Malware Analysis Report

2024-12-07 19:18

Sample ID 241114-npjzxsslhq
Target 17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61
SHA256 17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61
Tags
amadey 9c9aa5 credential_access discovery evasion persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61

Threat Level: Known bad

The file 17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61 was found to be: Known bad.

Malicious Activity Summary

amadey 9c9aa5 credential_access discovery evasion persistence spyware stealer trojan

Amadey family

Amadey

Modifies Windows Defender Real-time Protection settings

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Uses browser remote debugging

Windows security modification

Checks computer location settings

Identifies Wine through registry keys

Checks BIOS information in registry

Executes dropped EXE

Reads user/profile data of web browsers

Checks installed software on the system

Adds Run key to start application

AutoIT Executable

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Program crash

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 11:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 11:34

Reported

2024-11-14 11:36

Platform

win10v2004-20241007-en

Max time kernel

144s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61.exe"

Signatures

Amadey

trojan amadey

Amadey family

amadey

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1006191001\769e22a2ae.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1006191001\769e22a2ae.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1006191001\769e22a2ae.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1006191001\769e22a2ae.exe N/A

Reads user/profile data of web browsers

spyware stealer

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\258070e13b.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1006190001\\258070e13b.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\769e22a2ae.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1006191001\\769e22a2ae.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c24f4c8e3f.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1006193001\\c24f4c8e3f.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\skotes.job C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1006191001\769e22a2ae.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760576775536220" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006191001\769e22a2ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006191001\769e22a2ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 740 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe
PID 740 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe
PID 740 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe
PID 1360 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe
PID 1360 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe
PID 1360 wrote to memory of 3636 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe
PID 3636 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe
PID 3636 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe
PID 3636 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe
PID 2468 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 2468 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 2468 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 3636 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe
PID 3636 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe
PID 3636 wrote to memory of 3144 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe
PID 1360 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe
PID 1360 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe
PID 1360 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe
PID 3176 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe
PID 3176 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe
PID 3176 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe
PID 3572 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3572 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 1124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 1124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 2324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 5004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 5004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4480 wrote to memory of 4788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61.exe

"C:\Users\Admin\AppData\Local\Temp\17b6d8cdf254e7845f31c17194d90b9a5e26f3627242913d88daf1df15281f61.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe

C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe

"C:\Users\Admin\AppData\Local\Temp\1006190001\258070e13b.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe76a1cc40,0x7ffe76a1cc4c,0x7ffe76a1cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2332,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2508 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1006191001\769e22a2ae.exe

"C:\Users\Admin\AppData\Local\Temp\1006191001\769e22a2ae.exe"

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4904,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5284,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5212,i,977219527170040658,8934659639194053045,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4240 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe

"C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe76a246f8,0x7ffe76a24708,0x7ffe76a24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2552 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2736 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2720 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2712 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3644 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3900 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13634677347591991804,8379225869168192889,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3688 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3572 -ip 3572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 2128

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM firefox.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM chrome.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM msedge.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM opera.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM brave.exe /T

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d3ad5fc-e713-4a94-8e35-9ac24a204e77} 5612 "\\.\pipe\gecko-crash-server-pipe.5612" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2508 -parentBuildID 20240401114208 -prefsHandle 2492 -prefMapHandle 2488 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6b7eeff-f7b0-4fe2-961e-fb69ff73f41d} 5612 "\\.\pipe\gecko-crash-server-pipe.5612" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3136 -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 2820 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14e0ba81-1943-436c-9a84-a72a5fb11263} 5612 "\\.\pipe\gecko-crash-server-pipe.5612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3984 -childID 2 -isForBrowser -prefsHandle 3936 -prefMapHandle 3368 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2fc029d-e07c-4eb8-9448-b6d4a09c2217} 5612 "\\.\pipe\gecko-crash-server-pipe.5612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4708 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cbe4a4c-e85f-4495-95bf-97b8bb1f9eb4} 5612 "\\.\pipe\gecko-crash-server-pipe.5612" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 3 -isForBrowser -prefsHandle 5576 -prefMapHandle 5440 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7f0b4b8-af6b-427f-bc86-e1968d8abb34} 5612 "\\.\pipe\gecko-crash-server-pipe.5612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5848 -childID 4 -isForBrowser -prefsHandle 5768 -prefMapHandle 5776 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b63413b3-cb1b-44bd-b412-b658fced59a6} 5612 "\\.\pipe\gecko-crash-server-pipe.5612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6032 -childID 5 -isForBrowser -prefsHandle 5952 -prefMapHandle 5956 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b680f6e0-85af-458f-a93a-1b7842d5566a} 5612 "\\.\pipe\gecko-crash-server-pipe.5612" tab

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 frogmen-smell.sbs udp
US 172.67.174.133:443 frogmen-smell.sbs tcp
US 8.8.8.8:53 133.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 thicktoys.sbs udp
US 8.8.8.8:53 fleez-inc.sbs udp
US 172.67.150.243:443 fleez-inc.sbs tcp
US 8.8.8.8:53 pull-trucker.sbs udp
US 104.21.7.31:443 pull-trucker.sbs tcp
US 8.8.8.8:53 3xc1aimbl0w.sbs udp
US 8.8.8.8:53 bored-light.sbs udp
US 104.21.68.80:443 bored-light.sbs tcp
RU 185.215.113.43:80 185.215.113.43 tcp
US 8.8.8.8:53 300snails.sbs udp
US 8.8.8.8:53 faintbl0w.sbs udp
US 8.8.8.8:53 243.150.67.172.in-addr.arpa udp
US 8.8.8.8:53 31.7.21.104.in-addr.arpa udp
US 8.8.8.8:53 80.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 43.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 crib-endanger.sbs udp
US 172.67.144.50:443 crib-endanger.sbs tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 marshal-zhukov.com udp
US 8.8.8.8:53 50.144.67.172.in-addr.arpa udp
US 8.8.8.8:53 16.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 8.8.8.8:53 174.82.21.104.in-addr.arpa udp
RU 185.215.113.206:80 185.215.113.206 tcp
US 8.8.8.8:53 206.113.215.185.in-addr.arpa udp
US 172.67.174.133:443 frogmen-smell.sbs tcp
US 8.8.8.8:53 thicktoys.sbs udp
US 172.67.150.243:443 fleez-inc.sbs tcp
US 104.21.7.31:443 pull-trucker.sbs tcp
US 8.8.8.8:53 3xc1aimbl0w.sbs udp
US 104.21.68.80:443 bored-light.sbs tcp
US 8.8.8.8:53 300snails.sbs udp
US 8.8.8.8:53 faintbl0w.sbs udp
US 8.8.8.8:53 www.google.com udp
US 172.67.144.50:443 crib-endanger.sbs tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.46:443 clients2.google.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
RU 185.215.113.206:80 185.215.113.206 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
RU 185.215.113.206:80 185.215.113.206 tcp
N/A 127.0.0.1:60784 tcp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.179.238:443 youtube.com tcp
GB 142.250.179.238:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.179.238:443 youtube.com udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.204.78:443 youtube-ui.l.google.com tcp
GB 216.58.204.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.204.78:443 consent.youtube.com tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.204.78:443 consent.youtube.com udp
US 8.8.8.8:53 149.234.200.54.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
N/A 127.0.0.1:60791 tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
GB 172.217.16.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.16.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.204.78:443 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.204.78:443 consent.youtube.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\N4V78.exe

MD5 c101716ba06d88bc7ce96b02a5ac9589
SHA1 a7798a746451e74b607ff35c0dfe208c409bc5f7
SHA256 223322ecc5f8306c8a6cfd3582086fcd0f71c875cf706c10ea8f582157a511d4
SHA512 2b338adf122953fc29b6de439a83477ae797a4edcf0b1b1cb1e3aa9d1877d6e8f1574365e588a87f5ae4e63137fa205d29bb54f78c801439df0cbedd5ccc8b3b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k3g26.exe

MD5 066940717aa66545b835f951eeed8a2c
SHA1 6df90e8d15f55883dbf393260f0e55b782aa9106
SHA256 ece4240596f2fe4491ecc8fd3211d0a0e6a9f55cbca2bdde9cefd03012adf145
SHA512 65b90245b6b4203fc588b4001ad0b02bc88e0e1d5329b3b030bb997ebfa85d73ab5af431ffd38463a1a8b0ec226fdbdd57f09f1213c587fe1fb57cd2e82ddbc8

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1n77k6.exe

MD5 f7459dea8322ec4ceb90d5278d6a5176
SHA1 3b65a49efcb2aa86106884a3ecba1c5be8258261
SHA256 e46ac01fd8849d00e934bffad52ff1df8cc1cbace3b0607a9a746d772d731162
SHA512 11eca152bc65698f0acccf102e45fc05244369981ca1cfab721affd1d1a19e46efb9742d204d26a9d6c32ad74f0fade54b0721d15ddafb957be6fcb6c8921bda

memory/2468-21-0x0000000000A40000-0x0000000000D49000-memory.dmp

memory/2468-32-0x0000000000A40000-0x0000000000D49000-memory.dmp

memory/3176-33-0x0000000000320000-0x0000000000629000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g6291.exe

MD5 fd80439642b730b676a0362ab6ef7afd
SHA1 89cdf9166b2987cd213e3b8cf6b183a16991fffa
SHA256 5ecd1843055e4b56470f18d20eeedd19249a8c47a44e3cfabb83e61b58f24b35
SHA512 79cb45bb48cc7dd4ab517a22839c47c5ed1539ab3caad00161578aebd785c41f171fba1cee07ae1c272b6d916c4fb3ad62a9ee684a61a1ee8d9e2b59edd2ba62

memory/3144-38-0x00000000002E0000-0x00000000005DF000-memory.dmp

memory/3144-39-0x00000000002E0000-0x00000000005DF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3j76M.exe

MD5 4c71aa73dea7981c367ba1455748f131
SHA1 d3540370140c2db696f5857de50ac09e9b3e21fb
SHA256 fbd40c2ae57071b7144eadf53cf907e57d6045717b52c168b7d38b28bab4989e
SHA512 d2d2a3b4aa1bf9103f1002c4108798c1cb190e5d797cae8020bb9d6afe3cda51052bc7d4f58b727fc6ab50c308f14e45d68254dfc87e4ba0e0d08722d425c5f6

memory/3572-43-0x0000000000A20000-0x00000000010B6000-memory.dmp

memory/4596-58-0x0000000000F20000-0x000000000121F000-memory.dmp

memory/3176-60-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3572-61-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_4480_FAAEISGRKNCSKUJD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3176-81-0x0000000000320000-0x0000000000629000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4876-102-0x0000000000970000-0x0000000001006000-memory.dmp

memory/4596-115-0x0000000000F20000-0x000000000121F000-memory.dmp

memory/3572-119-0x0000000000A20000-0x00000000010B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scoped_dir4480_737192048\18c84f6f-aa52-401a-93bc-db18febcdb7a.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir4480_737192048\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 02be62521786ffe6625410e8ffe18a36
SHA1 b27940b52d05100d873e542d8a00ded4c200ee4a
SHA256 39196d5247259a7d0d78dd2dc3910b76d14af1091b27053d22a3c91110e61843
SHA512 5cfdd787bbfe8aa48e29850f6971e6e04435832d0874fdbeb45f16df5c798b3401e1d95530e509d9f6235977c0fc419d1fd81954805ce1b4c8060e5d7a7fa2a5

memory/3572-511-0x0000000000A20000-0x00000000010B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1006193001\c24f4c8e3f.exe

MD5 b646c5d23ea73f1d1b0fe3c7a69cef1a
SHA1 9f502ea22e3de7068720e9a89b925ab224703e61
SHA256 b369b5525a2e5526fe4ac8da877d14dc9ea4a7cf34ca813047e1fef42edfe76a
SHA512 8976315d0da5bc49d907548a45d7301bce3298d42e98a77627dac3daa6c9fbc6e0ad6398c90b93fc17f81ef87d6d308a952209cc445ec3b828ffed8b789a2fd1

memory/5308-532-0x0000000000960000-0x0000000000C1E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

memory/5308-560-0x0000000000960000-0x0000000000C1E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\53584702-e1f6-4e6f-a369-f71c95d2b39d.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

memory/5308-555-0x0000000000960000-0x0000000000C1E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae23b4add607f2f8bb2ac2e56ef28ea8
SHA1 b35adfd05d60680f32a74d1c40be3890e913bd0d
SHA256 b34c50ed4c569f240ea1054b386e4c3808343fa532f48e38788a8aafd3a0041a
SHA512 363b5f6a2a6a8dd65f661c85a4964d3ce7d700b7ac6e8b9c97d7e5db6e00864a8bdbf58cf2a77e74f723b6b7b03691163bf15f4d7834ec817197916719e999fa

memory/3176-596-0x0000000000320000-0x0000000000629000-memory.dmp

memory/4876-597-0x0000000000970000-0x0000000001006000-memory.dmp

memory/4876-598-0x0000000000970000-0x0000000001006000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\17b6d033-d915-47ed-a213-1a8e8cb4acab.dmp

MD5 f0b1a66618abfb7056d9e535276af8f0
SHA1 2be8910d6bc46b8aa2efbfb25cc9f1f480651b9c
SHA256 fe5d0e6f474dcd7f18dd0d2e61be4d71f288f3e80fa30c48a1ddeaddcb072370
SHA512 196b8bf0dc3476042c2137c9177a6459208580989c1aa5514c208c44bc5f0b2d591376c157c04be3b122e60bdedbd016d974f9776b69068b8ed33da81be4a24a

memory/3572-637-0x0000000000A20000-0x00000000010B6000-memory.dmp

memory/3572-638-0x0000000000A20000-0x00000000010B6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4v243K.exe

MD5 de5445b08c1327a15ca42bbe5c9c3095
SHA1 0792e77b2a6bd9853a50414f1cca1be6a6243849
SHA256 441fee748e7fd9ee4b1b540d46f62f2ab7c304b4aedcae6bdcabe137077ae305
SHA512 62b27084b20ddebaed253026899be7d8285f11fa9d6067a25a1c76d1720cb63c6e298e5ef467c965c8fb72a3059489d0939c2eab1c6bd6bdff779de8b7d34e41

memory/5308-643-0x0000000000960000-0x0000000000C1E000-memory.dmp

memory/5308-646-0x0000000000960000-0x0000000000C1E000-memory.dmp

memory/3176-647-0x0000000000320000-0x0000000000629000-memory.dmp

memory/4876-649-0x0000000000970000-0x0000000001006000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\94797d57-bd97-4679-a0c1-f62bbf85108f

MD5 a40f3c700b5e862f0fb6277a0d7c1486
SHA1 293daf9415bad9c0fad4614f5a1c6a5ff0287db7
SHA256 144a1d36caa4212db53c3866cc8c778a18680f4065f7cb42c5eddcd75f4bb213
SHA512 9825db121c93a3808e1184ae44a0b97c046d3392aaca0d0d1069efea99c46cf8720781187627403d4014f58d4a7e60e7c80b934e6f3b5bfc3c07a1bb14bdf9c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\6b617e23-1d65-48f4-b6a2-5e7b6b3c5306

MD5 500ad66d0aa9cb6b61d5537990e7904f
SHA1 4aa6f8ae8be19ce85f94d8eb9d0e4d6cded4bbab
SHA256 1925ab402acd8ea33902fa162736a8ad68bc4bde5cdb98466833abaf66d60bc8
SHA512 7a3f909477b89247bb17155a7ab02423c92592a9e8de0d9bf1bd1d34d3014a83e9fdddc2a091a8a97e90e2281b48704df944930f280811b4767690ae3aa6c7bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

MD5 debf23bf5a52847b913b2c2ba1f39d74
SHA1 1377392149bc91540ce3ce2d10bee738ee03998b
SHA256 bcc5a67ac03e394da6e8eea437c2b9ce0d6a3d9b5515031ec988a76c45f9821b
SHA512 90e014aa6900c1ac71d687a7bfb4c5d0986899cdeae52511525c79cffe86ffeb4103a40cb2f4b28039e89fbea82a7e0f5eda37c395e29bc15e1d58962168e91b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\3119cfad-1484-4640-ba47-61c543c023c6

MD5 ae89d5ac523b376960f62941644bd65a
SHA1 134a5928032131c08edc339fa7afbed125adf0c7
SHA256 60baac4861371d009ad052c63ce0215da68909e566d1115a64d8b62901c6e053
SHA512 efabafddac6853b97caa75aadcb2c4ee0badd4b988c98cd741d71cec1481b84b7726fdf7fe06ba7fced43cf90ee9951155857b0c90f821145f577f977a1abf64

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.bin

MD5 ddba25bfda8c1a3040ae4d2a7ba9b44c
SHA1 1aa8dfa6d88fca633ad38c459c13fe154a701ba1
SHA256 bd89e089ed0c653e4480bc6e4bc0ac308e057dce41d9c3b694a79ed392bc98e9
SHA512 2a9b94457d6d8e756c550edd41f420ba7e6157d1db1463e43cc7d1c148514933a34e5f55f30e242abeb79648b01e41942aa0a052d604e89846849d270914fd26

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

MD5 c50ea7964fb255345fca816c7466f952
SHA1 6f4c547d1ef2d3ef483bd2bbb8813418da71d25e
SHA256 343d6cb8e270d5c3f84a43939a053a7b2489e48920a2487a88ecd42b70bbd3ef
SHA512 1ce53df0921e57661dc7a1088769cff082f9c9f3165074a3450f6e504623f90d6077f18f41ba4ecb11c9235690954735abbbe778466df57ea5e5b80cf95d6e26

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.bin

MD5 41e51342bd5b6c5465c94a7525753e4f
SHA1 e7a64d85103f4bf0bfa9bc514be492f96c7b619b
SHA256 678a4853f86de105f142423c933d3e4aa4b7f55a43818b0c0e69cc3b9014be5b
SHA512 14988e64171b1741e64707b2cf4eea02915837b3563dcb294d0e4409691e85342a5c38da3fc325dbd2c4d24c004d2092a507fe432a92907173878c1a0fd5732e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

MD5 2c3eb7d017eeec1e0700574feadbff64
SHA1 902bda458048f82dc93c1120dce17b7357fd206e
SHA256 d70f8e9ee55e862322398d0a0c1f286fc9c6904fde3551a54ac403985a8bd85e
SHA512 e7e6596fff582fe95d74515d6c58f44ea09c8bd29502938924adae942107652e836efa57d701c600fbbf2a3f8b58959dbc03879729b2fb346aad80189285f9cc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

MD5 c3a92b87bd466d5ae660d5bf67e4a42a
SHA1 e98b7058940b267a4a4ccd805239e97fe50c8349
SHA256 375ec9beeacac7709a297162decbd3a810ed812440d4370c8d696aec5699b6b1
SHA512 43ba510150fd20289ff7ea1f464eac8d589fc612d65d10c442bf2097aa9158ad278f020f72154cda786367ae40d827db5fbb853c9599bb65b99303847b059bb1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

MD5 0afe44f1fc50321301c74f8d33ace74c
SHA1 0fe85d00ba643615d7c9abb77149a184d7623dea
SHA256 89e70331281ce4e5f603eacb127a105756bc9a448aca86be46574fed5cbda582
SHA512 48a432b9857528ea89ba6b5fa84b2a2c1309ae505c7d2c6d4fb76a6ceba104976d140e8d3f585812085e0fa0b1488b03b7c81b5e56df5a8fd3a11cc76b4f9fc8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

MD5 e3d1292e3b2a6290dce094f7eb95d3e6
SHA1 34187c5e5cc23de856f1706aa113892fc0aa6098
SHA256 11f41466f704284bc487f6d5d9067b6d4058672111edc884f0f545f14920d5a1
SHA512 c22b1e825c9fc0bb843037677be809840d7191c199221b9a3e9b18d2ecbe6dbd49cc0399f18df75ba1ca9f22b8692bc7a20ceb805b8b1543a91d65fa5b7d65a9

memory/2760-1360-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3176-1373-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3176-1384-0x0000000000320000-0x0000000000629000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.bin

MD5 f97869fd586852fed18f781af75d682d
SHA1 fb8eea70b1ee080b162eae769a684ae69eb06fce
SHA256 ba2f107b87a6b789ee7557cf5719decb207580a81bfd309a01516f705592f280
SHA512 046edd84a40dc6a3842953b39981b9a4791dd707e1309b314265fc021c4e3b8321f66b7e6333b44ab258026b3d17d59840f3dfeddbdd8e86d674bd6632737742

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

MD5 3abf0b09784c7140fe39aca4690e1947
SHA1 1153fde926da062f2e6a426a7bc3483999338916
SHA256 bb8d3dc55c903728882b03d36c1706b50b741c36ba0493feb3ea1202f75238f1
SHA512 eb3bae478e9173a3ac8a8e923da519f5a4ae1feda69a3f31299333bfa23c6dda07908784a91f1e95e63771059f06bcbd562e93b44c6ca9ac9d6c00d4b44e3665

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

MD5 bb27fa19a09c35b12cdcd2dae2ba4afc
SHA1 3e80b33f2efa5d3c3265f5ee1e9ce04acce04950
SHA256 00a170ff0f316a63ec19b81cfae719a37b922a01ac1e47134811c5784fb42994
SHA512 ce32751664f7aab3b9f3aeae23b9d4d0f9f5f4f4dabd58a6a01fa4c955a3001b3e7547ebbc7a15d8b55556fb9926a8212b8a6028f9c30c8a56121f053addda1b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

MD5 c17c445678b7e2faf3500d5819d71bef
SHA1 2cbc81da4bef72a80a9728565a527c314b37cc4a
SHA256 f303331192ecdd2a746977a3fd756006b80ed2e0f5a6161a612e92fa52a7e685
SHA512 4b0814a9f7dee9e0069541c387dbcc4b5567d471a1b5c6b0d8f44603b66c7ab89e769dbd29e1e444632b0e629efbea3265ae3727301fd194f1f3e95801203ccd

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\cache2\entries\D500AD994A7515157BB2A6ADD5B18B754E4D2F99

MD5 cec3674ded3faf53981a5ec2a29370d7
SHA1 fdc791c337a90abb0d755d12c482099f431410db
SHA256 febf5b4be13bf11d8be4c5b51bd4cb781974111f1fc2bbd4a2393ab0230f8c6f
SHA512 c67c04b562ed3a8c683a137a9b2dd93b2215cca7853d28aaeaabedbfc97518c3f2a525ce5fec352a325476bde85e3b0c17f4a274ac57ef1d1f789d45fb685b67

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.bin

MD5 c2efc9a3ca3c99c73d3d905ca4043c66
SHA1 4c68b549682f2b71fe165f135d8aa9040174aafe
SHA256 fe8559e15cce5cf64dabd96d3ba7bfc1f9b5699c91c26dc1ab9b1245e551d4b4
SHA512 84d5e2675f0b209d1dcfecc5c327e45ce3dd839c95267dbf9be2bc62005a49dc38951bf640603c4c0125072ee820da40f2b820bacbc8a39ad802d134a60b0d04

memory/3176-1873-0x0000000000320000-0x0000000000629000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

MD5 9b0794eed1a42f6a8fc83c9d57a1cddd
SHA1 b5fe17d5980cbdf3207411808a7903a6e973ebc8
SHA256 b40d5a2b00a0c770aef5211f6e1b2faffeaed17904ce4bb65d263363ca11e2e9
SHA512 645fc9638613c2e11ff1072ab412ffc35923d67810ee2b6c2711b38eb8550c0ccf56b71d957911af80f6d871c730727d6345d96a3b29b1a740a0e0e5af2355a4

memory/3176-3325-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3176-3927-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3176-3938-0x0000000000320000-0x0000000000629000-memory.dmp

memory/6912-3940-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3176-3942-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3176-3943-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3176-3944-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3176-3945-0x0000000000320000-0x0000000000629000-memory.dmp

memory/3176-3946-0x0000000000320000-0x0000000000629000-memory.dmp