Analysis Overview
SHA256
9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246
Threat Level: Known bad
The file 9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246 was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks BIOS information in registry
Checks computer location settings
Reads data files stored by FTP clients
Executes dropped EXE
Reads user/profile data of web browsers
Identifies Wine through registry keys
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Uses Task Scheduler COM API
Modifies registry class
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-04 20:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-04 20:34
Reported
2024-07-04 20:37
Platform
win10v2004-20240704-en
Max time kernel
150s
Max time network
144s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ECBKKKFHCF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ECBKKKFHCF.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ECBKKKFHCF.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1000007001\90e1500f90.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000007001\90e1500f90.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ECBKKKFHCF.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ECBKKKFHCF.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ECBKKKFHCF.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe
"C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe"
C:\Users\Admin\AppData\Local\Temp\1000007001\90e1500f90.exe
"C:\Users\Admin\AppData\Local\Temp\1000007001\90e1500f90.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2024.0.643851433\1007466036" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1756 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34c3888c-37a1-47a0-bea2-99ce24d14aca} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" 1848 24337c0cb58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2024.1.1516988238\674867168" -parentBuildID 20230214051806 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feb67d9b-bfd5-42e6-b60c-fe6488bb48b9} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" 2444 2432af8a858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2024.2.1397578693\1335886132" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 3068 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7857de0-76e5-48b1-abc3-2ab80b0045f5} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" 2956 2433ab14b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2024.3.1596819700\1410889714" -childID 2 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cc3fd76-fce2-45fe-927b-bbfda4ee99c0} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" 3876 2433c6eef58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2024.4.1632639423\2100028813" -childID 3 -isForBrowser -prefsHandle 5108 -prefMapHandle 5036 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bacda093-3c97-44c8-b74d-b1637aba8b7e} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" 5116 2433e86d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2024.5.1164072145\1616090573" -childID 4 -isForBrowser -prefsHandle 5276 -prefMapHandle 5264 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2915aa2-e3cb-4273-aaa2-d27bf6332e6b} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" 5248 2433e8be458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2024.6.2023250144\1634984019" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5140 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a48b0423-0b42-4b69-b088-baecbd06b154} 2024 "\\.\pipe\gecko-crash-server-pipe.2024" 5476 2433e8c0858 tab
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\ECBKKKFHCF.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CFBAFBFIEH.exe"
C:\Users\Admin\AppData\Local\Temp\ECBKKKFHCF.exe
"C:\Users\Admin\AppData\Local\Temp\ECBKKKFHCF.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 82.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.77.91.77.in-addr.arpa | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| US | 8.8.8.8:53 | 30.47.28.85.in-addr.arpa | udp |
| N/A | 127.0.0.1:49826 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 142.250.180.14:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:49835 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5ednds.gvt1.com | udp |
| DE | 74.125.162.198:443 | r1---sn-4g5ednds.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-4g5ednds.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5ednds.gvt1.com | udp |
| DE | 74.125.162.198:443 | r1.sn-4g5ednds.gvt1.com | udp |
| US | 8.8.8.8:53 | 198.162.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
memory/4832-0-0x0000000000A50000-0x0000000000F3E000-memory.dmp
memory/4832-1-0x00000000771A4000-0x00000000771A6000-memory.dmp
memory/4832-2-0x0000000000A51000-0x0000000000A7F000-memory.dmp
memory/4832-3-0x0000000000A50000-0x0000000000F3E000-memory.dmp
memory/4832-5-0x0000000000A50000-0x0000000000F3E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
| MD5 | 7ede7b1ad45d029e9528612dbb1e39f9 |
| SHA1 | fb3beb2812cda7c3e308d1db9c82320bf781a0b2 |
| SHA256 | 9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246 |
| SHA512 | d79a3a6a283fdb8856f56dc6377a57cb9e200c3de1a1b6a676a446d39d7c8b1124a7124d778b335b2eb24dffc6988f7f8fb8738fd60be6045ad7f05562d9bf59 |
memory/4832-16-0x0000000000A50000-0x0000000000F3E000-memory.dmp
memory/4084-17-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-18-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-19-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-20-0x0000000000620000-0x0000000000B0E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\f158587c0c.exe
| MD5 | de1d8c161d81ba79c888fef77c75db93 |
| SHA1 | 55e3b5e658d41d98779214afb48d34c66bf17346 |
| SHA256 | 31cbdcdb540d6bc6fbc616c288f6f7ad7c74fe74eff55a135dafc31853b76126 |
| SHA512 | 4d243246e4476555a4b018d2df63ae93da8c64096523c8f8b20ba616b0dec97c21e4bed7dced51da50c0908ad3da6b882b11de6d668b71852f2290850a6810ea |
memory/888-36-0x0000000000C80000-0x0000000001873000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000007001\90e1500f90.exe
| MD5 | 13568994c781d91876b7872bb8d78695 |
| SHA1 | f8d67728b62db1894fa7d13185bf1ee7d3f7f6df |
| SHA256 | 8ab116034b11d986ed37b7ed41966a95c607cc80897872425762ebe101b8dd7f |
| SHA512 | 7cf6227b2e3dc05ba200825f21cc2fa266ed6b3b653ebcd282cd70ae9b40dee6db44e841d3b014c183269339fbe30c13efc2ee1a6c5857df172f282206bb867e |
memory/888-55-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q38sqp1f.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | c72f1f9c29445056dc8496525a1eacc0 |
| SHA1 | 0a49dd819c2d652377f2917845dbb0f368f3e036 |
| SHA256 | c5a2199267e3786eea9a5646080e868ba4be91ce6e3ef7946479791b9516a64d |
| SHA512 | 5b343a17e1fcbdd02604ebc1d624b5a2ca9d58eea3a375a4374e74af7817dfc02064f052b91e0cb7901a6b51eb30f8e7e0581273757d1b0043e45696b4e85774 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q38sqp1f.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 6487e2354e9a55d30b57a036bf1f2841 |
| SHA1 | 5068b0cb95c93802f8124f1ba2132814954a9db5 |
| SHA256 | 7ab872b47af76082c3278cfdb06bc0703cb6ffa52cfd9a957ecb196c40524892 |
| SHA512 | 71aedfe8284b13629b336c3fbd7b98b30e343bf1c926ae2d045438aa7b13cafa0faabab1583896590d58e36d60238f42337f98414dde6c56b4f3c6885eea35ef |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\cookies.sqlite-wal
| MD5 | be1966686a33a405ab575663edeb9b13 |
| SHA1 | 68415861849a1e162545e148bdc692bc94e3a35e |
| SHA256 | af8b667b6cace4077450de65d19995f833c0dec265746fa4c92d99fea0194f0a |
| SHA512 | 02ca244dad00b333ccb8678fe70d5aaffba3c7cf2493b5548f352c7a93a4481db5b36d342e72b46edb75e14a6dec343d19dafd75c91753f1125253eedfaa5a92 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\places.sqlite-wal
| MD5 | 9193fbf06768039bf463c8cc0bcbcf82 |
| SHA1 | 25e32c37626bf1500d6a3f38068cb5470807b0e8 |
| SHA256 | c91bec54ecaa331f1a5ff2b1a3409e598a32aa536f5e295ab041340d81217d54 |
| SHA512 | 1c65da7039b62e04d38fd8eddc581991883d297f1f402ba68c8ac935003eb18c63aebff461cf3383ffb87368563f535123ab04d8e76dd3d2fd102a240f919278 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\prefs.js
| MD5 | 6c6039cd82ed618ce4a97c66d9a5a549 |
| SHA1 | 3624bb4848f7ee4caadc1a9d99576edc6ebe248d |
| SHA256 | a636cf0c2aa17c1878fdbcfa11860f2ff02a64f9c9e59d56eadc80d53206baaf |
| SHA512 | 1fa6746c5650aa06e0c205d31f3d650d4bf394f471e95260fb31fbda378d3d04c15d76c5069556e01ee648b9be8f6e2c19221275ba2c4f88933ecab41d6d4936 |
C:\ProgramData\GDBKKFHIEGDHJKECAAKK
| MD5 | 733954ee2b7a187c8b643c22e6da712f |
| SHA1 | 3949c75b2013b47aa7b4927e43e08ed059b5dc72 |
| SHA256 | ca2d8ff3d870b1e9592cacf4050887aa89db90927c7b165dab40fa0f9012c4a9 |
| SHA512 | db5dc540ecc1467c5e5a4d34d7de2c8bf770312f046cfa46d3e4b3b147564bd72fa6048d547d1375e1578bb0737ed19a50d9456b123b97cd0adbe1fda5d48616 |
memory/4084-213-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/888-214-0x0000000000C80000-0x0000000001873000-memory.dmp
memory/888-223-0x0000000000C80000-0x0000000001873000-memory.dmp
memory/4084-227-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/3768-228-0x0000000000D70000-0x000000000125E000-memory.dmp
memory/3768-229-0x0000000000D70000-0x000000000125E000-memory.dmp
memory/4084-236-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-237-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/2556-243-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/2556-245-0x0000000000620000-0x0000000000B0E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 33e12faca70b22e6e83b6941ce62751e |
| SHA1 | 60a534499f3732c7f84898c563ae80809d7c4454 |
| SHA256 | 366a2a055361cfbc6a3e947a95d225b827406fb35399370bc8741836a6483d2d |
| SHA512 | 2d5fa5f782c9c3c442e4c35bb2c7bbcff7630c9fc0177ddce4744db93d33d1d5f4583b956e9d408bb1f15192b007280f6be0920b9f8be56d3937351a0c1b44ce |
memory/4084-251-0x0000000000620000-0x0000000000B0E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 875c8daa4b9c4b9a5d8739ff18ea70cb |
| SHA1 | 428f7e842fecd24443eb6759e47cfc928a02c546 |
| SHA256 | 250a7e4889740c5695a409d82c57ab7fb82bc11149e503cfb55e2975240da305 |
| SHA512 | 3f27f9b82599a1cc4f9c80983d694353193a3cad0621fefa5d6a6ae0ab473057cc495937641d37d804df62d9b998e50bd752bb9532dced011d7ba035fa141fe1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q38sqp1f.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | c1381d3468a66bb6d1c34c59bf0cefec |
| SHA1 | 66e0ada4d7d89702de9976168bcd73936d082fca |
| SHA256 | aed27a3b2ff93ee96af92065e6f2378135f002fa9b9365812e6eba45d25f6932 |
| SHA512 | 20764d861e9a1e0e837bf8ddd423943bb28fd3e60ed53437dc7381a89066f0caaa4c75632738446019901d7d40057f7fdaf2163ebf1748a814c442c08220cde5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\prefs-1.js
| MD5 | 2e10197d7f6a45fe92ab29bbca032abf |
| SHA1 | d3e4e583406b5544fcbdd4ea9e6b4d986c6e9fd2 |
| SHA256 | bff1012013243d9499cd62135da8dde456c8f9ca4fd475ea774cb628d160b92c |
| SHA512 | eed7c4cabac462c78cf4750f2db78ff2e2601ba12eb42f2bb8f3b588b0dc0fd63b380125acfde3937a26e26f590874b85416637a03a344edfa748608e6f71be4 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
memory/4084-428-0x0000000000620000-0x0000000000B0E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q38sqp1f.default-release\prefs-1.js
| MD5 | f2ed7fbaa3b3234af524ecee732a2cbd |
| SHA1 | 056f831cc8cf280a4e357c1b3e2ed288a710cc9a |
| SHA256 | 5e62f715370390f79624a0ee0b438bc3b59441f17369423b34ea04ecf5714f86 |
| SHA512 | 88bc8ea36a6b630ab22e5be76a81490047071ca2589b5cbd677cf7b96a35d4a3216a56b1b12290ba27aaf5e97a10b86c2750cd435bbdbc0539f57d28ffa896e1 |
memory/4084-1420-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-2218-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-2238-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-2240-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/5008-2242-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/5008-2243-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-2244-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-2245-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-2246-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-2247-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-2253-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/4084-2254-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/512-2256-0x0000000000620000-0x0000000000B0E000-memory.dmp
memory/512-2258-0x0000000000620000-0x0000000000B0E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-04 20:34
Reported
2024-07-04 20:37
Platform
win11-20240508-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\CGDGHCBGDH.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\CGDGHCBGDH.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\CGDGHCBGDH.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000007001\329686c681.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CGDGHCBGDH.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\CGDGHCBGDH.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CGDGHCBGDH.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe
"C:\Users\Admin\AppData\Local\Temp\9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe"
C:\Users\Admin\AppData\Local\Temp\1000007001\329686c681.exe
"C:\Users\Admin\AppData\Local\Temp\1000007001\329686c681.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.0.1608173321\1511066485" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1760 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {356a9c98-0551-47ec-b3ad-b61046fa50fd} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 1848 287e3423458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.1.1227463858\1313948369" -parentBuildID 20230214051806 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {635dc5cf-6583-484b-9a8a-00808b9be2f0} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 2392 287d6689658 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.2.466463982\444521472" -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 2972 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8f9e211-125e-48a6-9d97-fd42e3fed4c5} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 3024 287e623c958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.3.1070391169\1266939188" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 2860 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5874d322-80af-4cb4-bf15-0a53b690c49c} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 3660 287e925b858 tab
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CGDGHCBGDH.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IIEBKJECFC.exe"
C:\Users\Admin\AppData\Local\Temp\CGDGHCBGDH.exe
"C:\Users\Admin\AppData\Local\Temp\CGDGHCBGDH.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.4.281566863\1605852617" -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5428 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fd05caa-ab46-4ecf-96e0-e13b5093351b} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 5444 287eb70be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.5.639538416\259266911" -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5552 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {931baebb-584c-4524-8eae-565d5186148b} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 5564 287eb70cd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2200.6.1705268908\1267888097" -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ffcbace-6326-4a8d-9331-85b95d297433} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" 5688 287eb70d058 tab
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
Network
| Country | Destination | Domain | Proto |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| US | 8.8.8.8:53 | 82.77.91.77.in-addr.arpa | udp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| N/A | 127.0.0.1:49857 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 44.242.121.21:443 | shavar.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| N/A | 127.0.0.1:49865 | tcp | |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| DE | 74.125.162.198:443 | r1.sn-4g5ednds.gvt1.com | tcp |
| DE | 74.125.162.198:443 | r1.sn-4g5ednds.gvt1.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
Files
memory/2416-0-0x0000000000360000-0x000000000084E000-memory.dmp
memory/2416-1-0x0000000077DE6000-0x0000000077DE8000-memory.dmp
memory/2416-2-0x0000000000361000-0x000000000038F000-memory.dmp
memory/2416-3-0x0000000000360000-0x000000000084E000-memory.dmp
memory/2416-5-0x0000000000360000-0x000000000084E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
| MD5 | 7ede7b1ad45d029e9528612dbb1e39f9 |
| SHA1 | fb3beb2812cda7c3e308d1db9c82320bf781a0b2 |
| SHA256 | 9a16ee9b5c06b9076f0b35f5e366334347302ca1f6650756ffc9548901639246 |
| SHA512 | d79a3a6a283fdb8856f56dc6377a57cb9e200c3de1a1b6a676a446d39d7c8b1124a7124d778b335b2eb24dffc6988f7f8fb8738fd60be6045ad7f05562d9bf59 |
memory/2416-17-0x0000000000360000-0x000000000084E000-memory.dmp
memory/4420-18-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-19-0x0000000000C81000-0x0000000000CAF000-memory.dmp
memory/4420-20-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-21-0x0000000000C80000-0x000000000116E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\c71a3596bc.exe
| MD5 | de1d8c161d81ba79c888fef77c75db93 |
| SHA1 | 55e3b5e658d41d98779214afb48d34c66bf17346 |
| SHA256 | 31cbdcdb540d6bc6fbc616c288f6f7ad7c74fe74eff55a135dafc31853b76126 |
| SHA512 | 4d243246e4476555a4b018d2df63ae93da8c64096523c8f8b20ba616b0dec97c21e4bed7dced51da50c0908ad3da6b882b11de6d668b71852f2290850a6810ea |
memory/3940-37-0x0000000000010000-0x0000000000C03000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000007001\329686c681.exe
| MD5 | 13568994c781d91876b7872bb8d78695 |
| SHA1 | f8d67728b62db1894fa7d13185bf1ee7d3f7f6df |
| SHA256 | 8ab116034b11d986ed37b7ed41966a95c607cc80897872425762ebe101b8dd7f |
| SHA512 | 7cf6227b2e3dc05ba200825f21cc2fa266ed6b3b653ebcd282cd70ae9b40dee6db44e841d3b014c183269339fbe30c13efc2ee1a6c5857df172f282206bb867e |
memory/3940-56-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs.js
| MD5 | d138ce8ead6c6e57f2fc7a762de21bb4 |
| SHA1 | cefeb1550df1de28f3c2e6c4d43b8c951d1b84c8 |
| SHA256 | 3e9c3674235718601b719d0c2260357c11eb474f9d4fee8e7e0bdb2e05c46c4b |
| SHA512 | 6adbd849066910e4e08ae7f7719975ee1ed6e89cfd6b1802f366b6430b2524ce46108308c08b9530c3a242c0a61e40988e41adb3d6664fee791e725bffe03fae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 51f0a3fe3bfa6ad9801acc6320a74f55 |
| SHA1 | e5512dbca910bb145127bc2c083e9acc9ee92239 |
| SHA256 | 330ccf3bfa6ad85d15b7aee5cfdaee8897f68ef7ae841311676859fcd149bb5a |
| SHA512 | db135f88a5ceb532081a7501e0d624264aa500beacdad9fe5631b6e5ceb046104110167ba5c2b3394f00802469e3727524f9344141b7429448fc2ec1bfac5985 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 69551b7d939899ed68dd03cd71a27774 |
| SHA1 | 9b947f56b26f16173e407e89b873cbc41ee0ecd1 |
| SHA256 | 41c5ea7077c568be41bba4efc33619cad0cd739f71998d97dab6b4675e3938b7 |
| SHA512 | 6872ca3e225a5324bca683966d0344bfd1162e74035da9568f820f5ef6160faab27789945efe7cfe383fe2ae3af17a9bc9b2006b332ac8daa9aa1084e225bafb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs.js
| MD5 | bd8c2588e5a822c2e50abc0ef95f1f28 |
| SHA1 | 56d223351de2041264556f13e4cb375f9463d3ee |
| SHA256 | cfc83dbc968855913d3b6b5f61b736dc8e95476a8444a850198d4ab6c050c64e |
| SHA512 | 33241ef8c07b7f5d0bfedf752349907a4fec0d5a86cf5456dede9695212b847f037364e456074aca78482e48ff0de26ecb62a65d1b474293d251ad733082a7d2 |
memory/4420-220-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/3940-224-0x0000000000010000-0x0000000000C03000-memory.dmp
memory/5004-228-0x0000000000350000-0x000000000083E000-memory.dmp
memory/5004-231-0x0000000000350000-0x000000000083E000-memory.dmp
memory/4420-234-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-243-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-244-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4816-245-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4816-246-0x0000000000C80000-0x000000000116E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 94f5414871555243172804e4c5e54580 |
| SHA1 | d8547fe74e5a4f90276da22806e880db1ef167a9 |
| SHA256 | 1cc56a6964fdeea56dd49bd57dd37c5545af500dff222e8c2c51f2017aef9f5c |
| SHA512 | 829e2146af3601115420dce3382c7a2cd4eb5c5901a7d953829d8af6a33647de4e48f159851dc904571d2e433a74f3d16ac6ab1706099515758701b804f5845f |
memory/4420-256-0x0000000000C80000-0x000000000116E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 156941e9e05e141c46d8ac57f8a4f34c |
| SHA1 | 5918e3ebda0cee3f2c32838fd1c810217fc9cdc4 |
| SHA256 | ca698bb2b8deedb0147785380784b8c76b15f20fd4ab1409ec743d4e20c3b971 |
| SHA512 | ef31ebc97f27f041c5d0df270dd4dad4b3e881bb2a71320e4f40b0e455d40520e6d1010b26eba53e405d8335642fc4b52da85333ddce21d135095da8b12c1518 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs.js
| MD5 | ae0f73af66d103dd773ebac48eca45e7 |
| SHA1 | 1cd0397715e966358ac36b5ba6dc02e20f1a73ca |
| SHA256 | 7266567744467ec83f60c03b55de427db869afd43c95fc96d43e80cf87e85735 |
| SHA512 | ef2cf246aa8649b1f1474621a5ba800ac959425851ac8820910f7b550d4618b597cb6671d705ff7cd51c1f917cda07da112f9f0c94ebb5307befb5554736ade5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 5670d8c79dbdbdddecfdc5c4e2a66f8c |
| SHA1 | 63da03c0af6cb84b595baca9abc8b6ec028d2080 |
| SHA256 | 909c7c4d4b59d1c72c6b4cfa44f8128c85d4d05b9dc5ff8433bd2c18822aeeb1 |
| SHA512 | d812ba4c6dbf70ef3ac32c3038c61e90f9c138c8d12f60b594178ac77bd6a49db9f3e4679f9dd4ca9e4824af36cbbac5658fa042e1ce9b35ceca4f3b0e00d5f5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs-1.js
| MD5 | 48b58d46cfaad3501ee19e0e84ddc8ba |
| SHA1 | a656c1dc52fa4ed53e29d423a7a26ff2928a920b |
| SHA256 | 1e58173f47104c0bdb4c0b65c4022691c2f9b34738d9344084090b3448778a73 |
| SHA512 | ad9c1bfeb6dde9f514f820b27478e8ab67e2e2d8cfceffd0f392923ad6c6da70b36e1b665e883b8c8e1dde148be6bc889d366031540c45abb4ce9ed1b2edc592 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | 2280b9cbc85336c05df9b65a2ae18367 |
| SHA1 | d43541a9a26710777803bc8683f9e8a7c72ae9ac |
| SHA256 | a752e1098a263b552b2e23644960ea341a79775297f86d4c2065edc8451c803c |
| SHA512 | 750c552f66a6c279c5b4e424c221c90f0e79016122547d241dc05784c34b09814b988098f78b9a2ebe1737c6212e48f5955ab2664c32196131a47aec6ef0730c |
memory/4420-595-0x0000000000C80000-0x000000000116E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs-1.js
| MD5 | 246c159f203a297fd6a0a93b54f956b7 |
| SHA1 | 19f534f6aea7b02e12fb4e57889081302639b3dc |
| SHA256 | 1c0687c94c47ceb3076d313e2a43323f2f2181683d621ca40554886446503cc2 |
| SHA512 | f2c10fa025e59f335e05528c73384f601eb115989d90889cb7a06a2bad15231c777ae48ee7b7757f5d4ece10cb1000501c239d9a56f18c5a8729ea93d82ab5f1 |
memory/4420-2238-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-2240-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-2259-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-2261-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/1924-2263-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/1924-2264-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-2265-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-2266-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-2267-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-2268-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-2274-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/4420-2275-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/2192-2277-0x0000000000C80000-0x000000000116E000-memory.dmp
memory/2192-2278-0x0000000000C80000-0x000000000116E000-memory.dmp