Analysis Overview
SHA256
7378f4059b53f7da3e135c76ce4d6d6dc3af8106f510f128a77c5688f958a803
Threat Level: Known bad
The file file.exe was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks computer location settings
Reads data files stored by FTP clients
Checks BIOS information in registry
Executes dropped EXE
Identifies Wine through registry keys
Reads user/profile data of web browsers
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Modifies registry class
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-08 18:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-08 18:33
Reported
2024-07-08 18:35
Platform
win7-20240705-en
Max time kernel
62s
Max time network
152s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\1cb7986d21.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\1cb7986d21.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\1cb7986d21.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\1cb7986d21.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\1cb7986d21.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IDHIIJJJKE.exe"
C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe
"C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\1cb7986d21.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\1cb7986d21.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\e3353175dd.cmd" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7e79758,0x7fef7e79768,0x7fef7e79778
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.0.533407109\398782521" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1124 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b791e25-2fe6-48b6-b4c4-3349e4bdba83} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 1312 11bd9558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.1.1513895868\1529174423" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1512 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c1a21a7-5986-4cf4-acf1-4c3c26f1c02c} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 1528 f7ee258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.2.1016076439\287805123" -childID 1 -isForBrowser -prefsHandle 2260 -prefMapHandle 2256 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1cb2aae-f403-4193-841d-88e633acc39e} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 2284 18882458 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1200,i,1448929045796183990,5191118730549267584,131072 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.3.1199763050\2029374572" -childID 2 -isForBrowser -prefsHandle 2692 -prefMapHandle 2688 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d92c1dde-e630-4f8f-95c8-ad4af0bbec4c} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 2704 d62b58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1200,i,1448929045796183990,5191118730549267584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1200,i,1448929045796183990,5191118730549267584,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2220 --field-trial-handle=1200,i,1448929045796183990,5191118730549267584,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1200,i,1448929045796183990,5191118730549267584,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1200,i,1448929045796183990,5191118730549267584,131072 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.4.831457061\795992709" -childID 3 -isForBrowser -prefsHandle 3728 -prefMapHandle 3740 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da46bda6-db55-41ac-ad0f-e41c478dfc5d} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3760 1f344f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.5.1346870347\677919117" -childID 4 -isForBrowser -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac46eb39-7fe6-48b3-a7a5-f2ff83be0117} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3900 1fa80558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.6.294795763\718521697" -childID 5 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10af8a5c-41b6-43dc-a65e-f268671d57bb} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4008 1fa80858 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3192 --field-trial-handle=1200,i,1448929045796183990,5191118730549267584,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 --field-trial-handle=1200,i,1448929045796183990,5191118730549267584,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 44.238.192.228:443 | shavar.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | tcp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| GB | 142.250.187.206:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| N/A | 127.0.0.1:49371 | tcp | |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| N/A | 127.0.0.1:49382 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.155:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2.sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2.sn-aigzrnse.gvt1.com | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
Files
memory/2116-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
memory/2116-0-0x0000000000E60000-0x0000000001A50000-memory.dmp
memory/2116-2-0x0000000000E60000-0x0000000001A50000-memory.dmp
memory/2116-3-0x0000000000E60000-0x0000000001A50000-memory.dmp
memory/2116-4-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/2116-36-0x0000000000E60000-0x0000000001A50000-memory.dmp
\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/2116-60-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
memory/2116-66-0x0000000000E60000-0x0000000001A50000-memory.dmp
memory/2116-69-0x0000000000E60000-0x0000000001A50000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FHJEGIIEGI.exe
| MD5 | d5d3a63a0c127480a4f3c3acde73a130 |
| SHA1 | 6386347bb05c432a70895ba02cfbaec68a9067f0 |
| SHA256 | 10e426a158bdc950555167f7c4a4d25e46cd2081ea48f7bd27bb0163b50145c7 |
| SHA512 | c7bd14f45005b1ff14a5cdf6b80777f97ee901445607e09da25c1bd4123c662f72ecd122578eccaca846b455fc04510cddc9f25fed6405d915cb04ea9a239180 |
memory/2980-104-0x0000000001150000-0x0000000001608000-memory.dmp
memory/3064-121-0x00000000002D0000-0x0000000000788000-memory.dmp
memory/2980-120-0x0000000006D60000-0x0000000007218000-memory.dmp
memory/2980-119-0x0000000001150000-0x0000000001608000-memory.dmp
memory/2316-124-0x0000000000310000-0x0000000000410000-memory.dmp
memory/2316-122-0x0000000000310000-0x0000000000410000-memory.dmp
memory/2316-123-0x0000000000310000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\1cb7986d21.exe
| MD5 | 1353eeb92749ad19736c9e3d97959c2a |
| SHA1 | 0bfd65e336cb0a12b150e7212877cf9b5c466500 |
| SHA256 | 7378f4059b53f7da3e135c76ce4d6d6dc3af8106f510f128a77c5688f958a803 |
| SHA512 | fb1a3757833a746e811d8ac5a7b3cd486596ba8e1a6ef47efa54f8fd0be71c2719a8d136750a8a551125504072be25ee5b798fa4f1317b5dc53864ba918e8ab7 |
memory/3064-142-0x0000000006BB0000-0x00000000077A0000-memory.dmp
memory/3064-144-0x0000000006BB0000-0x00000000077A0000-memory.dmp
memory/1328-143-0x0000000000820000-0x0000000001410000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000008021\e3353175dd.cmd
| MD5 | c1b73be75c9a5348a3e36e9ec2993f58 |
| SHA1 | 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906 |
| SHA256 | a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0 |
| SHA512 | fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs.js
| MD5 | a93420c82d5dfe7042748d3bf371902e |
| SHA1 | 2eb0b83ad64f7984f63867832418f4ef31e6ab4e |
| SHA256 | e63d3cdf06214b1160ac64a634e069a1acc26892390adba5b36ca60ec2b8d920 |
| SHA512 | 0a78906cd9c8f7c2e3c205548a8bd3dbd8e9ee2502cf51c34e6930f5159dcf82b71081ac347802cca622e8ddb639ed8659730f4cb1bc549bcd741185791c979e |
memory/3064-180-0x00000000002D0000-0x0000000000788000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 47d4ef84585337c935fd76440203859d |
| SHA1 | 144014cb7689ebc5f68b63a48ff6250fca8359a9 |
| SHA256 | 3a1c352ee74476933bf4dc0367ee56a9cc9cea6d3c8df354079249ec14ab4258 |
| SHA512 | d2b092f3241c16e82b8830b5392f9370989843c96585b13a2bdc4321fe2446d99a2cebde461d9dd74db701f07c677ad6ab8bf0c707fa6ce39fe51ebb131ec2a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\pending_pings\6ea3ac8e-0e94-4d13-82fc-675cd0cac65c
| MD5 | 00b44083c90dff6db89097473fde2c54 |
| SHA1 | caa553c0f9ff25e1fe976bf45e791a46079a5fdc |
| SHA256 | a7dd3009ded27d3d3599509df602b625e03bfabce78aff9843ae62f60713e0ed |
| SHA512 | 81c78de57af4d2736cc20bcfc08901c06609b449367f181882d1ef01a1c3bcbdd009fb3aa53ae9575ec427f6718995da8d6b34ae68371066a6a9c9357d2fe769 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\pending_pings\6ac727af-1c43-4b19-a93b-c6cf22cead12
| MD5 | f379767a73cfa251df1d5184c8d195e0 |
| SHA1 | f230e432b800ce30845d80028241b19a10e4b747 |
| SHA256 | 942332faff4ccb8b320a8d21bbed0216a1bc55f499aea9197653ddf34d5f8424 |
| SHA512 | fa2ed232fbea509da32fce6b3baad2a729b0bf8695c2687e50d5ec7bb23a51f89e4f9ec6f5b1d67c0e3448adb84e0fbd142a446f2cb025ccbe5eb4125cd07cf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_752_EPFTYPEBXTUJFYNQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
| MD5 | 5fe8c04b8e82870f56301a1cddaa90c8 |
| SHA1 | aad4dc1b2cc58bcfdcfd0470218fc220ffa84b9a |
| SHA256 | 64715bdc5282bc80b079388db23e20679542b4f93066bdcd7f4790f99d8105ad |
| SHA512 | 8c5d8e6f3da17118d7e03abfbf32b9f36ec2b2d8f976b5e51714311c60a19ccca4e4814809341c25fc23cc20f5265072fbc41a275b7583b59a5cd431300fc0fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 4b3b350bef66ca876c4fb4e58e1be058 |
| SHA1 | 1659851fe576adef7f5fa82bb955da856b84b7e1 |
| SHA256 | 718eae519c2e479a7a322fe3a8c25c71db7a555a04feeac8ae929f440c9b446c |
| SHA512 | 46900bc36d27551e8e4393ec973b0d7636c95d5b099004b63f4ff450b057a70b5b60b0d300cec3fd1672830cafd8d6eca3fae6f0ceed07513bd43724f2d3fda0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 607c08c93e88b1874836e16e1875cd71 |
| SHA1 | b51c7b67676339d58a43c4c04642fc37c63b97ed |
| SHA256 | 7e00bc82fb3d75c19397eced847593ff483ad405cc02b71bd7e546bd02d84f7b |
| SHA512 | 6cfce5007695386918854ce67d7b4520a4712a6a71498bca300eadeab27e50345f6bd2c356e6ab62aa231308413cb27a1c3a059fee2bf85607adc0ea36381e1c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
| MD5 | 582cd42f929b37c814b0b305a347db79 |
| SHA1 | ef61b69685a63160b094e0f1665e0928a55d1b8f |
| SHA256 | a9c859e683f943a4f2a7be4356cd6f17a18397cea2a5650afb191e140dbc7560 |
| SHA512 | d87ca7399c5e91f0353c82ce6a7c78d2551a14650418e7ec982dbaf772c05dda5ec24b8dc3ef4821f42e74aab4dc1e8551f9be4bd16389340f5c59f909176998 |
memory/2980-405-0x0000000006D60000-0x0000000007218000-memory.dmp
memory/3064-413-0x00000000002D0000-0x0000000000788000-memory.dmp
memory/1328-419-0x0000000000820000-0x0000000001410000-memory.dmp
memory/3064-424-0x0000000006BB0000-0x00000000077A0000-memory.dmp
memory/1328-442-0x0000000000820000-0x0000000001410000-memory.dmp
memory/3064-441-0x00000000002D0000-0x0000000000788000-memory.dmp
memory/3064-443-0x0000000006BB0000-0x00000000077A0000-memory.dmp
memory/1328-455-0x0000000000820000-0x0000000001410000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a87fdd5e3ba89a5fa25d3e19e997d4f3 |
| SHA1 | dd40c296e3acc849b8c2bf17655a614749260777 |
| SHA256 | fc117e407538483c8d9ec8f2a84af454952ceaf48758182c26563ffb2dda09a1 |
| SHA512 | 3e1577821e6110bba6a024e83da3f7426f590513ff688e0032535a2ba0bd804132b66f8cc877fa080975cd58e1870372daca64e0a2943d1a7c27050e540adfd2 |
memory/3064-475-0x00000000002D0000-0x0000000000788000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
| MD5 | bfcba149dcf5ea4bdb29de1723dc64cd |
| SHA1 | 99be82dc0b8434a1daff9f212261f83215d9ceae |
| SHA256 | 751bcbeb351064119cc58aa669683a49c5e8a70224f3d119ae5d2b4733afc448 |
| SHA512 | 1db61741988f3c4b4fb44c74fec24fc434704106c6bfcaca509228caa116d436875d2aa47a6c581d5ff2edb001a663672af962b00ee66ace7ee447fa5509a3bf |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
memory/1328-543-0x0000000000820000-0x0000000001410000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
| MD5 | 5b19fa146a459cc55463b993b026f5c0 |
| SHA1 | 4d3d97344b7a24a01d29c9b9e0bd8b201ea27a92 |
| SHA256 | a818dc87b4f43c065ca6e8cdd956dab913ac905982a3411759b368930d52b9b9 |
| SHA512 | 114e03fe1c9221dc49ffe7fca3ac217c81301d1cb50a7b5b4f65e11976c250b3bc979434638e8948810e8946ead3ba98d5cbd6a8673f9f49a6340e2e24efc860 |
memory/3064-552-0x00000000002D0000-0x0000000000788000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | adc264babeffebe7598f11894a7d295f |
| SHA1 | f843287c0305d612654c9cd093d199f46e7555ed |
| SHA256 | 48d10cb98a2553ccfa4fffa3768230ff4925097bbea9e5738eadb027c6334baf |
| SHA512 | 17c335ef2349714545a63368363cadb0ce7fc670bcb72d2d57ae236394541d85f05d43ca4d4c376be34e5b86b380a3413478129582605470e60bb672eebce904 |
memory/1328-562-0x0000000000820000-0x0000000001410000-memory.dmp
memory/3064-563-0x00000000002D0000-0x0000000000788000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | df7dcdfe6e2b9e417061199bd5cacd28 |
| SHA1 | 98893bc24fb70b7ccd1356a880a26a366c7f4af5 |
| SHA256 | 27e15f23dfbbc9cd661c54b1e2db612ba4f37ef6e3721ed14a748b59917645c9 |
| SHA512 | 67436dde7dc7add55eab1df16e76cc6cbea25e60649c81f5e0867064535ca398d203aa058d9fb72c6207ea2ea945812a79d3b8293653e5aca085b3ae43a3b9f9 |
memory/1328-571-0x0000000000820000-0x0000000001410000-memory.dmp
memory/3064-572-0x00000000002D0000-0x0000000000788000-memory.dmp
memory/1328-577-0x0000000000820000-0x0000000001410000-memory.dmp
memory/3064-583-0x00000000002D0000-0x0000000000788000-memory.dmp
memory/1328-587-0x0000000000820000-0x0000000001410000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 738866315816f1de1635e61a42c36f06 |
| SHA1 | a6722ea6fcd1cb64beb16fd7b6d60204b0f7d0a8 |
| SHA256 | 66fd5b6bde51523df6a2d87f9fd88acd4197fdec448d88eef59c38736fa46449 |
| SHA512 | f7e6f6d8455c86e449072ea85fd4c3b4ca13bf80500a033719befb26945c504e4a3d0c4d7b0a06d109975680407e736778f37354cd8f266e99c3673c2979889b |
memory/3064-596-0x00000000002D0000-0x0000000000788000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 44c2b325b6f570dfadd0523a97415e4c |
| SHA1 | b5d3270ea88ad86b3ca9ac362698e74e21f7d04d |
| SHA256 | f69d7fdeee8e0467c1c5904d24211fca60f72fc2778bcf0a1ed039a19dfb2e29 |
| SHA512 | d8c3ab38593a2a192ce45c776dd56334ffbf7ceac6d9be8a92dc92915b5f182ff69ebab73e17b4bc95b51ac1769635c132ecd00b7cba3c30acb4792a720f79c2 |
memory/1328-604-0x0000000000820000-0x0000000001410000-memory.dmp
memory/3064-605-0x00000000002D0000-0x0000000000788000-memory.dmp
memory/1328-606-0x0000000000820000-0x0000000001410000-memory.dmp
memory/3064-607-0x00000000002D0000-0x0000000000788000-memory.dmp
memory/1328-608-0x0000000000820000-0x0000000001410000-memory.dmp
memory/3064-609-0x00000000002D0000-0x0000000000788000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-08 18:33
Reported
2024-07-08 18:35
Platform
win10v2004-20240704-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bf5db39f1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bf5db39f1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bf5db39f1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bf5db39f1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bf5db39f1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bf5db39f1.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\BKJKEBGDHD.exe"
C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe
"C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\4bf5db39f1.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\4bf5db39f1.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\636bb2c3d4.cmd" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb56dbab58,0x7ffb56dbab68,0x7ffb56dbab78
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb56c646f8,0x7ffb56c64708,0x7ffb56c64718
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.0.34335151\411553867" -parentBuildID 20230214051806 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebb88b5e-47a1-4ccf-923d-420713bd7158} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 1844 15c1d00e958 gpu
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,16027753714700419368,7012521098304547257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,16027753714700419368,7012521098304547257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,16027753714700419368,7012521098304547257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.1.1142739102\1484439112" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de93df9-3669-4e6d-a346-e15fc434e491} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 2476 15c08c85058 socket
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16027753714700419368,7012521098304547257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16027753714700419368,7012521098304547257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=568 --field-trial-handle=2020,i,9578740282011221114,5387719768310515869,131072 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=2020,i,9578740282011221114,5387719768310515869,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=2020,i,9578740282011221114,5387719768310515869,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.2.862043769\1126513092" -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c988d2-4b6d-4ede-9e76-0502a605bf25} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 3280 15c1fb72b58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=2020,i,9578740282011221114,5387719768310515869,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=2020,i,9578740282011221114,5387719768310515869,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,16027753714700419368,7012521098304547257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.3.1507253657\1810300894" -childID 2 -isForBrowser -prefsHandle 3348 -prefMapHandle 3372 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44f6ac10-cbc4-4b28-b5a0-1d6ab54827a4} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 3312 15c08c74d58 tab
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4088 --field-trial-handle=2020,i,9578740282011221114,5387719768310515869,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.4.2043155987\1861657748" -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5132 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c1d3b71-9bcf-40fd-a772-f06eea6d8d87} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 5116 15c23e2bf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.5.859443893\1928061300" -childID 4 -isForBrowser -prefsHandle 5340 -prefMapHandle 5344 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7a5901e-8d6f-460b-a14a-8f324f5b155a} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 5424 15c23e2b958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3080.6.983920042\445117086" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 5220 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1276 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb8f8e5c-58fc-471a-92bc-fdfd4189d1f5} 3080 "\\.\pipe\gecko-crash-server-pipe.3080" 5112 15c23e2cb58 tab
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
Network
| Country | Destination | Domain | Proto |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 30.47.28.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 81.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 82.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| GB | 142.250.187.206:443 | youtube-ui.l.google.com | udp |
| US | 52.33.222.107:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.222.33.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| N/A | 127.0.0.1:55597 | tcp | |
| N/A | 127.0.0.1:55623 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.168.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
memory/3252-0-0x0000000000CB0000-0x00000000018A0000-memory.dmp
memory/3252-1-0x000000007EFD0000-0x000000007F3A1000-memory.dmp
memory/3252-2-0x0000000000CB0000-0x00000000018A0000-memory.dmp
memory/3252-3-0x0000000000CB0000-0x00000000018A0000-memory.dmp
memory/3252-4-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/3252-26-0x0000000000CB0000-0x00000000018A0000-memory.dmp
memory/3252-53-0x000000007EFD0000-0x000000007F3A1000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/3252-80-0x0000000000CB0000-0x00000000018A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FBKFCFBFID.exe
| MD5 | d5d3a63a0c127480a4f3c3acde73a130 |
| SHA1 | 6386347bb05c432a70895ba02cfbaec68a9067f0 |
| SHA256 | 10e426a158bdc950555167f7c4a4d25e46cd2081ea48f7bd27bb0163b50145c7 |
| SHA512 | c7bd14f45005b1ff14a5cdf6b80777f97ee901445607e09da25c1bd4123c662f72ecd122578eccaca846b455fc04510cddc9f25fed6405d915cb04ea9a239180 |
memory/2748-84-0x00000000009B0000-0x0000000000E68000-memory.dmp
memory/2748-85-0x0000000077034000-0x0000000077036000-memory.dmp
memory/2748-98-0x00000000009B0000-0x0000000000E68000-memory.dmp
memory/4732-99-0x0000000000E50000-0x0000000001308000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\4bf5db39f1.exe
| MD5 | 1353eeb92749ad19736c9e3d97959c2a |
| SHA1 | 0bfd65e336cb0a12b150e7212877cf9b5c466500 |
| SHA256 | 7378f4059b53f7da3e135c76ce4d6d6dc3af8106f510f128a77c5688f958a803 |
| SHA512 | fb1a3757833a746e811d8ac5a7b3cd486596ba8e1a6ef47efa54f8fd0be71c2719a8d136750a8a551125504072be25ee5b798fa4f1317b5dc53864ba918e8ab7 |
memory/1712-115-0x0000000000150000-0x0000000000D40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000008021\636bb2c3d4.cmd
| MD5 | c1b73be75c9a5348a3e36e9ec2993f58 |
| SHA1 | 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906 |
| SHA256 | a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0 |
| SHA512 | fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5b6ff6669a863812dff3a9e76cb311e4 |
| SHA1 | 355f7587ad1759634a95ae191b48b8dbaa2f1631 |
| SHA256 | c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906 |
| SHA512 | d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e |
\??\pipe\LOCAL\crashpad_2308_HODSKAOSZVIHYTRD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs.js
| MD5 | 6aa2bd06cd14ec84c0de504f1c869db1 |
| SHA1 | 80ca0a47fff2e2a061676b8a17786b40f44cbb5c |
| SHA256 | b326873d6143ff1e619464af8baa8a6d971b6a345c91a6d690769207014ecad8 |
| SHA512 | 42b1ef49baeffbf4e314b4386034fea2bfe35414c2fb672b72924a304b4aa0ed0b407512f50eb2cc586b41084bdd7e03e67f2621acd091839d29281494241e1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fbc957a83b42f65c351e04ce810c1c11 |
| SHA1 | 78dcdf88beec5a9c112c145f239aefb1203d55ad |
| SHA256 | 7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128 |
| SHA512 | efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f6f39919d833c17321ff3a5d1510110 |
| SHA1 | d3080ad48bc4f50954529d4bb5a53d70f269c37a |
| SHA256 | d74a34ad5c4e57812c3e8a17a139dd14293003109a74a85b7125ebb79ffce365 |
| SHA512 | 434debb103219448978906f3c71ad34d6293534a2e48217fefb728047588fcd3088192776a763d00caf403378b0e088781115a41192e0ae5dd62ba37552d9faf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | fa147538e199799d3eab45522e85fb5e |
| SHA1 | 5da35b4777431b34587d0b9b7f6c30239c5248ea |
| SHA256 | a900eebd94c7f7690bf16212e91559b7f05785c429941d2a22869fe7d85aaa54 |
| SHA512 | 99fce25f6430964de18a5623663e15e4b3b581c6c6c8dcff2cec156df1b474d98da35b72c6dbac634fce9b2ea58148a908acde42cb0629269d99255490f709af |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 4fb45c6f130856158627ac909cf83136 |
| SHA1 | bf3f1d31d39a9648971b1e4f5605fc65260f510f |
| SHA256 | 1e95360e2b44dc8721bd0546a5c761f126b7f9c608450b697e8550d3d0536041 |
| SHA512 | acd9d3b2c9c46450d86f4b4883602d870a7aac0cea8de5bdc61fdc9a61394a276e1b2a8ba04e27d4e28a5154ba41130bfc50213aa3caca588e937cf04fdf3642 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs-1.js
| MD5 | 35a7f23c3a1510a77862cf1b6172bcfc |
| SHA1 | c773423be12d3375877adab6e08d08caa21122f7 |
| SHA256 | d2b6321426f47e6e301dcf521eb4a57d1bc0c7881c4b8b0bd74206a851265d26 |
| SHA512 | 830f2b26dab4777294f1e5a85aea3e1ff1f4edd23c8805ef2611d6d06febab1f01869692b9d972b8fb2a3cf2867e69721a0ad35b9c05b24d2694acbe82c6eeb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 51c3c3d00a4a5a9d730c04c615f2639b |
| SHA1 | 3b92cce727fc1fb03e982eb611935218c821948f |
| SHA256 | cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f |
| SHA512 | 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/4732-292-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/5912-297-0x0000000000E50000-0x0000000001308000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 1c0c8433626cac08202f23a1dae54325 |
| SHA1 | 3a5700eeeacd9f9d6b17c2707f75f29308658cd3 |
| SHA256 | 7aad4c7a174a145a4f9f11506145b521631ee2cb1ca2f7617b900ba515b31cd3 |
| SHA512 | da693d1d63c9971cb80792063f0e8d3335edb67ee1dcde4040d0dc8f44398f99d9f683eaab8cf44ebf5cdb78eae6672d43fd9ed9b45a526a80a311d8c77bcc8c |
memory/5912-329-0x0000000000E50000-0x0000000001308000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 103d7813f0ccc7445b4b9a4b34fc74bf |
| SHA1 | ed862e8ebd885acde6115c340e59e50e74e3633b |
| SHA256 | 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b |
| SHA512 | 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f |
memory/1712-342-0x0000000000150000-0x0000000000D40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c480874e4a5690536b44c6e8c9141c36 |
| SHA1 | 60496eb76850e9aa5bc876e8959a17cc69453652 |
| SHA256 | 15e4416d0ccdf770a144e6a56141efa3d179fcd5b070f060c9a4f16faa621e4b |
| SHA512 | 0327b7d2f450569122c38699525ef4017a8967de53a0c505566c3a27c7336e2c33d296aed351df4c8ce524240bf9d852c4c967fc31c04fbd2fab659001f41874 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2b09df3b03c26b7be1109b3bd9ff2a1a |
| SHA1 | 94d38adc1aef96b0b4c3935533785af10ac8bfaa |
| SHA256 | 971810e72200df7eeb27ecc49594836c4781fcd2080c7a23621657477efdf796 |
| SHA512 | 9f4aedb47d818a94cdb0be14f02694c5abd6096cd0dc5f91f6929ef8c96f54136d755ec039fadf46969b294b8ced8210d4649e86804a8a7b7a093d077d6c1ece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c7800bfda844921123b9a0c37f1b675 |
| SHA1 | ee12bf37f6e77dcb03bb8677b09dcfd45bb6a190 |
| SHA256 | 6e1e42770f60856585ab2751a2e4df2dd62cbf29661381af3c41b4a70c13d25a |
| SHA512 | bcdd8a4394068b6b4f30cca28cf45ef400bbc8b0a879f8f49d646c81a8518aad79e6d4d4195f2d9c593690175b70e46b9a64f02a6478be7680021dcfe626a197 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b850d7de846895ba9cd2022ff79b5b9 |
| SHA1 | 51febea925c9bc7bfbab6305f7cf2efd53dde188 |
| SHA256 | 73db0779fd9c46c6d7f80ccba4c08d81501756934e5165ecab88b7d1c51188c1 |
| SHA512 | be5fe3ac5d7b0317cad91c9edae3a2a0ae6bd03060337b1aad4b5363d34ce521ccbeb3d849f9bb3171914705086d8b7f965d9c8cbe68a7c40caca0a6b92f9bb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8bf2d890ab7e756c2082854802fb3e8c |
| SHA1 | 3cdcb0101dc69feeff3b2a1c8525e045174dbd95 |
| SHA256 | 6490a26d130b22f91fac612d0ddd95c4f45d7a180a18a8e69eabfa494a759c13 |
| SHA512 | 18f0c7bba2b33919297e046e26d1755194b5162fe3e2a7d520edaefe261d0c7c31cd340ddcddcf7fc79c4216f776710f654aaa6b713b1caa7b9be59be560a720 |
memory/4732-380-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/4732-385-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/1712-384-0x0000000000150000-0x0000000000D40000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5203de18153541e406efe885c408add9 |
| SHA1 | 2510f1599df136eeced0b9e050ce6f1d0d5a6eb0 |
| SHA256 | 16b0fc4548ca98882564d6f82f384412892ad26bd4700ffe3c71ae5c66554a0d |
| SHA512 | 078ed1872c7278753f31a1bc697d34a9286228893690d29965d39730311ad3ef5b595ccda3a7c3bbce2e43b52c2c0dc0551b98566f90283faad102e98da7458f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 59d68955bfcc045d643122b3de3a2540 |
| SHA1 | 1fae01e1cab0cd838f3967b29dc0d295b46c41a5 |
| SHA256 | 59800f14dfede6bfe00701f2f9d9c820b37fe5c0193e79b861324951b17c5e11 |
| SHA512 | f51ac0889677952b9a8d069be233ccdca3c235d415db7b4b805d7813426598c0873bfafa17a77fa1549d849e2b30316c0bd4adc2b039b47d6c82967e4ba5dc05 |
memory/4732-413-0x0000000000E50000-0x0000000001308000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs-1.js
| MD5 | cba3b59e694fa7bd5a0130cc741234a3 |
| SHA1 | 045b144eb8000a85622cb99ac4444c1954e98143 |
| SHA256 | 62d22b217f4ea3b4bb6d01ebbe044f41bbb2d90d3a95eae1ce667837fd2fd11c |
| SHA512 | b752fd647e992758b7a97ae54c9fae51f96f52018c6f5ce379c29f7b86d9eacf468a72d8e116822515212e7167be5441a0775d9846a351a26e9db4695c7d978d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 5d5c78909dcfdc767fd394b1fab6911c |
| SHA1 | 4b508e7398d507f9e3de20888abe79e95ce104f3 |
| SHA256 | 6a7e4e9b21fbb8dc20d0cc5ec467c0a619e99d641ea8ee886c4a5ac7a4badd6b |
| SHA512 | 9f7049f2bc925650d341a38ae1aee19a0c0962de24f7cc9583ba5e60ec79597fe7832cbd1b9eaf1c79ce5080d9b14169c1d7e00dbc1779bec0f3679d82f2a5e0 |
memory/1712-576-0x0000000000150000-0x0000000000D40000-memory.dmp
memory/1712-600-0x0000000000150000-0x0000000000D40000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 558698e6200355810f01bc530f12b152 |
| SHA1 | 9ed3ae750671583845b5ec6c74ac92003b831ca5 |
| SHA256 | 960e35310d4afde3c1c1eb38763788068dcf4745075a9249595ea7f31691a8fd |
| SHA512 | d8b0bf10137d29e195aeea9d90e314d5f78302a7044e17ade94574ccc97c955182eecea898ae19e6e70c7cd30a99c789a95a7c59e8694eadccc713e8c7a117a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f65b1187483278d8664e480fe78ca69b |
| SHA1 | 74c775d2bf9e0a450f0ef90453189b2d1beaa130 |
| SHA256 | 8f28243c6014984d657d20ee6d4e35c4a8bae72c38de8f545353ad1d317b777d |
| SHA512 | 4a4dfd5388b6fe47e29fcfdb2e8cc1d83d7131cca7054a87099327673e4269626a5e3d07c54ca3c3e57219927a942d6c2f32efbb168ac196b3439d5a2cbd2756 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wzqtbj0o.default-release\prefs-1.js
| MD5 | 40654e45b32229704aa2e1f719d85d2a |
| SHA1 | 1417491a78d2698a323926e4540dfc9727cc29f5 |
| SHA256 | 7c47a1ac34e537c019ee1cfbe3efa58eb1bc8c213558d663ef26c576fafc6499 |
| SHA512 | 466ada07de045e49cfeffc863c18ece2412cb36003595dd8fab68b4cf5cfd51635c2699080cf3d1ca021b89a024c67059ab7c69b0eeb03ff513a6145c54c99a8 |
memory/4732-1179-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/4732-2394-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/4732-2398-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/4732-2416-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/6252-2418-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/6252-2419-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/4732-2438-0x0000000000E50000-0x0000000001308000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 376df325a2c415cd727cd26726f54ec0 |
| SHA1 | 66ee3e0aee6878d728456b06fba4142f97b9254e |
| SHA256 | 283f427909edb53715c166e07d562599ae81ad78053849a2a0a9effd65b48f88 |
| SHA512 | eeee76452933ce3874ad9e14f45c1b689f2c5deeba3be6cca2ea9940ac1ede0997a27b44f2f7eccf247bc398afdc0ab7f8f90f8a518301a2de4d2974e6829939 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d11ff951f0a0c2d5e2404b5e9ebb56a3 |
| SHA1 | 98e51769651ea9a3882fc55c65902b1e70556c9d |
| SHA256 | a1c8d8717c7685248312e296bd51da5287b537a40390b6669d277304d9fccd1f |
| SHA512 | 95ffd1cd06b26f600c4ae44eac3ae46a9d19f955d398ba3cf4bd353db61c01efbf0526b226453f91df3a25ff490f8cf66b514fcf658970b0e1cc167487264b6a |
memory/4732-2449-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/4732-2450-0x0000000000E50000-0x0000000001308000-memory.dmp
memory/4732-2451-0x0000000000E50000-0x0000000001308000-memory.dmp