Analysis Overview
SHA256
4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794
Threat Level: Known bad
The file 4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794 was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks BIOS information in registry
Identifies Wine through registry keys
Checks computer location settings
Loads dropped DLL
Reads data files stored by FTP clients
Executes dropped EXE
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies registry class
Checks processor information in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-08 21:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-08 21:53
Reported
2024-07-08 21:56
Platform
win10v2004-20240704-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\BAAAAKJKJE.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\BAAAAKJKJE.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\BAAAAKJKJE.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BAAAAKJKJE.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\BAAAAKJKJE.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BAAAAKJKJE.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe
"C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\9d63f4563e.cmd" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffce21546f8,0x7ffce2154708,0x7ffce2154718
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffce693ab58,0x7ffce693ab68,0x7ffce693ab78
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.0.149331171\1727297602" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1760 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6da73fff-ec26-4be1-87a6-a9743f535d2d} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 1868 11ac870d058 gpu
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1908,i,944167287512027958,6217115555489990066,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1908,i,944167287512027958,6217115555489990066,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1908,i,944167287512027958,6217115555489990066,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1908,i,944167287512027958,6217115555489990066,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1908,i,944167287512027958,6217115555489990066,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.1.1449270075\129914130" -parentBuildID 20230214051806 -prefsHandle 2484 -prefMapHandle 2480 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1fc172e-bb3f-469e-a494-a0e7ede40310} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 2492 11abb986658 socket
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11472093130485126459,15132345932033045838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,11472093130485126459,15132345932033045838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,11472093130485126459,15132345932033045838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11472093130485126459,15132345932033045838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11472093130485126459,15132345932033045838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.2.1541008441\563359893" -childID 1 -isForBrowser -prefsHandle 3308 -prefMapHandle 3304 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3123011a-342b-46cc-be12-c7baaa2b64a0} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 3320 11acb65de58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3920 --field-trial-handle=1908,i,944167287512027958,6217115555489990066,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11472093130485126459,15132345932033045838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.3.32225901\770361749" -childID 2 -isForBrowser -prefsHandle 3060 -prefMapHandle 3136 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {601b553e-9c3a-48cb-87be-086e4c4d65ce} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 3084 11abb976f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.4.735071182\370720281" -childID 3 -isForBrowser -prefsHandle 5280 -prefMapHandle 5272 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd56765c-3714-4073-9631-190b88027678} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 5288 11acf686458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.5.1788274996\1629250144" -childID 4 -isForBrowser -prefsHandle 5484 -prefMapHandle 5480 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b89a1632-393f-4ccb-b79a-dbe4ae5d526e} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 5400 11acf686a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1192.6.823109652\1516265487" -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1304 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d02f4704-11ea-4721-87e9-cb85f4d00d5f} 1192 "\\.\pipe\gecko-crash-server-pipe.1192" 5592 11acf687058 tab
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\BAAAAKJKJE.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\BKECFIIEHC.exe"
C:\Users\Admin\AppData\Local\Temp\BAAAAKJKJE.exe
"C:\Users\Admin\AppData\Local\Temp\BAAAAKJKJE.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 --field-trial-handle=1908,i,944167287512027958,6217115555489990066,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11472093130485126459,15132345932033045838,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 82.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.77.91.77.in-addr.arpa | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| US | 8.8.8.8:53 | 30.47.28.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 172.217.16.238:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 44.242.121.21:443 | shavar.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| GB | 172.217.16.238:443 | youtube-ui.l.google.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.242.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| N/A | 127.0.0.1:62027 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| N/A | 127.0.0.1:62066 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.168.125.74.in-addr.arpa | udp |
| GB | 74.125.168.199:443 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
Files
memory/1560-0-0x0000000000480000-0x000000000093B000-memory.dmp
memory/1560-1-0x00000000777A4000-0x00000000777A6000-memory.dmp
memory/1560-2-0x0000000000481000-0x00000000004AF000-memory.dmp
memory/1560-3-0x0000000000480000-0x000000000093B000-memory.dmp
memory/1560-4-0x0000000000480000-0x000000000093B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
| MD5 | 2dc22b0c18ac39c07ae034b7edc70559 |
| SHA1 | 1748ecc0beddd786ea21d9574dbe4ea55cc9f6e4 |
| SHA256 | 4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794 |
| SHA512 | 5d9669788f0e2c95c810ffa71815a17b211326d501f8aa79c60f267e75087915f20ffaf1981c378b6e6d5c46cf5fad731ae4e42d764620badab3126af8866f04 |
memory/1560-15-0x0000000000480000-0x000000000093B000-memory.dmp
memory/5044-17-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-18-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-19-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-20-0x0000000000090000-0x000000000054B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\8441011b45.exe
| MD5 | 286e26bd1701fc3054707a64e052edf3 |
| SHA1 | 0f655ee5b95b7325517892f6f08a6ace4766000d |
| SHA256 | 9e12b808314ab31153be5ca2472dde413e0f3d8c0fdb038261397d7a4881b739 |
| SHA512 | 3e3854d2ba26fa1c83f23597d8c2d6856f333a05cfb9cb5def62c9cba7eeee8568acae472382d7b35d3ba8b4528e2bc6e9697ee2b90da7986eb9b5b2efd00ae1 |
memory/2852-36-0x0000000000490000-0x0000000001085000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000008021\9d63f4563e.cmd
| MD5 | c1b73be75c9a5348a3e36e9ec2993f58 |
| SHA1 | 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906 |
| SHA256 | a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0 |
| SHA512 | fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 06b496d28461d5c01fc81bc2be6a9978 |
| SHA1 | 36e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa |
| SHA256 | e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507 |
| SHA512 | 6488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91 |
\??\pipe\crashpad_3212_FJJSLJSUETRQOUMH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | de1d175f3af722d1feb1c205f4e92d1e |
| SHA1 | 019cf8527a9b94bd0b35418bf7be8348be5a1c39 |
| SHA256 | 1b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924 |
| SHA512 | f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8eec2d10b86a72a2dfc0a9b49c9b4840 |
| SHA1 | 8652811969b4ab925e78d1a3a37f108c7de0c88f |
| SHA256 | 880de59b64a419ed7f81b73acbdaff5658f49bcc820750aa28f2709c763470cc |
| SHA512 | 025ce025393aecd0614ebf1a8b324905b452fdda6cbbb54b7e7151dcc606a2314e7e0fda751acd040339dd2d299baa2422c887e606487d2c941ed997f6822c20 |
memory/2852-87-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\prefs.js
| MD5 | ad452b2573406d6f9fca4a8364d450ed |
| SHA1 | 93f13c4800ae30a013a6aa3504a279ef6abef266 |
| SHA256 | e52eb606ef8ff33991d559a0e94be5dc479d3d9fe6e8385934bacceb8e59f602 |
| SHA512 | d032ab7b4128616c20939cd8aa5d5f737a6efd39e39272f8b69f89482f69a87e04901e1bcdfd82f63d846642b65e5a0c7a25be10491b7076ad7b18fdaeeb9ba4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kmthw6b9.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 9b43f6a47f8eb743b12553879546a8b0 |
| SHA1 | 06ab53480f28d1ab9dc38608077690d742de0281 |
| SHA256 | 75686e1acaa56a7062fb99f6ee4973e845f00132ae29b50386e24400c5241a2a |
| SHA512 | a4f79528137f7dd9cdf1bb80fa764745246ed736cf843ac918f704a7d975a9ae00716a3fd99ece48833de25644c7b4cb8e09d3d5803216616c01cb8d88ded20d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kmthw6b9.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 0ae461dd24976a02f2628ce69e77ca25 |
| SHA1 | aaf9a5714b7138889eb1af6868f3b22f90ad7009 |
| SHA256 | f5f2f2124c7952ebf69cc5c17ece4cf2d4ffc1ba137897ab3a0c0aca73d50911 |
| SHA512 | ed36d1c1903abd9562ac55eaf3db77a8a691f13a1c7bfac5a564c7548f893326e7d187593070a6b69d041d2c448b5b554aad02e3e5b13b6000ed4fbb77446bf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 51c3c3d00a4a5a9d730c04c615f2639b |
| SHA1 | 3b92cce727fc1fb03e982eb611935218c821948f |
| SHA256 | cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f |
| SHA512 | 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/5044-221-0x0000000000090000-0x000000000054B000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\cookies.sqlite-wal
| MD5 | aae37aa10ef94251a6b84247941544d8 |
| SHA1 | fe325291d44831ff33aa0085dd5f2683f7181f99 |
| SHA256 | fcdcd82969d9bc692e1ecb615421c2e4a480fbbfd0fc42e262b03d5684c6e8d8 |
| SHA512 | 20988f22263c91defd7af987f6f98824f36b8a3422a7b2e6b550a307da7e2f8ff3d27fd1c312481802f5512703889e99d00f4b7ad2c573ddc927225d33d857b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 1c0c8433626cac08202f23a1dae54325 |
| SHA1 | 3a5700eeeacd9f9d6b17c2707f75f29308658cd3 |
| SHA256 | 7aad4c7a174a145a4f9f11506145b521631ee2cb1ca2f7617b900ba515b31cd3 |
| SHA512 | da693d1d63c9971cb80792063f0e8d3335edb67ee1dcde4040d0dc8f44398f99d9f683eaab8cf44ebf5cdb78eae6672d43fd9ed9b45a526a80a311d8c77bcc8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 103d7813f0ccc7445b4b9a4b34fc74bf |
| SHA1 | ed862e8ebd885acde6115c340e59e50e74e3633b |
| SHA256 | 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b |
| SHA512 | 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\places.sqlite-wal
| MD5 | b3bc4e33e0989f1b5cdb560d7c9f1644 |
| SHA1 | 769d5638a25fe6aadff3e7f001036cdd3c0115b1 |
| SHA256 | 134337f4b54e170b872c2997edc0d848271f54bc6c2112d136d9910c6004966f |
| SHA512 | a3e0d1fbadc7882b06d4d0c564005d372235da79c3cdbc82f6c00220b5f2ae6f64fdb981c2caff1397609e3dc5f9a29b48a7f2f7b913e51dc4994d61683491af |
C:\ProgramData\KFIDBAFHCAKFBGCBFHIJ
| MD5 | 5ccd76c24d5f2bc06398caf5683f0b1a |
| SHA1 | f7d14abb2ebe79f7caffb001aa0f1d24510707e6 |
| SHA256 | 4cdf07af6e8f4b428afa45065e45745d7a1374ba03e1efeff2c2d0996371452b |
| SHA512 | 491661444399e52bc534435ce479252758453e9e86df80a85ab19224266e023d2ff9fbee8f1edcd77f36bf98632816015a1147b2ac416dfd98e1eb7dfd8627a3 |
memory/2852-301-0x0000000000490000-0x0000000001085000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d698c12e6c32235f62a81412170704ef |
| SHA1 | ee3b71d9c34186176afdb616471b9ae4c08f54d9 |
| SHA256 | 751de651ddf9b554461e0b024de7a6ff13db99e9180ce3e1daafac4fbf95d192 |
| SHA512 | ff0ddf164741b24cf062fa8d0acb82df1155a8f50ab4588f84e90c9f6bea867d6dc45059010376373286f7d15ada92bfa5e87026a41cb24662503c5d42da7d60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6efcd1bd8a13a5db9595731a3474a7fb |
| SHA1 | 3647ab47011008e9373a043a0bcb6c5cdff59071 |
| SHA256 | 3fc90bdcdd12d932fe9819862522fdf236fcb412c10dcc575768e92692d6a894 |
| SHA512 | bdb81fbc44e55e5b3b2e8824513787ccb14982d528c9693a40703597068dcfeabfd02931ec91d85375b310122f79c0e24397b71ee3060b947153fe523753a688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6aadbb99637137474d76aa02c9b6d670 |
| SHA1 | b5537f3035e5bcd6a040d6f46466ca34d4206445 |
| SHA256 | e601269fb67163dfac25fd35f18effa9940bbcac3abdff864a4c270762411c57 |
| SHA512 | df812e377c55f551192a6342ee0798533f3d4ef6e08b17db524fc7f81fac86cb381250652479fef241dc5134c1644d2149aef7ae3e4b1e5af04cb124f39a07a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 93164c941272594bfecd80c58c1c23d3 |
| SHA1 | 411c77d23223d53e1d5c325a5b67c785a3c5f7ec |
| SHA256 | 6a4312cfec35417529c22a5bd2965427482fb857ef93aeb9243436e9c5d51a30 |
| SHA512 | 7de122ec22e6f21c1aeb981f08cf7213c6381062bc5a2037c9e8ee111e006b8b5825cbe87f5898a5e15e572685788a060eb61f092cf77906af81b15bd98e361d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9377f63660eb9212f8eda9c41c5a65fe |
| SHA1 | c260f67447ee15f7dc1975cf5db82902ba4fe723 |
| SHA256 | 20256fb211ec741f56e0c80f3635af0bad6bb9aa475517aa7ae58c654deb2f13 |
| SHA512 | d5dcc7b404ffc1dbef4d0c47616b717840965793bf7b4a4a242ccd7a5148fb6ca65a2693ef0be94c2a374c6e82c59acdd292431ffaefef56a6d7a54d04705bfd |
memory/2852-333-0x0000000000490000-0x0000000001085000-memory.dmp
memory/6172-337-0x0000000000290000-0x000000000074B000-memory.dmp
memory/6172-340-0x0000000000290000-0x000000000074B000-memory.dmp
memory/5044-347-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-352-0x0000000000090000-0x000000000054B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1e2b783a98a3876828e4e03eb2b1ae53 |
| SHA1 | 1f677b2ecd4c6876a4a27b89301f24f246d8153f |
| SHA256 | cd97e1ea2a925f16181a6fc60235de8a75db3ab74e88725988f64d7daedcb1ea |
| SHA512 | 8638e8bb69224722169b8d7ff952246752ece3522d7c1960aa2635d1671d20a68df1cc088788a4fd9b6061822670911a00bced1dcf0b094f35b67aedb74af857 |
memory/5044-358-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-359-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-360-0x0000000000090000-0x000000000054B000-memory.dmp
memory/6760-371-0x0000000000090000-0x000000000054B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 55c4f1945d8690d0c96ff09996569e3c |
| SHA1 | e236e98d2732a9b0bbc6543a50d8da94f87e881b |
| SHA256 | 6ca7d441859437522159d4ac42f491c7d9438dd92399af71850518efd1787a92 |
| SHA512 | 9064beaac019c356bb9058658c9a5f9559b2fa5c68575924b7d66ee40d75fa65f32fa9ff50450ed7b27f99049ef6fd1d9a93945ec00402d7579e362e134b2bd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2bdac7c7315875f9edd5637a0c79ea91 |
| SHA1 | 3abe1f13af2f08a0a31f944d0b9bf33f6e1787d1 |
| SHA256 | 9bc44d1ebcf22d5ce71319d8caa9089a2aa07a6311e8bc830774cfb297f387c0 |
| SHA512 | eed99e34f29bfc1a9a4a625c83363a84b4191487033ea4923943d09f6826e9ae9e02b9e2816d47b26c0ec36afa02cec2ba2a40001ddc4dff0386935c13a2c404 |
memory/6760-382-0x0000000000090000-0x000000000054B000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kmthw6b9.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 90f3d69df1bdffcc906692b6470bb035 |
| SHA1 | ff12a5653656720afc3e499787555dd155e732cb |
| SHA256 | 36fe3b6b8895a93836926febe49b6f9243338de1f0c1ef2e6f224cd41087eaa9 |
| SHA512 | a156a399481f51be17d642a969e1630c8dd6f778d2d38ea9e374e33a7ec3296ee544d577b36c159b44ba0afb90607aa4933547e543a59d357f17dc29383aca08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\prefs-1.js
| MD5 | 6650dae1c354ef7c8f7a160b81ba5a4b |
| SHA1 | 66aa2772c0af519f330343d09df0423f2a3d9e6b |
| SHA256 | d073b73845ba28d4f4b1f79d947929674fd6a1c7bd8df3384329bfd419c641b7 |
| SHA512 | b2a8340b54ae9e9157d0a4b7a95739a96167b6cc1a6de40d6754cff579d7dddcff72617b4334bc2f465dded99bd7a781e433d135e540185d9dcbe5aa7e2fafb9 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kmthw6b9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
memory/5044-575-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-1415-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-2376-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-2394-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-2416-0x0000000000090000-0x000000000054B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 96d76f2db50aeb22c5612efead153049 |
| SHA1 | 1e0ad43f8d58c9e391f2c6bbe29904f573c20358 |
| SHA256 | b9de907ab80390c3a1065c838d0225862c5f3d15dcd6f68393146572bced40b0 |
| SHA512 | a13144ee84465e04d997f7fdb7f855fb7d25a75d8b7e20e7652084a96201ce21e35e29fb20e9909ea7d5923334d3751eb392f39de1baf780a0730264316f7c6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d0e2c3a5635d3d9046c7e3ae5097ca8a |
| SHA1 | e981549a32c1ffaeaa6282cfc7bb7564cfe87f18 |
| SHA256 | 4f2d503b9a129c10879bf7cd80d18c045169c81d20cbaa9bcd3b4319f500cc73 |
| SHA512 | 131440c4c18fb318427b8425580196c0518c45d5e7561ad234669737b7d6d8d3feded67cd480a31fe0b1f603bcb79ba896a5df7c7a7b64e6ac6bb31a842763f3 |
memory/5044-2427-0x0000000000090000-0x000000000054B000-memory.dmp
memory/6240-2429-0x0000000000090000-0x000000000054B000-memory.dmp
memory/6240-2431-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-2432-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-2433-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-2434-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-2447-0x0000000000090000-0x000000000054B000-memory.dmp
memory/5044-2448-0x0000000000090000-0x000000000054B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 32494749e3dc2fd720434e99fc699f9f |
| SHA1 | 41083931b01871d0fc7012b790de246dfe576540 |
| SHA256 | ab9ca23e2751ccf8b7c3e08207fe0125a9cb485073d4e938d5c995b6b0b63c78 |
| SHA512 | 00794ef61c4495193f7e0aeb21626b97e96eb68166673fa5f4b17486bf8cba6d482c6a4f2349adb2bcf41c3aa390f6b2b45b4d45da162d0945fba787cc9785f6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-08 21:53
Reported
2024-07-08 21:56
Platform
win11-20240704-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\IJEGDBGDBF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\IJEGDBGDBF.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\IJEGDBGDBF.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IJEGDBGDBF.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\IJEGDBGDBF.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IJEGDBGDBF.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2608496357-2693146533-2740208290-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe
"C:\Users\Admin\AppData\Local\Temp\4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\6954534c7f.cmd" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff8c97eab58,0x7ff8c97eab68,0x7ff8c97eab78
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff8c8f73cb8,0x7ff8c8f73cc8,0x7ff8c8f73cd8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=2508,i,4859103138309252682,1006716026569092612,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1744 --field-trial-handle=2508,i,4859103138309252682,1006716026569092612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1684 --field-trial-handle=2508,i,4859103138309252682,1006716026569092612,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2416 --field-trial-handle=2508,i,4859103138309252682,1006716026569092612,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2424 --field-trial-handle=2508,i,4859103138309252682,1006716026569092612,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2268 --field-trial-handle=2508,i,4859103138309252682,1006716026569092612,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.0.2146593690\1238936511" -parentBuildID 20230214051806 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f64a0ffe-13f8-46c5-9c3f-96ba0948bfdf} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 1808 229ffd0d858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.1.1605776572\1063869532" -parentBuildID 20230214051806 -prefsHandle 2224 -prefMapHandle 2220 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b43c653-8726-4a71-a511-43ac94142471} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 2368 22987caca58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.2.1699497543\1507083065" -childID 1 -isForBrowser -prefsHandle 3408 -prefMapHandle 3404 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0558a67d-d212-4cbb-8da2-07b9a01000d7} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 3420 2298a361f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.3.991098958\1522643617" -childID 2 -isForBrowser -prefsHandle 3236 -prefMapHandle 3200 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2b8be2e-79d4-4c40-a45f-e88816b3841b} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 3204 2298d5c9758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.4.1140701454\308171648" -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 5192 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bf6eaa4-7714-4ffd-a7ed-b78e2ca21967} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 5268 2298f948358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.5.241136611\838813456" -childID 4 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3de186cc-4015-40f7-bdfb-00afc66a2ed1} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 5464 2298f947a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1888.6.1038448660\144168188" -childID 5 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24a38bc8-0ddb-41dc-8e18-59ed92ea4575} 1888 "\\.\pipe\gecko-crash-server-pipe.1888" 5448 2298f948658 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IJEGDBGDBF.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\JEBKKEGDBF.exe"
C:\Users\Admin\AppData\Local\Temp\IJEGDBGDBF.exe
"C:\Users\Admin\AppData\Local\Temp\IJEGDBGDBF.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,12835575845697819785,9685112213306627193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5060 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=2508,i,4859103138309252682,1006716026569092612,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 82.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.77.91.77.in-addr.arpa | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 44.238.192.228:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.178.14:443 | youtube-ui.l.google.com | udp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| N/A | 127.0.0.1:49808 | tcp | |
| N/A | 127.0.0.1:49891 | tcp | |
| GB | 142.250.200.46:443 | youtube-ui.l.google.com | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 142.250.200.46:443 | youtube-ui.l.google.com | tcp |
| GB | 142.250.200.46:443 | youtube-ui.l.google.com | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.200.46:443 | youtube-ui.l.google.com | tcp |
| IE | 52.111.236.22:443 | tcp | |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | udp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | udp |
Files
memory/2260-0-0x0000000000C10000-0x00000000010CB000-memory.dmp
memory/2260-1-0x0000000077106000-0x0000000077108000-memory.dmp
memory/2260-2-0x0000000000C11000-0x0000000000C3F000-memory.dmp
memory/2260-3-0x0000000000C10000-0x00000000010CB000-memory.dmp
memory/2260-4-0x0000000000C10000-0x00000000010CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
| MD5 | 2dc22b0c18ac39c07ae034b7edc70559 |
| SHA1 | 1748ecc0beddd786ea21d9574dbe4ea55cc9f6e4 |
| SHA256 | 4cf76d26e79d0443447b12ee0630674bb5087af7b2f277463119b9224c95b794 |
| SHA512 | 5d9669788f0e2c95c810ffa71815a17b211326d501f8aa79c60f267e75087915f20ffaf1981c378b6e6d5c46cf5fad731ae4e42d764620badab3126af8866f04 |
memory/2260-16-0x0000000000C10000-0x00000000010CB000-memory.dmp
memory/4800-17-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-18-0x0000000004E70000-0x0000000004E71000-memory.dmp
memory/4800-23-0x0000000004E80000-0x0000000004E81000-memory.dmp
memory/4800-24-0x0000000000F91000-0x0000000000FBF000-memory.dmp
memory/4800-22-0x0000000004E50000-0x0000000004E51000-memory.dmp
memory/4800-19-0x0000000004E60000-0x0000000004E61000-memory.dmp
memory/4800-20-0x0000000004EA0000-0x0000000004EA1000-memory.dmp
memory/4800-21-0x0000000004E40000-0x0000000004E41000-memory.dmp
memory/4800-25-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-26-0x0000000000F90000-0x000000000144B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\27ab381810.exe
| MD5 | 286e26bd1701fc3054707a64e052edf3 |
| SHA1 | 0f655ee5b95b7325517892f6f08a6ace4766000d |
| SHA256 | 9e12b808314ab31153be5ca2472dde413e0f3d8c0fdb038261397d7a4881b739 |
| SHA512 | 3e3854d2ba26fa1c83f23597d8c2d6856f333a05cfb9cb5def62c9cba7eeee8568acae472382d7b35d3ba8b4528e2bc6e9697ee2b90da7986eb9b5b2efd00ae1 |
memory/3640-42-0x00000000009B0000-0x00000000015A5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000008021\6954534c7f.cmd
| MD5 | c1b73be75c9a5348a3e36e9ec2993f58 |
| SHA1 | 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906 |
| SHA256 | a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0 |
| SHA512 | fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dd3589b97978441d244d4e821fd239da |
| SHA1 | 63286c2b1fc75939d6ad4e1176901b5c7dc58143 |
| SHA256 | 6ddace977f58c209176969a77634f8a7cdcaf6f1a550cdbc056674b2b538a5f9 |
| SHA512 | 6a6a16c168445ee2511c363b31faae8bdd851259ccbdcdd8e93584dc076e1bd688891e5804479a1313019428387207b7a2ba23fe854c53ac86467c730c25b4c2 |
\??\pipe\LOCAL\crashpad_4124_FHHBRQTDOQYUNMKJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | be6d8a5227798b38c33128c43f9febf0 |
| SHA1 | b5db7c6a1593f45c75ebb6a81e57628d11fcb892 |
| SHA256 | 7eaf875fc88b9d5125a56f088e3f676d1762503427fb6b94dbe0eaef71c23234 |
| SHA512 | e34ec91b098f08c06754d1e873acfa7773e696dcd2f7be1b2cfe83962944cdbc59703511341d95ed8e5e0aea8f28c9d7b7b497cec719e7a771e6b5e5f6c28368 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8ece9e2e0973b0dae45e7832ef7ef07 |
| SHA1 | 53c004f8638941c3ab18b44fe9df4a20837f5348 |
| SHA256 | 2f04d2b1042b527a91a649678aee6b74a7ffe5f0eed7c8f898e192a3f88c32fe |
| SHA512 | d2049d4ab99224a1822cdc9d38615dcf2882ef87f5e2a7f6a205844c7fc35b1335123f69ae8322cf4663ebb99c8417fcd64e406d383c66625b09fb700930bdff |
memory/3640-89-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/4800-173-0x0000000000F90000-0x000000000144B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\prefs.js
| MD5 | 6869eb29fd729f744d47fa4e13a3466d |
| SHA1 | 97c02ae733c1eaa8eed90282068e76bf4affdf05 |
| SHA256 | c410eee43f53423c4130464ff131e4a79d8dd992d9f363ed5b9dd032860e8bc8 |
| SHA512 | b90a9e80de44ebaa19d3c200a6c7c080fe04826c9a91426bd8916ee8528000c1eafcad4eca9833f08a16308f963debe4996f3614cff91052c65fface8d95606c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1i7klk71.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 0a02cdd21024a3ceb6cf040245bd289f |
| SHA1 | 3ad61fbe7b67b18a9763b928479c43d313f8c780 |
| SHA256 | 931ad4ee4ab8bde7eb6c817e69b1cd1b5a5faece73fd758b1ec799a58d235b40 |
| SHA512 | 6cfa950f54631ce27346018b7e05b08941283bc369a73ed0115fce0267889e2c56245c9568b9c7533e102f4525e3103334f48d3461684985c710ebf201d620b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\cookies.sqlite-wal
| MD5 | d35da347c5478bcbd66090ea8e22decd |
| SHA1 | b61e58ea556782a09c8ef5c06bf9843faafdb70a |
| SHA256 | d93d627d3e8d238351024bdc80157217412bcca4a9a38200096d38e5521e0bd2 |
| SHA512 | 2191c1559c3bb8f927c071bf8ce493f6cb278e8a57da17f5e2e05c12a46714d356fa1ca5698a3dd62d3210cab39755731801f9f69a9896b1f5a7e9471faadd64 |
memory/3640-258-0x00000000009B0000-0x00000000015A5000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\places.sqlite-wal
| MD5 | c7ad99c0f1bff0edca38203b937d1943 |
| SHA1 | 3786d5d6dc1e3cfc64d6b4cc1406eeb4a5cba39e |
| SHA256 | e2486760d1a509846e599d4b3567db5fcee5d3516f63e344bdf18ca35b22f7b1 |
| SHA512 | 5ef9fc434dd5e9f40e1b2fea176316d251af7b7be1f418c9ff475781ee4ce86de3dcff5acdfc733c20ffd16f19832b20a14090686d662cc3012fb814825f3858 |
C:\ProgramData\EGDBAFHJJDAKEBGCFCBG
| MD5 | 1e77f0b3cadf7c763821bdff8c390636 |
| SHA1 | da1423136e9c38c652246720e1c874bdf3ac747c |
| SHA256 | dc478d04619f085074f7e1c5029f9e13b3b3b457b68f2b05e222a60edfa7a3d1 |
| SHA512 | 6aa8a40f6caf3c7f052ae1bf1b863cc3dc8205b611f6c2dcb3f2896f59ecd6f6fe2fe0159754f0837a0037f138d94ce0e6983de49d5ae5ad525a732695fe923d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0bafd8404649894fb35cf6cf9bb62f94 |
| SHA1 | 20e9dbe0b4d64e213cda3f00bcaf9c76007e4738 |
| SHA256 | e52e325016ee1dcd25b7d44c6c85cfaa7d61d9be575c098c9d2141a59777ef55 |
| SHA512 | 576ca82b0894eae0837271fee23119ddafe36b87d4086e81ef2c30e6022bee0ab48c2f13dca1a96b36a0f46e881a41b5ef00fb39cd2fad5ed734477d018db8d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b4418a2248e7c23e0198eae3ef060fa2 |
| SHA1 | 04fad860c494a2ceea1fba7959b364a829cf002f |
| SHA256 | 0798fc506712cd33aa4dd541ec1d909fc37644666d815e51b67c5089c19da567 |
| SHA512 | 2f99d2d02a0e3c6a7cc636f4bc1fa3706fde90671f1f2fabcf16f28971998471ac33cf434eba2076eef5090dddee935d69f375520c424ea97c2f2a01206b6d0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e24514e5bc988ec39027cb6d0ccc33e |
| SHA1 | 71ed0a25a8b441ddbe9dafac01f9c8bbcdde6a96 |
| SHA256 | 10614c88abeb7d7ac0ddb33ab0747b975c0558bda4bf9ab5c1ae290dfe6b998b |
| SHA512 | 3c8d3826949a38d4996f82c15f1dc13be0b1ee100aaa7c1e3650849bc7fd4e42bd90b9f42b461280c10a1358dabb77573a514e03ca124f0e0b05c27e3b028261 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 51c3c3d00a4a5a9d730c04c615f2639b |
| SHA1 | 3b92cce727fc1fb03e982eb611935218c821948f |
| SHA256 | cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f |
| SHA512 | 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe7715748199f84aa1b1844c6c824cbd |
| SHA1 | 9777b3c01a3f8b849cdcc17172851db460b7963d |
| SHA256 | bd8aa3062cd523004debd38cd9834cec801486b6685dc359aa4e828d582ade19 |
| SHA512 | d337bcad04f001f413e80a4a43384ac0d6a9c1a6d6864d35b4a04c01033183fb7438eed74f937c7f8cc62baa08c77bad2e616b6544770664cf62e3b58550d7d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 61f64a0b4331328abfd5e1220148e3a9 |
| SHA1 | dae5b5532b9a141472633a3706fa8a64f559a134 |
| SHA256 | 5963a21a489b53821a3fee68dbe7398345b8c3a361b3b37ab11eea68641dedf8 |
| SHA512 | 2030db05133b31fe56fc961c5f78d0733e762026535e607f32c02faa381792ba4a5758bf24bb06aece5190641b9283d32412dc11f24bce7e2bca3896a6f8caff |
memory/3640-334-0x00000000009B0000-0x00000000015A5000-memory.dmp
memory/2180-338-0x0000000000560000-0x0000000000A1B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 103d7813f0ccc7445b4b9a4b34fc74bf |
| SHA1 | ed862e8ebd885acde6115c340e59e50e74e3633b |
| SHA256 | 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b |
| SHA512 | 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/2180-368-0x0000000000560000-0x0000000000A1B000-memory.dmp
memory/4800-379-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-387-0x0000000000F90000-0x000000000144B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 377da132e9a86834e3b468a86000fa2c |
| SHA1 | 1ef2072fcb314a1194ae0a6e9a44dd761a0ef14b |
| SHA256 | 7455a6f5c580493da42925e9191e65475a06caed38186a3dc35a6526c4f93749 |
| SHA512 | 2987147642590e3ce434d39d9098ab2312163f5470a0ca9bd57fdd37fd3e2f904f0c37fea0a8f904e6787c28c45d591fe93ae1a7db79a0452ae82900e8a5297d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5b4d30c894b5e85e60aa2613ae69d1dc |
| SHA1 | 321d512ef6f249ad29413d63effbc42931417588 |
| SHA256 | 5f4789dda2fbed23e315d62c2aecf078ac6f81764585fcbb1a176f52a475ae41 |
| SHA512 | b6f5f3131cc445b629afe51d9fee396b257505e800e73fb9888f464c44ceeb8fb5b3b1f0553862a6bba598d88f220da809cafbb7a213a242066d31f47e62f9e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 09d4a2c435b3fff6000c9cfd8d974969 |
| SHA1 | d3e70c259a9ba15b651bc54311cf5f95c1357fb5 |
| SHA256 | dc18528fbd09ab1142aca48ccb42fe6c0a74a6b470b58e422769271eed29e79d |
| SHA512 | 46d6373cc984bb3e122a6dcac18c73e2011f24f04967b99b9eb63f29e5ca6c8bbcabc0b8d1b1c9526f190dd9820af9d8c13e753bfd4ea04c99cf989eba96922d |
memory/4800-416-0x0000000000F90000-0x000000000144B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e3f06e4aa6c2963bf45c06a4ea70dcf7 |
| SHA1 | f969ae6486aea675a9dcc0030c4a761d7829450d |
| SHA256 | e25e7734e4bc451349c5704ea0eb4903d2646813c3bdbfc0a254a98b48473da4 |
| SHA512 | 198668b9318dc1376f34bb4e4809e3726298588c8ade981d82ee8e68d251bed0bad8e7f8b92dc9b45cc32c20f1e4f0fdf3e27d538bc32b03d5c00c078724a76e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1i7klk71.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | cb6f2d35d4194a85efbfafd2a9de99cc |
| SHA1 | 026773a559349a18da1c4b388e966e839ca12806 |
| SHA256 | 97969da730ae3d594cb48721018227603e625e542e27d45d83f6b0108d5f69f8 |
| SHA512 | 58d57406e6bb49da7436727ab0a0a6d3171c820ccfc5698a6332026476509c4dd10323ce1d5c8c599f2f1cb31e10f187f4469c008afcc353a0dc7cc1a9490022 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\prefs-1.js
| MD5 | e184427e4b30917fd99de6f4967f122c |
| SHA1 | 62ba35c3311999ffeb42b926fa2468ee82501217 |
| SHA256 | e1fa233d2b7dbcda0069d18f0672ee727d47fd5a64404fa3f7cf91e67508f6dd |
| SHA512 | fee7650fe4ff05249eef1308eb7fb6f013e7d73e96923cec870699d07451f4f1ece991a4e30fdf61faf8a541fb6fb27c53c56e1b3f228c10627ccb6fda916299 |
memory/4800-474-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/6476-526-0x0000000000F90000-0x000000000144B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1i7klk71.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
memory/6476-584-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-985-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-2145-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-2495-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-2526-0x0000000000F90000-0x000000000144B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0d443f9adead90a5dbdf11b3a4b164f3 |
| SHA1 | 7abdbc648a9fffafcf287acf3acd9af9dd12300d |
| SHA256 | 92d9b0ee2b862c256885f8fdfc1b3be2d17fbfa16ab2b34dd1187a441629ce86 |
| SHA512 | b7f26c7c120e98256ddf641e451b45c9214fb59e0304b1493f2d66384f428ce67185d50d5ae7f892fceb5ba97b5437afe2290adedd04d175f4ec434ef2d044c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 38c8c14452d1882d224f8cf2878f2421 |
| SHA1 | b8234751cadcaefbf2b8cd548258c20914606328 |
| SHA256 | 534bba622a12466e6af709f044175cf61d8b5324e65415bc926a7bcd86c5df9d |
| SHA512 | 7a07fd5e836543a8a05f25a5796087c22aab01c3353e5ea7aaf8bd30c51acf009fcafa1c21b5b20b3b56f0d32f8ef19f0ff58984aefcadff79a8d772a8947dfc |
memory/4800-2537-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-2538-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/6416-2540-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/6416-2541-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-2542-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-2543-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-2556-0x0000000000F90000-0x000000000144B000-memory.dmp
memory/4800-2557-0x0000000000F90000-0x000000000144B000-memory.dmp