Summary

amadey stealc c7817d rave credential_access discovery evasion execution persistence stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Credentials from Password Stores: Credentials from Web Browsers

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Identifies Wine through registry keys

Checks BIOS information in registry

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Command and Scripting Interpreter: PowerShell

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Checks processor information in registry

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-10 11:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-10 11:53

Reported

2024-09-10 11:56

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a2f95a4dda.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\a2f95a4dda.exe" C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\svoutse.job C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133704428495459195" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{0D35C4B1-2B72-40D4-9888-362C731A898E} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{BD12C59F-5189-41BE-874F-83EE62E88166} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{02C76D48-D062-4F43-AC7B-B5B914F469E0} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2236 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2236 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2672 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe
PID 2672 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe
PID 2672 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe
PID 2672 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe
PID 2672 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe
PID 2672 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe
PID 2672 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2672 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2672 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 4360 wrote to memory of 2200 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4360 wrote to memory of 2200 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2200 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2200 wrote to memory of 3740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4360 wrote to memory of 1276 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4360 wrote to memory of 1276 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1276 wrote to memory of 812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1276 wrote to memory of 812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4360 wrote to memory of 4228 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4228 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 452 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 452 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4360 wrote to memory of 4620 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 4620 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4620 wrote to memory of 4324 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3688 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4360 wrote to memory of 3688 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3688 wrote to memory of 2348 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4228 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4228 wrote to memory of 4520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4324 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe

"C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe"

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4352,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=3004 /prefetch:8

C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe

"C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe"

C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\a2f95a4dda.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb38dcc40,0x7ffdb38dcc4c,0x7ffdb38dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffdb38dcc40,0x7ffdb38dcc4c,0x7ffdb38dcc58

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2c0,0x35c,0x7ffda3dad198,0x7ffda3dad1a4,0x7ffda3dad1b0

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f352938a-2abc-4cec-ae65-352da10d8da0} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2816,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=2812 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1956,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=3024 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2168,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=3040 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3388,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3404,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4376,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3808951f-00ae-43e9-a39f-cff130d9c14c} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3184 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9c37096-5ea0-45c8-893d-33a50900c314} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3612 -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3356 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0238621-32fb-45e7-a25b-df877c54abe6} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4132 -childID 3 -isForBrowser -prefsHandle 4124 -prefMapHandle 4120 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6d53f5f-a771-483e-b83e-5f5e493b1df1} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2592 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4820 -prefMapHandle 4752 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a92db912-1b7a-485d-a371-aeaea5c933d5} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3548,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4080 -childID 4 -isForBrowser -prefsHandle 5760 -prefMapHandle 5560 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {445134c6-dd81-4bf0-9152-b1a970ee3586} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5888 -prefMapHandle 5892 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15d76b43-3b12-4d85-9af6-69ba2550505a} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6044 -childID 6 -isForBrowser -prefsHandle 6052 -prefMapHandle 5760 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feb0ecf1-0f6a-40df-985a-321d29948566} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4640,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5164,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=4380,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4864,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5280,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5452,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3368,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=5804,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=5812,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=6272,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6712,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6712,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5192,i,11191041330717016973,7137683958888350594,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6248,i,5320961355410699661,18406248152081799841,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
RU 31.41.244.10:80 31.41.244.10 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
RU 185.215.113.103:80 185.215.113.103 tcp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 103.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 172.217.16.238:443 www.youtube.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
NL 142.250.102.84:443 accounts.google.com udp
GB 23.73.139.50:443 bzib.nelreports.net tcp
GB 142.250.179.238:443 consent.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 142.250.179.238:443 consent.youtube.com tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
GB 142.250.179.238:443 consent.youtube.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.179.238:443 consent.youtube.com tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 158.124.235.44.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
GB 88.221.135.27:443 www.bing.com tcp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.187.238:443 accounts.youtube.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 27.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
GB 216.58.212.238:443 play.google.com udp
GB 142.250.187.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.212.238:443 play.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:49970 tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.238:443 play.google.com udp
GB 216.58.212.238:443 play.google.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
N/A 127.0.0.1:50032 tcp
GB 216.58.212.238:443 play.google.com udp
GB 216.58.212.238:443 play.google.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 216.58.212.238:443 play.google.com udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com udp
GB 88.221.135.27:443 www.bing.com tcp
GB 88.221.135.27:443 www.bing.com tcp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.35:443 beacons.gvt2.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gvt2.com udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
GB 142.250.179.238:443 consent.youtube.com udp
NL 142.250.102.84:443 accounts.google.com tcp
GB 142.250.179.238:443 consent.youtube.com udp
GB 142.250.179.238:443 consent.youtube.com tcp
GB 142.250.179.238:443 consent.youtube.com tcp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

memory/2236-0-0x00000000001B0000-0x0000000000640000-memory.dmp

memory/2236-1-0x0000000076FB4000-0x0000000076FB6000-memory.dmp

memory/2236-2-0x00000000001B1000-0x00000000001DF000-memory.dmp

memory/2236-3-0x00000000001B0000-0x0000000000640000-memory.dmp

memory/2236-4-0x00000000001B0000-0x0000000000640000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 1f168ecf05a514a49417ac8cf81523f1
SHA1 4675d4458cdd7b48bdeaaedb954e17b28afc5503
SHA256 d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469
SHA512 cec0800341c266fe8edfbae52b8f098f3e474ee4c2912f23abb08bf3184e5f70dc191cd0257e6356b5bf193b8da9140c9dc5286a6da32abb7b403f1e8cd59722

memory/2672-18-0x0000000000960000-0x0000000000DF0000-memory.dmp

memory/2236-17-0x00000000001B0000-0x0000000000640000-memory.dmp

memory/2672-19-0x0000000000961000-0x000000000098F000-memory.dmp

memory/2672-20-0x0000000000960000-0x0000000000DF0000-memory.dmp

memory/2672-21-0x0000000000960000-0x0000000000DF0000-memory.dmp

memory/2672-22-0x0000000000960000-0x0000000000DF0000-memory.dmp

memory/2672-23-0x0000000000960000-0x0000000000DF0000-memory.dmp

memory/2672-24-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Roaming\1000026000\a6e045c9a8.exe

MD5 9f2ea8da04f80eb3da5aa70a8b0dec4f
SHA1 512b90952420f05ba4e9bbc373ca739e62a09d39
SHA256 f5117e607da6f40b945427386ad04ced62b3473351008eed049c3e9653222826
SHA512 c05467a56476014fe6a4866e74ab0a716bde6213ce2bcf6c0eddc9b4702e5dc83d797722f4fe2adfe5bff1eee1eaae435c89113ab53935fbacb9fc760795d497

memory/116-41-0x0000000000520000-0x0000000000BA3000-memory.dmp

memory/2672-39-0x0000000000960000-0x0000000000DF0000-memory.dmp

memory/116-57-0x0000000000520000-0x0000000000BA3000-memory.dmp

memory/5064-59-0x0000000000630000-0x0000000000CB3000-memory.dmp

memory/116-58-0x0000000000520000-0x0000000000BA3000-memory.dmp

memory/116-60-0x0000000000520000-0x0000000000BA3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1

MD5 1f5ac0c26ba396b7af106e48db46ebcd
SHA1 5b504936cf427af26479bb1c0ec275a2fc77270a
SHA256 280d4f5ce7d8f2a3551ab509ad321971ff8eda76dad33ffae5b8961070209cef
SHA512 65eed3f167c83f53b7e2474dd5b2ab58c7dc7ddedbe89fafc016cd1441dfd02e5c92de3dfb9e2f0ca98b8f438779868999e3212ef64210fde27072e7ad64f68e

memory/116-69-0x0000000000520000-0x0000000000BA3000-memory.dmp

memory/4360-70-0x0000000004D00000-0x0000000004D36000-memory.dmp

memory/4360-71-0x0000000005370000-0x0000000005998000-memory.dmp

memory/5064-73-0x0000000000630000-0x0000000000CB3000-memory.dmp

memory/4360-74-0x00000000052F0000-0x0000000005312000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rf1mo2e5.vqr.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4360-81-0x0000000005CC0000-0x0000000005D26000-memory.dmp

memory/4360-77-0x0000000005BD0000-0x0000000005C36000-memory.dmp

memory/4360-86-0x0000000005D30000-0x0000000006084000-memory.dmp

memory/4360-87-0x0000000006310000-0x000000000632E000-memory.dmp

memory/4360-88-0x0000000006330000-0x000000000637C000-memory.dmp

memory/4360-90-0x0000000007520000-0x00000000075B6000-memory.dmp

memory/4360-91-0x0000000006870000-0x000000000688A000-memory.dmp

memory/4360-92-0x00000000068C0000-0x00000000068E2000-memory.dmp

memory/4360-93-0x0000000007BB0000-0x0000000008154000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 4fd2e1e0ee89ab2efcf64b13813dfb57
SHA1 f1469469ac1884f002fbe3cba1d8be88cfdf39af
SHA256 b94064c9e6abef05638da45947d0760325acfec963626406aa73bdeb3f3e77a6
SHA512 f28e540f5e356191f33a7e5cb091d9e6fcafac73a94e87d6b96823ff9cd8d914ed319cb3ad1ea76a5e788b7637826b6b5fa6b3a6c96f24353c0c44f9ce0b00cc

\??\pipe\crashpad_2200_RMVRWTFSROPQDQQQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b1d6af8e7fabd02e658b89d3a1e7138
SHA1 94317ea655c1a89aa74c4d47e6ba16a8f9e63167
SHA256 a4e719e9d5c9fd07326f42c49086443d67948e06a42ed30999d6cedbd5b821ce
SHA512 e56a04c09020af76a108d90df9f8342beb8827e2b099dc9c738cbbb82c4864220d9508b36d154bfa5307afc954bbdf4f16cace744bcd153feb8808e7784e7077

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2acf04ee451070d8a81e8bd01b49a2bd
SHA1 f52528baf1e0266d548be17431b762b7f88f92ce
SHA256 b8740ca105d8d48eb71ad2ecf3a649b2055b10d731bad2de94af26060b4172be
SHA512 a3fe14747afdab1374a9ac328aed991a040d3451156df208796d0185368bfe7a7e38019650e93d0b04dbc4bc7df7dc7b0548fa01c9642cab84720e1e0f902c1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15ae4e335c59ad799bef65ac1ab42d4e
SHA1 37a1821e7fc994947ed79a6a229272ca2fd84c2e
SHA256 9a0d2781a5dc8dfd1cc2da0aa94a1f8c017b7f7a6dd3125b244a15c371b95e7d
SHA512 7814f51a94b9a7377f90fc0f026c3cf3abf58c00f22f65937af1d4369328ea4a1db09c74fe01bfc1c77c56b4e25153b0c4a4b148a9ad8424d8795b21c2f3f61b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b8a6239a3515e044c938db52ca9d180
SHA1 3c846a2c5b326febaf267ab0833804775dc03400
SHA256 602aff77e5bf9101346ec08d10d7d25b56b56ceb673b11e94ad4bd3e99025a6b
SHA512 20aee3f358e04732761faab6c5f8b917879c8492c507dd02e040c82f0891db13e76e5d40454bd92f3fde959f9b8363846e70e356cae752da5b6f0a514def34b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\efc9f814-2161-4ed5-8f1e-b3098ec32050

MD5 b6d2b7a23deb9a89102b850f0a7cbcad
SHA1 1e2a255bfce215a28f1d92cf49fb82f21d4739f9
SHA256 f78cdca197075492d17b20fabcd8f7730af38c651c9cf04f01471b4b2ab86071
SHA512 f0fda575133c6a78a4ab07d00263bab19719afecbe32776a0972bf97d8dbff15d88657403f93b1327c34ab773b4b6527bfe81e5dcdc12ea6638ff14cdb0497c5

memory/6556-368-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\70c39572-9f90-401e-8c05-449222a9d4ec.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\f8566d02-8ca8-4ff1-b254-831bb820ec1b

MD5 c01fcb785ca5d311fba1c5b6886cf3cf
SHA1 9de40bce2a3b41d7d0bd558be5a9d2ddbed5742d
SHA256 7f9c09e149660141f1f076efe29b8d0dea90dfb472f1557166054af3b33de1bf
SHA512 278793722de6338e5e5a65901202bf136082d38d6608b449e3637e53179500e17b609d998208749da16d4df9a0683e46b7a7c2e57b04041603aafd20930a7fad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

MD5 7585eb00d925a8ccf84b4ff71832b0ee
SHA1 87d2426279f89ee58dc8179a46211c92f62d3f66
SHA256 91a5186b81eaa437cb185a4fa60828ec528deb28d48aed4bcc31718cf74c5098
SHA512 85d1ba3cb9d52458cf059f3d820bb40e5c5603435fb378d03d925330e372e5701bac531987ae8d3fb1c8e245725995c475ec606f1f62ce977383dbfa53ec96e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\5ef3dc2c-2528-47b7-9adb-87b70fde67dc

MD5 2c62063903119ed7c61921df6adabdb7
SHA1 19a8c915eb89818185eee070fed24da0aa8eb52a
SHA256 dd41561315109ce50f811650281deeb637c1e47c53554f250bfa85ac6ba539c7
SHA512 7fea0c753926154a23a2c0daedf78878b60d1de10b6091f046dbeb6a155e32f7c0cb346cafb1616d9a2a3ca524971208f3cf9133ef3d934d3ff071f67134e6ff

memory/6556-400-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

MD5 42b3a840960b9c8f9ced627993457d82
SHA1 31673d55d50cea297210707ba0e3501d9b4e1b6f
SHA256 9d15283528eb1bbeb6f00a3528a18fec314a74a090061c8a9509921e2baa86ec
SHA512 b0ff9be0e9d107fbaad53257e062ac7ad405fed18b0376b2b9c85c34dc56fdd60ffc2f36eaadc6c445b00936da5e05f4b0436debbbeccfa15e2fe04f35a923c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

MD5 f342f4ea79f75e5518bf7793b783cef7
SHA1 52b9b7cdb4cb099c01980995fea44ff129b6fda5
SHA256 ac8e72536b3536a866837ede391e00adfed8f483c82456ed08524a73a684ce20
SHA512 35833a414c89217c5fd309dea1cea7edb75fef0e01d232327a6972543917495cae00d9858edeafe799bcb56cf06fdecc82ab46953f1f31488ea4405e5f0f6848

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

MD5 19b7666aad73d0a07624327de337ca4e
SHA1 9a091f3287353003ba7a38c64f41620a31cad892
SHA256 4fa2b049ef79a1164f00d9f9a89dd9472a5a947e04b596deaf04826ea6154f2c
SHA512 2c05e9475193e0b50418cb60061713a0c1276ae525ff2cecdb1b1164d754f5ce9753337a906d641a15695fba3107700abded3e311903b7cf4fb32051799e3a0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b57688a1f43f9e27ecd46ed86968efda
SHA1 37e64cb68107e245cb1489f972bb8de99bfbaf50
SHA256 e33fe35196fe5895faa14403ae1491fb292b0fd2ad1cd0bb5c3cdf9f8def9ffe
SHA512 65502d67e50ccc209d03ed38fae7705efc3b23c6e7af6d7cafd0b023753f5864a78a30dd31e462438b60006fa6d01ef407368c0003774e7554e99723a6dbb37a

memory/2672-485-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

MD5 d292521f5d64a766a9b6aa29848ecf53
SHA1 b33e42c3163363b3042979db045b508eb0593eff
SHA256 cf910e2c69642a94a5efd10eed8f4cb9e5ac8721dc7f972e1454b6b0abf3a2e0
SHA512 b3d382ddaea9fc9d55c243bf471870f2fabb4ab016223203cf9635309822359414bce621295b69048ac5ae04efa55bf0663e893935037126d040f6d2db456aea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

MD5 58da8f66f3db045e5b9d71aed1a7c40e
SHA1 ad792aa71a60645bf82271522611cfaa9ed5839e
SHA256 b534de34d0dc4b2ecec1d9f5983ac4c776ee2514dacd3839ad5bfc4f45cdda19
SHA512 9a4b901fdad6145a26f4717af11ba8b40f843c0f26cd8932192bb185955dccabd0c2174dee3383de7fb397237f39d47e0b8ee8469e91d7eca02700ea07ec2f44

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 c460716b62456449360b23cf5663f275
SHA1 06573a83d88286153066bae7062cc9300e567d92
SHA256 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000004

MD5 e36a8d3b331d70280a5de12d57d9c7ef
SHA1 a977075fad9c9433976c68e8eede3651478485a5
SHA256 05839cbbbebc230b53f3d25182da69e05af4a22b70a30e8774c5f7f2d1a2b9e7
SHA512 08b9bacf866953bb2b5b57ee27c8feb0fe29d025ffc523cdab1d459f0c20987e799e8da4c1635d174accda1a89a6da9369ea3354a7b7fb49425601fe1081f8dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000003

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000006

MD5 e6fd019802e4caf75cc550b3df828db0
SHA1 f8a85e905b071c3b4309c345e52ebd60f31778b9
SHA256 9a4d03b9c6e9951eb4b28e4d1137d395ffe902e82a5713c9e5179463d5351f25
SHA512 3439e2be3a5146362cc0ac40e9a5c1c55887be0177d7fe5c6b4cafdc3a17c52c72055247dd8bf7d6d0423f816fb2ec4df1b69d222a3ade8fe023fb8b3eaa5b79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7b953bd50b9141485e3a17fa72717138
SHA1 96ba745c0b64119489251d1657d8843bc3666849
SHA256 b5d45ceef196f1eb977957e065ea0ad17ec8072cb65f046f780905a42515d114
SHA512 bf9884661d74022065bbb082e2ff15442ed80290b106906665bb0b9b2fb391e98377385e6c1c51d5bb7a401936368cf17ea2b3e49dbebcbddfc58e0ec1ff6ff7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae1dfba05f26b02a1a2f2c648e119de2
SHA1 d03e1bf2b6223dc21e18c2316320b50401b87684
SHA256 b92eafdc82d90d96f4e69996aecb049748076981546f1675aeb6b5e24aa8f88b
SHA512 bdcdef79c7c20a2eee1d3d344481a132aa4532f37c2ac268f0f911fcbef284ac3f865e78004bae7848b896b70f25b4c1e993af2be0ee34cfc77a76fef1ea8dbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\63f2380c-d9a0-45d6-852d-d038ad93a0e9.tmp

MD5 d78e763d410aa7b328c9a5a182a1f3a7
SHA1 5ee8349cb59529287dccfdaddf5e7e01132a432e
SHA256 a2bb631b6a1edfab670c941b088024e9df502ef1f45d99ce0239319755d871a5
SHA512 2697cc8f0c6d4999b877a607fa9c3c18daa2cbe574b338faee8dc58f48a2c2716395750f7e6c2f3dc48446f70ae2a379a5907ea9d5bda5a48a216a2cd31a0697

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

MD5 11d150b7638ecf8c46bdd9cd1be61105
SHA1 bc0f710fdfb4c3db3afc637a2c77e5606ae954c8
SHA256 d1c9aec64bbe7ed416a4ff0d8bba47be866791c8683c0f2b599832a0b30adbdb
SHA512 42cdd6381fe554b7b8191ceef86149b640b32d6375748d17bfd265397b6f8dc5850fc71a43a2438eb074f16d63c23b1d89c95c331eac61096e10dc5482f7414f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53ee7fac5f5f81cbf49d4974a7b541f1
SHA1 dd9adc69356c6837370415b195d4bceafed25ca1
SHA256 ceebdd9412bf21e06fe13b0185e52c0e0c76c922c1c1a830c09179bf0f4c2f19
SHA512 b8c1dbf6d00256a87fd51a29aa42eb7dfe2338d2576d1c8630432098cb2c4736af7c3bcbdab9f1873d4e298a8f7ba30f38595e395d25007392f2c25a1210788d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000008

MD5 d2d2809abccb934fdaeb28495aad6cc0
SHA1 bb45cdb313bef33258c77fe2bc7a355b091bae61
SHA256 1140160bac9d000fe420508a039047da882dd4e754d87969ccae9226677ff312
SHA512 bc117aa72314a6cba24625b3ebfd8966aac7e70c026007130721b01321cf5b3b1a89884d713b7985f79602fdf3a8c11dd8190813df44b87914834be4cb95dc86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5ca8371277bd33cfa20078bdf177e313
SHA1 4211b4a02634b42a95b7282ceb232af342d2b9d2
SHA256 02ca1a681de7b23d5978c8b059133400dc9456e9c446db046a91abb210771feb
SHA512 d2cbb7f3840183dbffd4dae5b9243c94c816ca4e5f4d4dbfc6c5d80e4e7c64e7561c5e71fa5f4386965d8dbf817fa13fccd00adb6415a76aa130eb739468fdd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 54af3899575c456bc7955295fcd720a9
SHA1 f291c3e1032cab7a343eb920d484f87341e2483b
SHA256 2663ad7eb97d84a3947b5afab3bad2948904077f3892dc5113e56a68f958adb5
SHA512 8b8b3ef44cbedd220c57a71e3f37b54045c101e979ccc3908de9adf65fc06ab226a7678a518945bd34278201548862d8ff887a7c29cee7aef472f93b598f9760

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36cc22dfc3b2266b38cad265ef46596d
SHA1 75a7c38972a08e288b93ce88918007665ca33668
SHA256 d921bda617d74ca92e0bb89312da65930d946490d245bab5c55787e9d3145b9b
SHA512 c42a7d311a9ecf5ec0afe6f3071754698c1ad9e10525cea28adf51f54fb8674db87e96a947dacff33de4fe40429c461d7168532cb3cc7aad495cab8e6c14433d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 54397ca804bb02ff4f9dc87342ce832c
SHA1 30fc76c78c1546125f243cd3dd77bd2c04f125f2
SHA256 f4cf38ee7bb3dca2b011c89b669a1c43a14efb15e24f59cf4857dff1e18276a7
SHA512 d2c0a78fc33177335c1892dc7efb6a93caaa75b3ec1d30da7f8df64e3cf30250024be6007ab3879a07ae3356b92dd9030a7a93e34983c4f227f94bc40bb7affc

memory/2672-764-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

MD5 fafac25013fd17cbea7ab525821d9a3e
SHA1 75b081742fbb9117d9ec0041a4b4b7b109b68f72
SHA256 0c06d967fbe5f3a0ee21adc0c7dbfbb1eb079519820703ea629b6722dd046841
SHA512 7b4d8c0192aba3d6851cdb9074edc4e40dfc4adee00222e72b9d490fb321c9105a4e1cfe8e5df98fd1e8dc3bd47062af56574a2fa47d8bb790e0dbece6586bda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f05cd14dd9e356f17507a42dcca1d952
SHA1 dc59de4f728da142e89bf3f90091e72a1d02505f
SHA256 45f1f505d59aa94458d9a2b8c246e4835cdadc20b1442771206d930826f03c1f
SHA512 eeb769150124e646c8a14cd8d59114119455eef5611623c0e3c16c792e0a3a5d7e5e02fd338e8ecb840a0cc0574a52845663d0ea4a9ac3ada9a44869b5e92dea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a06fd34a4daaa1a89eec65010cba79f
SHA1 34db47bda56d18c69e5594e6030b7cfecef4000b
SHA256 3bef51c60a00fe735d22fe852c4fc0dc925e0adf44da8c6b502654b8ade0c45d
SHA512 2c0084a63f559a9f975be6dd492f1a91444ada562e02fde126aec79a96a05f012e954a364332ced227734a472645151498bc43583056d6e2548057d5c3645943

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

MD5 a499b3b891816b3092aae1750676ce57
SHA1 e55c713d9836d28e0dbd11d21913cb5ef87433b0
SHA256 f98ae21242aa76dee859e70743391fc7771b6ef10324f7b7eff8ee32f93846c9
SHA512 2418886eeadffb0adc8785f9c594313690e8a08796e9fb73157fa5d80eca95322f581a7002e9300f605c50d4fd05eb52e9e4faeb4b2d2bf398b350b17cfcd0fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 e071f75dcfd51e8d13ab7eb54aa33c19
SHA1 e4336d5b9bc26a87c115ff7a80e3b7e85877af7d
SHA256 b8fbee7561c2f997c52adc66058d4f8205ee677e6d44652351e18d181cf833ba
SHA512 57149882ba0f98c7ef3c4054591cd31e80a3decc706c4a00ff6eca3321204fa0722a2bde6cf316b51f2947d4637e3ad0d22469f199c84988edd6f9224d5718b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 94de9af986c90b104f76daf7368d6f1c
SHA1 07d74896f42844848d356bb75882a26d67a9a8dd
SHA256 bf686b20bf9ad5b548ea2c83fc3d10d3cbf91420fbe95c13d880cea5276bbb4e
SHA512 122c733279a50489b67ed96bd54cc1b7f87e5927fffb3f9bd7390c27e30275477cfe3b4855373a37bb0fb6b1a88e78232c54763fbd633dcec0ceaf7666809364

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

MD5 95672ea9e10d9432cb80f466e3adb676
SHA1 112870b084d271845c9ee77567daae2c4d0d9eec
SHA256 8666b1a4dbf1218e4df8cc60c09ecf65d9661616d5a5cd7d1bdcd11373772bbf
SHA512 f7ead9a3b452af1eb577db332ee558789c24c80cf5a14019325680ce10529feaeeba9fc4ac7a0fe1bfddae8b9716461c728093733dc636ad6cf2d6a0639d7799

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

MD5 dc42a9f0cc8c4c94a9625a0976605b0a
SHA1 fc62dd9825b92aeb38e38ea25c1aeb596013c507
SHA256 dcb83147bf104b45e6d46a0e6ce9380e999becfe7dc2e15c63640f6e07361860
SHA512 32aef311559a0fb059698c7559ff11e444a6536025a28bcdf5104ab01c1be85eef301a47a503cbe146d499d334e401b7503acc91af3afc79c3c2fbdba16e8954

memory/2672-886-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 17e6ee6dce684c4098584e555e960d4e
SHA1 28097a809ff34d493fd3d2d503ebe22edc5f0c18
SHA256 d9b65d6b29a2f53ca741478be6cb5ec1bef6f3681174e4b689a0ea2ffc283e18
SHA512 ffc57d93eb82f2c85c9df1dfbd50f6afc9ebd01914de9bc3ac5f07c238fa74f03b35f5ece8940a493cd9579193977a9af433cd3dfdb42fadb18ac467083196a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

MD5 306703a281a66c074ac683cf48ffc4cb
SHA1 96b330a476a7378bcb167e3f1dee786a1f4219cc
SHA256 41d9cabceb3e27ca02138380d68159e2419fdfa9fc01026dda5371769f8d5cb9
SHA512 b61e3cf281cee9fa6ba385e1567ed66049ac6e1fa0ee95c34a2a5a55b39651ed68456278e7239741b6b2e8fe0cbf35e2e477fc2449ca5ccb971d658f1dbe6d2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c7335c6da092d3cb3d8ff02b55f41c3e
SHA1 eeab57c0b3d51eafdb10e65e764ef1562db2f197
SHA256 ea3f56765d1a343040774efad965198bad371903ec3b0fab32966b474be2f73c
SHA512 a69d5a371e69121b87d07b10d948ad2b22cfdfb4ea2888eb73dbbdc5354d420cb71cabf619d68a30d0dc8f693a3c1a16ddcd9745a6ea5db1aed34f7d1a230713

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

MD5 84dfe412680a80191ebd613846d60619
SHA1 7a10abeb295e2a14499baba300116cd7e4000084
SHA256 36e6df31d913e3bc1b6db406dc5621b9c2a022987a85e20160051586b6a9c7c3
SHA512 39ab964a8e4168e640d17a910be0c4f53aa7e98e8b7927fdf177445def4e090db9820430ef8d568f3cc956c583b59a526c8e745c68c2d498789a3e07c1f24a57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b5d2a9dea4b40a62c18def6d315a2154
SHA1 193edb30ca802247e912b8e3117e655fd860cf90
SHA256 2d2e2668982f94357941f0015f54a18cbcd74e8e33bc9577c9a8bbea14e4899c
SHA512 4f233adaf130f16487799b004908f6645a33b67be0d02b5b5965b65c902c958ca1da9adf7786ae69e4e2cb6ec63ef3b960e59c3fd70ae6d43ca325c1c85fa270

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 02caaddd934f7e569e335c322dedc1d4
SHA1 7054bc0be71846c6aed17ed3b37b4dd4d877f46e
SHA256 3adb3de22e4b2556ff70e2866fbba5fc80379595621d97a10848f77d21244b09
SHA512 fca07a9021f1a10e11d573a7ddec30747c230d488b47ecda2ac0d852515afc707f56b31abe9c3383d2757c5b1786d385d3ec6fb935c3099a03b3086448022d6c

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

MD5 35b67df70b87735c245ef0c134b54a28
SHA1 3f3ff898dc6a3dec7ad8d42662001c187f02e4b9
SHA256 88c63d756d1f4b0631389a6807f1d5bfe981967ed2f627dc7c638bd0812f870d
SHA512 0ff045074b638b918121812a6d0045186a53875385e7b8b0b4202e530aeca98a7b70a1511b41686597f84a646a7f17113deb9acd406b2c16b7d3705cb0e817fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

memory/2672-1146-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6521b950a159a623431d3161c2b3ce7b
SHA1 188ebf77e880fa02f9841f99684814b0504f30d9
SHA256 8dd53652ab5fcba3b5029cbd19aae5a7cb48243bc43c16fc11bcca219c074710
SHA512 cb10b9c9d20e18664efab0e5065f1baead8ea5cf9ab7d31e3eba76a62b37c24db325f6f193461e977e3c78146b4f94d99d419948bec3a7bc09c99ad36847dc7b

memory/2672-1638-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 8bd18e7f94184bdb479bcba2cbad3c09
SHA1 7922f029740d6fd5e6036a729061cff403032370
SHA256 cd703f481a2ee67fd3dd902e5c71e9e6783c3ec43f3ad3be65eb0c8edf1a21b8
SHA512 223001a4487085dc88ee5744b3fa19ad7d2f2f7c53f423a3f28d3e3dbb6d96b037d71fcad205297442380091a7a6c8df392258d2f52d12b5c47d060898006ff0

memory/2672-2128-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e7dc83dee51f4dff6837240f345d9ae
SHA1 64ee32d0315da72fd5a216e0a1536bda2ccac898
SHA256 1e858f9228497dabfc4d15e318b0c13a3018e6a029663f9bd1118008b8448ec0
SHA512 33fa087272cbe9979f4badc813b85d768a006e3c2bdae32fb19fbdd5470c6d60965f9ca12ccb5bd08fbb45bd43cae75a1062eb0c77fce76fb1350d1fd371d80a

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 7cc495840c0660b69597ed23dafc6fba
SHA1 ade14d8a63e9c0952c8350fb2840fbe8e61d2866
SHA256 1d9ad9cb5179878714f1a9c84799dd28cf16f0b19c8f32ccd11dbef922db88a1
SHA512 9444b4176419b8bbba299d38e6e065682824a2e597467fa1b4ca4180e67d45dbe837e1d491032d9038a67f7ca5b1fbfe9bce70eea6908d447b3a23c1dae49d13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

memory/1252-2483-0x0000000000960000-0x0000000000DF0000-memory.dmp

memory/1252-2493-0x0000000000960000-0x0000000000DF0000-memory.dmp

memory/2672-2604-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6501626431549d96efcdbdd10b59a43c
SHA1 3e67b2678b69f9e73655121f6ae942b7b3945631
SHA256 80a668e82128ff92ae16f8a1821476e9015539bad76c8e61d025dc20834d9b42
SHA512 0a0d7ae4d8f60975f987c967b1d2c1523ae21cc7542e0ec67bfbeaddbabb4156b9538c20ad9079c2f697ca96c68e6885bfe4be5f1f6338728508012cf0effea7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f3a4f10628f444843efe5e78c0e5492c
SHA1 13ae339d320279cff9d81510bef41cb84dc4e845
SHA256 beb1f1c39f971f03a1951f79be180170f79c58cc13791953bbccc54f76fe8586
SHA512 cf78b87d4474e8def5ccf417654d39a4ff18b9cc0276ec298f0a9635388dc2337b594032a8938a96b9511b1f54f57b95f827f821508bcd0ef23be285174197a3

memory/2672-3016-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a1678a15e8009e1407b3f1acaa2461da
SHA1 473ebe201ccf1cc79b9d34205fbbd50d210bb235
SHA256 dd087ff2d5ae02584ea10f20e7b8e4a0d551d260685bf3e6f25973540d07338d
SHA512 3d913e5fcf5fa9319f9d20c67f9b1caf4a233a8b2012bed4c0171f1005ca557df7cd7d5f53dd915d40cf5101aef2936022453c1d086434ad53e7f4046e3a5306

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 86604e2cec6f342012370484b1abfc8f
SHA1 b332a6676fa5a7636791fe147eb53242e15477a6
SHA256 23ee29c447a77255cd132dd96debaf5d4c378c1f24b9bb7911e1f84f0d4f5872
SHA512 156f582893d0fe46240174b1b042fca938f5e6385bd95a945def65dabe5a9677f01eeb509d01dc887010d625318c5cf5d529a8ec61ce5b8c5455964ceb3b619a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 144a974edb0537bf99f96557843c0569
SHA1 8a9a886d3c512ff91d26fede1fcfa16866cb7bf9
SHA256 6bb113208023e3af6aafd5cac74570a0dc039b77118c8dbc7ae3606b4b40880d
SHA512 90e7e960481b3b0beb943cb8983d0d4cc5b3bb074e1123fe2ace57d5b88be16a414a0831e4d62da179055d757c1b78160b72c6157e742a0dd555ba157f4de2c2

memory/2672-3233-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b38de4877df08d00a81a6d5312358e2f
SHA1 26d70dbf7486129e0b23ad4d85ad30ede0d669b7
SHA256 5161a4f27816f4a5368d22124d543e9fbf24b87467a72e20f83846cf97ffe257
SHA512 db7195dcbd3970b4f2b41d3dec5434de8f7fc367da96554cfe8165270eab833bf46cc4e603b15b22a0739c68473bfe9dcd360d60460704bd8fd2db67acea4066

memory/2672-3246-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffb032ce62c51857248a1e3f5d799a12
SHA1 95eb61a3875aef32dcb3a43dc4df9a97bf7481fe
SHA256 7aaa7978ade522836ed4d01b709a8f51113de1af0756344c44564303bef77381
SHA512 7296105592f35d24259f3712a7e070deb5f84d0fb43540ee9b33f5db46b196f0dd74b2911bc900cac95e2e6edf33eaaf3f891a417e62c47f062e19fd1b25a914

memory/2672-3265-0x0000000000960000-0x0000000000DF0000-memory.dmp

memory/2672-3266-0x0000000000960000-0x0000000000DF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 decb4512b938df8b6ec28976278a3587
SHA1 335b13534237c7dbcffbf89ff6453f26ffd3a306
SHA256 3ce81cc4dd74c02f61d124c99b6a5df2f3dd93c42de9188f92414554c17df52c
SHA512 db80060539b8b1d59c889431c76cf9e170b4cbb3a0e5e5ff00f3c87ff417d203bd1e16aef22dab74ac4cd424c36ea4d8e84c1ae211582f1171078f1f03121c4e

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 290f43eb92e3e915e0b19e986744716d
SHA1 649856aadc910e863e68db3a9abde326f1b1db3a
SHA256 17341c35eaa563d4485b01893bd410ba6f1dc78f1d37131d7e90716ad0881d98
SHA512 a416685ef28ad5d2864a94929cc56b073f59815bd7233b5f4044c4aa24643aae88e9e8c401d77c5f860ed2f2c2b194d61208337ed59627723c6f91de25971457

memory/1136-3282-0x0000000000960000-0x0000000000DF0000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-10 11:53

Reported

2024-09-10 11:55

Platform

win7-20240704-en

Max time kernel

107s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Wine C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\bfdd24db72.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\bfdd24db72.exe" C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\svoutse.job C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2188 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2188 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2188 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2188 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
PID 2864 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe
PID 2864 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe
PID 2864 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe
PID 2864 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe
PID 2864 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe
PID 2864 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe
PID 2864 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe
PID 2864 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe
PID 2864 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2864 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2864 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2864 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1532 wrote to memory of 2016 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1532 wrote to memory of 2016 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1532 wrote to memory of 2016 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1532 wrote to memory of 2016 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1532 wrote to memory of 1576 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1532 wrote to memory of 1576 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1532 wrote to memory of 1576 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1532 wrote to memory of 1576 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1576 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1576 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1576 wrote to memory of 2304 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1532 wrote to memory of 2500 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1532 wrote to memory of 2500 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1532 wrote to memory of 2500 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1532 wrote to memory of 2500 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2500 wrote to memory of 1692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1532 wrote to memory of 2260 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1532 wrote to memory of 2260 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1532 wrote to memory of 2260 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1532 wrote to memory of 2260 N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 3004 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 3004 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 3004 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1692 wrote to memory of 1424 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe

"C:\Users\Admin\AppData\Local\Temp\d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469.exe"

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"

C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe

"C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe"

C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe

"C:\Users\Admin\AppData\Local\Temp\1000030001\bfdd24db72.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7c59758,0x7fef7c59768,0x7fef7c59778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef7c59758,0x7fef7c59768,0x7fef7c59778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1692.0.2070346149\938385937" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b38787f6-d3c0-4d29-bf88-72ed8ddf5556} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" 1304 105d6e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1692.1.1677541555\503782725" -parentBuildID 20221007134813 -prefsHandle 1540 -prefMapHandle 1536 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94607417-0292-4b39-981b-ad435f264a40} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" 1552 f0ef958 socket

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1276,i,719780991958256076,7035653479058982517,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1276,i,719780991958256076,7035653479058982517,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1276,i,719780991958256076,7035653479058982517,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2040 --field-trial-handle=1276,i,719780991958256076,7035653479058982517,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2052 --field-trial-handle=1276,i,719780991958256076,7035653479058982517,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1692.2.335908071\2025369229" -childID 1 -isForBrowser -prefsHandle 2512 -prefMapHandle 2508 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb88e53e-488c-46bb-9f35-5f0558f84a60} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" 2584 10565958 tab

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1396,i,10138061144653463927,9368009322860743193,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1396,i,10138061144653463927,9368009322860743193,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2720 --field-trial-handle=1276,i,719780991958256076,7035653479058982517,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1692.3.179994207\461310937" -childID 2 -isForBrowser -prefsHandle 2004 -prefMapHandle 1872 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2420d49-c0ce-4a88-9abe-c7a8d3b3cae5} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" 2124 e5b258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1292 --field-trial-handle=1276,i,719780991958256076,7035653479058982517,131072 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1692.4.1343983649\1697167867" -childID 3 -isForBrowser -prefsHandle 3804 -prefMapHandle 3756 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99cda3de-9e2c-466c-9e2d-2a3b83a68d59} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" 3816 105d8658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1692.5.2059041465\702075293" -childID 4 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {887a5320-6606-4dce-9f31-75b39e3bb59d} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" 3908 2252de58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1692.6.1438212778\548120140" -childID 5 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01287204-dc4d-4f6d-aea4-19fa7e5cad76} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" 4044 21a55558 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1376 --field-trial-handle=1276,i,719780991958256076,7035653479058982517,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1692.7.129906148\1223858179" -childID 6 -isForBrowser -prefsHandle 3964 -prefMapHandle 4288 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 640 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d1839db-a8da-4cb3-ae86-5e9b4e554c9d} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" 4284 1f86a458 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4072 --field-trial-handle=1276,i,719780991958256076,7035653479058982517,131072 /prefetch:8

Network

Country Destination Domain Proto
RU 31.41.244.10:80 31.41.244.10 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.10:80 31.41.244.10 tcp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
NL 142.250.102.84:443 accounts.google.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 142.250.187.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.250.102.84:443 accounts.google.com udp
GB 142.250.179.238:443 consent.youtube.com tcp
GB 142.250.179.238:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.179.238:443 consent.youtube.com udp
N/A 127.0.0.1:49280 tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
N/A 127.0.0.1:49288 tcp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.212.238:443 play.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.187.238:443 www3.l.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com udp
GB 216.58.212.238:443 play.google.com udp
GB 216.58.212.238:443 play.google.com udp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.238:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:443 redirector.gvt1.com tcp
GB 142.250.187.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsl.gvt1.com udp
GB 74.125.168.230:443 r1---sn-aigzrnsl.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsl.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsl.gvt1.com udp
GB 74.125.168.230:443 r1.sn-aigzrnsl.gvt1.com udp

Files

memory/2188-0-0x0000000000800000-0x0000000000C90000-memory.dmp

memory/2188-1-0x0000000077140000-0x0000000077142000-memory.dmp

memory/2188-2-0x0000000000801000-0x000000000082F000-memory.dmp

memory/2188-3-0x0000000000800000-0x0000000000C90000-memory.dmp

memory/2188-5-0x0000000000800000-0x0000000000C90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe

MD5 1f168ecf05a514a49417ac8cf81523f1
SHA1 4675d4458cdd7b48bdeaaedb954e17b28afc5503
SHA256 d9f19676c6839d369a7f3c5650df9f7555c81cde3a594e64f991fdfb11597469
SHA512 cec0800341c266fe8edfbae52b8f098f3e474ee4c2912f23abb08bf3184e5f70dc191cd0257e6356b5bf193b8da9140c9dc5286a6da32abb7b403f1e8cd59722

memory/2188-14-0x0000000000800000-0x0000000000C90000-memory.dmp

memory/2864-16-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-17-0x0000000000BA1000-0x0000000000BCF000-memory.dmp

memory/2864-18-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-19-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-21-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-22-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-23-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-24-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-25-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-26-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-27-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-28-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/2864-29-0x0000000000BA0000-0x0000000001030000-memory.dmp

C:\Users\Admin\AppData\Roaming\1000026000\6b72cf79e4.exe

MD5 9f2ea8da04f80eb3da5aa70a8b0dec4f
SHA1 512b90952420f05ba4e9bbc373ca739e62a09d39
SHA256 f5117e607da6f40b945427386ad04ced62b3473351008eed049c3e9653222826
SHA512 c05467a56476014fe6a4866e74ab0a716bde6213ce2bcf6c0eddc9b4702e5dc83d797722f4fe2adfe5bff1eee1eaae435c89113ab53935fbacb9fc760795d497

memory/2352-48-0x0000000001320000-0x00000000019A3000-memory.dmp

memory/2864-47-0x00000000063C0000-0x0000000006A43000-memory.dmp

memory/2864-46-0x00000000063C0000-0x0000000006A43000-memory.dmp

memory/2864-57-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/908-67-0x0000000001270000-0x00000000018F3000-memory.dmp

memory/2864-66-0x0000000006500000-0x0000000006B83000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1

MD5 1f5ac0c26ba396b7af106e48db46ebcd
SHA1 5b504936cf427af26479bb1c0ec275a2fc77270a
SHA256 280d4f5ce7d8f2a3551ab509ad321971ff8eda76dad33ffae5b8961070209cef
SHA512 65eed3f167c83f53b7e2474dd5b2ab58c7dc7ddedbe89fafc016cd1441dfd02e5c92de3dfb9e2f0ca98b8f438779868999e3212ef64210fde27072e7ad64f68e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ca884b9f56c1a54418d0567909d733d8
SHA1 784a175d1f780cae1ebdcae0b76a047f054c98d1
SHA256 c6f2142ff52f3bcfd677b1b5c884b586d878fa10267495d5a2643c3119f074cb
SHA512 2da2a3853922d08eb9cd5c52167a2574e179bb660726bcc251481ce81840f7e4de0ba11d39256019b0a43f76f9674ddfd6e2b75ffe2a6cd37aa26f8dcb5fe445

memory/2352-82-0x0000000001320000-0x00000000019A3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

\??\pipe\crashpad_2016_HHXZJBDNTTQWPPVT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\97772397-819e-4f6d-85c6-f4ce8b9901ec.tmp

MD5 99311a188f2ecc386a13cac72f1785cc
SHA1 0ade4188eb937dd81dcda335d05e175e58dea6c5
SHA256 154d6884d260b3fa2bcc7f020b3e9d0fa2a34632d08e99f8f51bbfa7d9cedf1f
SHA512 a22268af3d7f36ec25f7f495ba5cbcf8aa7e069ea87a665822fdc71168a01372d9de0f9019b9d2637a1fef92b18af5144f3937046a53fd7ef7295683c460fef0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\db\data.safe.bin

MD5 f64e333c22edeede034b4135c82de914
SHA1 8497af98f4bf08d18402bb73a7924c2ca3678dbb
SHA256 012aa33280180a666866e3c45ce20d1e2c255d238aaa58162985eb7c9cd85a6b
SHA512 838c1c762af3ef7f77b51cf7af9de894fc97459375776ac946ed54ead86cdd15f302a7068905963417a10cae918cba4d1a10c38baba81776a634d2889f69f463

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\7e5bbf2c-3bba-4f2a-bc5a-a4f20d920478

MD5 978e2ebbce10475e165c3d65593656fc
SHA1 6861403325fce827afb614d0a2c25a393fda52d1
SHA256 1e73d46b28c6d9a3d5d695bff6eb964da634056a8bade683affa75a291165ab9
SHA512 a6c5d950340389d67aee5b699ca4d75a3856b3d986091dd9d09658fee142a3ee88a7b0ce5b67c6da5dd1684dffd5eb95ec6781013c8b6b8ab65b47fdae42791e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\2bae4d75-6f23-4df1-ad1a-5c0133848ba6

MD5 cae28a8452e8b1a12ecd3e96f5ed3a0a
SHA1 2702abd4f1a27b43a7b3d434e6514aeff18fd253
SHA256 b9d416d86a20c182ce98a4fd8a1f54a9d1e730a0cea7a41bf60cbd5149cae887
SHA512 0250e29a751c15303f25b5fea0ae34a2a9cdc1c5cd81f630bc7c06287683e5ddb2a5dce0425dc9b2a5233abb0a2e30da7e4ea6b952f3764a3b62a635a036e1ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs.js

MD5 ccde202eb1a896897e25f7854c6e6deb
SHA1 2bd5786510e611371a7e38c0045714b97d27fb38
SHA256 1b5af5914b078d85ea62ff7fca205c16f82c48e68b5d6c152a68d58da84c5274
SHA512 3ee28b57bcfc0bdf7a55994f4a9273de704db09333aceb0d1f128e3e8fb34c53e2ca2b1d27cc35d2b2099d81f6df4ecc56ab385e50382818c54ce3b6e56568de

memory/2864-241-0x00000000063C0000-0x0000000006A43000-memory.dmp

memory/2864-242-0x00000000063C0000-0x0000000006A43000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\activity-stream.discovery_stream.json.tmp

MD5 598dc3753fadfabdbd53eba84e23e1b1
SHA1 d191ea93a2fef1eb656da159198208ffb2d93d13
SHA256 4871b5d11da8cf34057d8ed06edcce136e944d2eccb0e53496503e43f6bbd50d
SHA512 26170dc361bcbc2a22c62fe3952ea42507bcf778f9292ec7a3c1b1e6ce52986943e7f44043bc98dea58b14507fe1825107a1dd26fedb0538ddf70c262ce5e1a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs.js

MD5 62977e6e620cd2887724a9332758be52
SHA1 06216382d5c9a4ebecf9bd78a8f7fd46083a71d6
SHA256 6b4352a1ad5d5a15aad0825354d73afbb47c91a2c91ebfc9fdd80fa7f1aaca20
SHA512 9e45041856b57df068299076e0307bc289cb0e43172534450b7c5e29884d72024354a3491724d97b1df99e5baac85b13d3373f38cc0e286ed322a364c6bdd2e4

memory/2864-314-0x0000000006500000-0x0000000006B83000-memory.dmp

memory/2864-316-0x0000000006500000-0x0000000006B83000-memory.dmp

memory/2864-312-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/908-319-0x0000000001270000-0x00000000018F3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js

MD5 f17fb47b08f61b79c3a9867c5fe2bc9c
SHA1 e9d379c58ba2c56a2aba0487706cffd5e06444a8
SHA256 917abeefed924badbed88f24d4ef8b11f01461f6c5a99ea253d980d4eaf5d7bb
SHA512 10dc1ac9ce6ab755aa449d80ff30780f93370e59c4bb07e0dcaecba90fcfd62bce9d98b3dad2271a11c83ddfb300b19c47504d8ec352490c033a15f8f45ba010

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a00a88784189ddc0a3aac7a1456cd56a
SHA1 33be5175617ade7fe0d4abd952a2478b82427394
SHA256 80f5258191c07d570b24d14539505c1e482c3a2416d1d774074b47915f588f3e
SHA512 9620baa0f3ce21d32df3368971925d25713dc55b9204b221e3428d14f8747e40c597371589c25ec06bfbb99022f9d0d0c25344eabd5004ff6d4dae7f0b43c890

memory/908-350-0x0000000001270000-0x00000000018F3000-memory.dmp

memory/2864-435-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/908-436-0x0000000001270000-0x00000000018F3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e556ed568a55b9bfacd511eae30b629e
SHA1 c9e48a4dbf4bfc29fd72268d13d3454d61c1903f
SHA256 21fc0ee28f7454e0e4f08cdabb5dc57034e5d66a839630a4748c0da5a39823ae
SHA512 8ebf3ccf3b9d1ae3a224c3162c03f1de3fb8781ff761e9dd1df4cb861cdf349b0e9fddde31e760ae5a9556a8aa070f3805b8cdd0bf918f5e4187da7e979727a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d6e5eee21ccd8426e4165422ffaa5180
SHA1 1895483f6a88130712ff20d92d1e8b4c2a3f6ef9
SHA256 ddd874c235268fae5ebc3cf49665cd229119da870d2b35d27cdee4c1b8443590
SHA512 37d2482a54b705c39f9c5c45b94e3cf820fac791b24293186fd61e2910458ee289343ba27fe5f8869880e0dec21ee29858c07b150ac6ce4432a73b488ee52360

memory/2864-454-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/908-455-0x0000000001270000-0x00000000018F3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js

MD5 e5b6e7c32180fc3c47ac956863854339
SHA1 bf4ad2ac3fd01baae95ec40aee77515f42a9e7ac
SHA256 9c17419c4ee30196b90f1ee525d9ce93b98b5527e4d70dcf0d4364f95bcebcde
SHA512 ef8891298610996f45d4b83ab19b6c36566af6dbb5571aaa0ed4ce4698b8ebe19a18dc0d6666bc20b6d16f6e7548b444c9295c3afb0f6ed2476900ea33ab030d

memory/2864-473-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/908-478-0x0000000001270000-0x00000000018F3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1f3a0d2c-d25c-4132-89ae-916fa2485c42.tmp

MD5 c1c2ee911b892e353dfd31587168dddb
SHA1 a66b47fd4759a43d5db196ea0fe0abc2d6a53d35
SHA256 daf2594ecf9f3e190e7076418da574539c4ad5dab11899edfc0ad9866c807052
SHA512 1ee65fcca62cd78af0108e276dfddeea535e1fb302d3ce0b8343f991432c4e7aa4dccc0419bd1cf22c832a64169d94a515a42873214a76ff4aac1ade98cf0cb6

memory/2864-499-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/908-500-0x0000000001270000-0x00000000018F3000-memory.dmp

memory/908-502-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 5d75449d8ef2847b9a6e66665a12d7d0
SHA1 36ae015135485b8a8405dbeb759916096c6d9c83
SHA256 53119680eaf0ba9e2f2b17a2656c8f6185c8132d5e7d53f716c8179cdf535007
SHA512 f1ee183d432f8ac634fbf2d95196d5aab8c539e240b51babd12bf9213ca687c5c302377a5f483b90f24f9006cd6930f4a32169279fc5b5329a3c056f9e793e6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8c3bf9490c96668be550c3f50ae33658
SHA1 6f659bdb292e5d572afdf01389d6660df221d80f
SHA256 57d1868f422adaee31a8a92c9d49e5793ffeee67b3a3b4ab447f0168f504c196
SHA512 f0934d7689e562cba7dc0a9f6d7d314f2bd8c0445ffd4950395a29ff54c49e5b1366d2d1f2b036ada24a3c0ff9fc9b8d8a96709ef324adb286f6743a9311aab5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 21bb5768a7fb2b8b156179c4e50fe6b1
SHA1 ba3803bf93396cc7b4838eb74b0594aaf15210d2
SHA256 7b9aa951f13bd52b4b697f4315e2c065c5e3b64649a1e12f4f867181edf8caa4
SHA512 48e5d027c5263bb5f764303a5e927e2897454b7c63ac16d968a43270cd74d9b60213d437df89c3f6719ae1c01328bc9f5d07ca65eba682a2bdf16bf2cf45568c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js

MD5 8b4edff67b328fa752d895fde41f26a9
SHA1 3121fb4e062cb465df5efab438110d251804f8b1
SHA256 722b8532edf0c47d870317ca0ebae0dd699b77d45c5b8f75a23b47d861e33b74
SHA512 ed6e77446a420c92fd14e047d3f0e93c04176b98ac647dd44585a1666e6a3367321f79535b26b86c1bc14d1893e37003332b20fc7877e3d7d9949372fbc42cda

memory/2864-548-0x0000000000BA0000-0x0000000001030000-memory.dmp

memory/908-549-0x0000000001270000-0x00000000018F3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 438c3af1332297479ee9ed271bb7bf39
SHA1 b3571e5e31d02b02e7d68806a254a4d290339af3
SHA256 b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194
SHA512 984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json

MD5 6981f969f95b2a983547050ab1cb2a20
SHA1 e81c6606465b5aefcbef6637e205e9af51312ef5
SHA256 13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665
SHA512 9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll

MD5 54dc5ae0659fabc263d83487ae1c03e4
SHA1 c572526830da6a5a6478f54bc6edb178a4d641f4
SHA256 43cad5d5074932ad10151184bdee4a493bda0953fe8a0cbe6948dff91e3ad67e
SHA512 8e8f7b9c7c2ee54749dbc389b0e24722cec0eba7207b7a7d5a1efe99ee8261c4cf708cdbdcca4d72f9a4ada0a1c50c1a46fca2acd189a20a9968ccfdb1cf42d9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig

MD5 dea1586a0ebca332d265dc5eda3c1c19
SHA1 29e8a8962a3e934fd6a804f9f386173f1b2f9be4
SHA256 98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60
SHA512 0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776