Analysis Overview
SHA256
2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437
Threat Level: Known bad
The file 2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437 was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks BIOS information in registry
Loads dropped DLL
Reads data files stored by FTP clients
Identifies Wine through registry keys
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-09 05:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-09 05:38
Reported
2024-07-09 05:40
Platform
win10v2004-20240704-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe
"C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\4f925734ad.cmd" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe8,0x114,0x7fff7b01ab58,0x7fff7b01ab68,0x7fff7b01ab78
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff7aec46f8,0x7fff7aec4708,0x7fff7aec4718
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.0.142728596\147109042" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1728 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3ceafd5-4e96-4ee2-927a-d943507c4944} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 1820 118ddd0a658 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.1.997945239\1320466816" -parentBuildID 20230214051806 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3525aae-34fc-437a-ac81-e50541ba99fd} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 2456 118d0f85358 socket
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=2348,i,16204669358297779931,17005291241990697410,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=2348,i,16204669358297779931,17005291241990697410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1964 --field-trial-handle=2348,i,16204669358297779931,17005291241990697410,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1460,17021345796155731442,17552426700676684093,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1460,17021345796155731442,17552426700676684093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1460,17021345796155731442,17552426700676684093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=2348,i,16204669358297779931,17005291241990697410,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,17021345796155731442,17552426700676684093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,17021345796155731442,17552426700676684093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3328 --field-trial-handle=2348,i,16204669358297779931,17005291241990697410,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.2.2053606330\589560398" -childID 1 -isForBrowser -prefsHandle 3316 -prefMapHandle 3312 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f351147b-dcba-4bf0-b2bc-a6a08d2deb99} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 3328 118e0b52658 tab
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.3.1188727214\440781790" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ceb93061-f743-40a7-958d-beb54014042b} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 3660 118e2ae3658 tab
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,17021345796155731442,17552426700676684093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4140 --field-trial-handle=2348,i,16204669358297779931,17005291241990697410,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.4.1981633515\556236337" -childID 3 -isForBrowser -prefsHandle 5108 -prefMapHandle 5132 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df4509d5-9aa7-4c86-b0f6-b35a85bd1d92} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 5140 118e484ec58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.5.1178938948\205963948" -childID 4 -isForBrowser -prefsHandle 5368 -prefMapHandle 5364 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16d33b3e-7088-4b96-99d7-d6887596a9a7} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 5376 118e484e958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1884.6.813325291\315920519" -childID 5 -isForBrowser -prefsHandle 5520 -prefMapHandle 5524 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76006b91-1243-4312-8f44-1043a6a4b0af} 1884 "\\.\pipe\gecko-crash-server-pipe.1884" 5504 118e484ef58 tab
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\DAEGIDHDHI.exe"
C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe
"C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3832 --field-trial-handle=2348,i,16204669358297779931,17005291241990697410,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1460,17021345796155731442,17552426700676684093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 82.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.77.91.77.in-addr.arpa | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| US | 8.8.8.8:53 | 30.47.28.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 142.250.179.238:443 | youtube-ui.l.google.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 44.238.192.228:443 | shavar.services.mozilla.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.192.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| N/A | 127.0.0.1:60788 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:60813 | tcp | |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.168.125.74.in-addr.arpa | udp |
| GB | 74.125.168.199:443 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 142.250.113.94:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.113.250.142.in-addr.arpa | udp |
| US | 142.250.113.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |
Files
memory/4276-0-0x0000000001000000-0x00000000014C1000-memory.dmp
memory/4276-1-0x0000000077304000-0x0000000077306000-memory.dmp
memory/4276-2-0x0000000001001000-0x000000000102F000-memory.dmp
memory/4276-3-0x0000000001000000-0x00000000014C1000-memory.dmp
memory/4276-4-0x0000000001000000-0x00000000014C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
| MD5 | 8daf94b97ec9ab1d0cf61f9ef429808a |
| SHA1 | 4e1a9a1813908a0c794eafb71779fb60b8418836 |
| SHA256 | 2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437 |
| SHA512 | 87447bd5188c56e67f98d0e6299bd3e4b486d8632f227b72bca9865985ac6a485253474eec0d9ff5fc15f142b4244059d0b79fc608373a104eb78490a0cdac48 |
memory/4276-18-0x0000000001000000-0x00000000014C1000-memory.dmp
memory/2324-16-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-19-0x0000000000391000-0x00000000003BF000-memory.dmp
memory/2324-20-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-21-0x0000000000390000-0x0000000000851000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\b53af288d4.exe
| MD5 | d342b0b1abfb52f8238f15947684c901 |
| SHA1 | 822148d3b2b2663c25b865a1f98516095c5e01b0 |
| SHA256 | c11e7133c481e34c3ac90d33416e85490b4e4b3b2af782fae22138298bb0e404 |
| SHA512 | e6558c4cc35d8b1784602695a7febec0aef5c9b6fba90fe4a90a8da27592678da6f61655770f35fc425c3de1d970576117982cffb12a9f9d1942daf7b32e4f75 |
memory/3372-37-0x0000000000250000-0x0000000000E38000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000008021\4f925734ad.cmd
| MD5 | c1b73be75c9a5348a3e36e9ec2993f58 |
| SHA1 | 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906 |
| SHA256 | a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0 |
| SHA512 | fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f060e9a30a0dde4f5e3e80ae94cc7e8e |
| SHA1 | 3c0cc8c3a62c00d7210bb2c8f3748aec89009d17 |
| SHA256 | c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79 |
| SHA512 | af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6 |
\??\pipe\crashpad_4988_WUAUSQPYRPHHEMUA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a27d8876d0de41d0d8ddfdc4f6fd4b15 |
| SHA1 | 11f126f8b8bb7b63217f3525c20080f9e969eff3 |
| SHA256 | d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe |
| SHA512 | 8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3ac22235a45243432858de0569bee18 |
| SHA1 | a57c8abdd9f30c372e7e912d0a10358f32f99f20 |
| SHA256 | 8361b53a4a24351870e202aaea27a3730d49ed3d88f62858c616cc7c2aea6430 |
| SHA512 | e35dee56ce1d5116aac72daf0a8cf3af2d339ba936cf5a8d50c2372c0cf05f482d7af4e5a81de36fb515aa27e3f3c376570a37a712a890b9c8c25f0606404e0a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | f4bd97acd9399d1dddbbaee8fc4df094 |
| SHA1 | bd2228244a41686b8d8d8701b9bc44766c26e175 |
| SHA256 | 079983db8a51429250c60d389378dddde038bda12a33bd3e3d377804f6130057 |
| SHA512 | 3f579319ca91ef218ce9f9068855cf99736060b05be0932007ac6aa66c7720757fc486107c2a4e05f043568883ad3e2dad0062a050575b42fea3c8a23ca4378c |
memory/3372-113-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs.js
| MD5 | 4f22047ab79aac224980422b74afd18b |
| SHA1 | 22fbc65d775d4aed52b3b03698486bb368b2bf75 |
| SHA256 | c7f90fdc6064c77e7fe9e4f9b5a468639473043be532dbe3e4931376d1c9896d |
| SHA512 | c1247701aecf66a0bac347a46da8b3ec821ded0b807ea4d6dd96a2aa592ec927a82ead5b9ce06e3ce3d453a55764f669701dd7fa69a021c2255eb0a95d7fa587 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js
| MD5 | d4d8e90d55466222cde0615bafa0e307 |
| SHA1 | 1ae42aebaa7d297da9010c8f5c838e167059798d |
| SHA256 | 055d610b4329176a054b700dff10c3e9b9c4f03a61c81cb78a8d37e3bf9ddde9 |
| SHA512 | 4e947ddc2410e789dae73456f30eeb487e42f514fa459bac0e3210947893f62bb79b0324803937aff58112892fd6bf6538ac7ff7d036f26c3374b91fbe1c7fa1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 51c3c3d00a4a5a9d730c04c615f2639b |
| SHA1 | 3b92cce727fc1fb03e982eb611935218c821948f |
| SHA256 | cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f |
| SHA512 | 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542 |
memory/2324-248-0x0000000000390000-0x0000000000851000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 1c0c8433626cac08202f23a1dae54325 |
| SHA1 | 3a5700eeeacd9f9d6b17c2707f75f29308658cd3 |
| SHA256 | 7aad4c7a174a145a4f9f11506145b521631ee2cb1ca2f7617b900ba515b31cd3 |
| SHA512 | da693d1d63c9971cb80792063f0e8d3335edb67ee1dcde4040d0dc8f44398f99d9f683eaab8cf44ebf5cdb78eae6672d43fd9ed9b45a526a80a311d8c77bcc8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 103d7813f0ccc7445b4b9a4b34fc74bf |
| SHA1 | ed862e8ebd885acde6115c340e59e50e74e3633b |
| SHA256 | 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b |
| SHA512 | 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f |
memory/3372-283-0x0000000000250000-0x0000000000E38000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 08e989868937995960055c1e7be46659 |
| SHA1 | b66f053526d852b75a7f3a07066a1f55d1112563 |
| SHA256 | 1de9564c7668ce747c016a821d9adea672159c4898d590f2a1330c6d59bd4d23 |
| SHA512 | 7b30cb91fea3334eb141b378178ad14a4ae16e8129f3e38814404e44224d60dc424be5c76bc3aae3be1d5ba7886a88729a5bc7e60261d4b2ad966049d4197059 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 428e9b7edabae91d215a8f9c00c7204f |
| SHA1 | eab41affe8becca375ee8a64c3c2b680d664bd1f |
| SHA256 | e286ff245e5fb4bb93ab80f33d04de696be063899e58f839e2a79706b8db8245 |
| SHA512 | a06d25b61af0e556d1ccdc6fbd2d784e739a778bcbc4c4ffcc3f2658f67914bd6addd3ef3cc746546abb1858fefe000c93c1a3f9bef1dc788240082988a24226 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 07843f72ea507c5a3b7190165990491e |
| SHA1 | 5125088ccf959ad9bcd7fcf62d67612bf454204f |
| SHA256 | f51fec0f3f2cb2db5820c575bca8513ee18d2e53832a73cd8051c16b8d1a46b6 |
| SHA512 | 1c9be3c7fc743c7b0ec1922643514e2355798c1c5487442677d401abfc975508f4e21977ac85f5dfefd5870cb2dc4b3b35e5708a5ec93c4cbadfbcaaf3914f65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3da3fd6f7b403fe9d28e65de1a12ebf0 |
| SHA1 | 7060a03e8ca1f1e972e4879b4148f4e21fd7e3ad |
| SHA256 | e08d33d306aa7efdbc52cbe89a1e8fed6e1351a208c51b5a05edc8436b81f7f5 |
| SHA512 | 224f05f6f72836d9612a3bc33c92ccbc4346bf46abc7cb01d8cba282b6e99db6679d340b7c15acd9c6a61377eae873ee4a2098630f36a44dc72fb486378abba0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae4cbe1406df737de81232b5a9a4e44c |
| SHA1 | 70ba8158527273787d23b82444ea4156bdfc1c61 |
| SHA256 | 7fadaf48dcf9d0a486cfdd344809b2138244e6f3b773d9377081241e05e31701 |
| SHA512 | 054cca8ce2c7fe3b99ea43dcd9423e39c47e2aaec161070e315cde0b3b04f39645498d8b16450c3bd4e74138563002d5eabacddbbea97dfa8b89ef4bc48ddaed |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\cookies.sqlite-wal
| MD5 | 2f4ad54470928c909b107c951b2cc98c |
| SHA1 | 0bb834609556215b9620abfb404307393913591e |
| SHA256 | 8a610319ba650ee42ff9675be7277cbd824afcb5c41d8258e2771495a39d2ccf |
| SHA512 | 6029e46f3077e1f993faf950ba7e9eb734033a5506046a6c4c91d455997d25c2e3d0eca675333ee589132401b7cdc2779c23c150ac58e9ee1be81855f116bcf9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\places.sqlite-wal
| MD5 | 375d4882bd88d6497249d6ffa19c4eb0 |
| SHA1 | e62a0217319325520b4a9567d323625f8ad78aca |
| SHA256 | 77c24b62726be35a77ba6d9de877b9ee232ea2d2d51033237ef96fb08e665b47 |
| SHA512 | a82e4652aedac3d7de91175fd2e071903bc79d71935d4a2062eb3d054d38d4dc6410833ad22c04bc593fbc92063627726d316710eb5b5792ec2f091e602143c5 |
memory/2324-351-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-352-0x0000000000390000-0x0000000000851000-memory.dmp
memory/3372-356-0x0000000000250000-0x0000000000E38000-memory.dmp
memory/6868-360-0x0000000000E30000-0x00000000012F1000-memory.dmp
memory/6868-361-0x0000000000E30000-0x00000000012F1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1191bc7c333769531689b356d2d68ef9 |
| SHA1 | edd734836a0b55c13aa8968606bb761aa0d63ac5 |
| SHA256 | 6fe565eaca41e058a31202c14c7aa5d81b60b220371eb04d88a2441a120b32b6 |
| SHA512 | a33eabbfb92392ae9f5b9af30e78f71b636a25aca19f0573543b3af232d4d96d2038eb1261c4ff5fddf44f830af803b175e588f7b1396374174d5ce0ade357ab |
memory/2324-367-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-369-0x0000000000390000-0x0000000000851000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f0ca3431b385f1cd5fe81f292f1324b5 |
| SHA1 | 040b8c5e662573d576d6aab7be860cae49ea9827 |
| SHA256 | 59d3ae818a9bfa22cb106ae7ca3ecc7701ed85bc80fd619b2fe1506206603dbb |
| SHA512 | 1eb2cc6266c4dd1f1d051e44fe5ae4a9ff7e6177935d32a0869a464e054b492dc1c2eee8954c51bfb23c600a0a70ce33647a7ed3671ec8bff04ddda9065422a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 27bf7297acb32c22b7b0160e8774bde6 |
| SHA1 | 6547d71fe1f199725d857bed128337b4d78bc5fe |
| SHA256 | 2e4e07e908c84fb0ffadf162ee7a4a605986bc4d32d83e0d7ca99b72135b014b |
| SHA512 | 22282888d0529068c6ad16bb6f62598e7c57ac7b4923802c9c805108533981dfe1d4d6f0478c70f128e150d0d2930d59cf75a435f26b5a7aa375a3bdb1d7fcb5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js
| MD5 | 536af81134e0e6798143a64ddf132692 |
| SHA1 | 7d65a4b6a578ec279bdd1032c3900b231a08c483 |
| SHA256 | 16285f1b77d27eecf6aef24f1b49b2706f09b01cc367d51c1356d8982e11229c |
| SHA512 | 69563d52030088e68ad10ed75e4597eb4bf146db2590b9e609bf128175f232ba043d71d98224e857b8df1e2a72ad7733e1a18811e5e87e8d452522e3096ecd0b |
memory/2324-396-0x0000000000390000-0x0000000000851000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\caju9pwo.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | ef9e9b24be69597fa5b051fd8358d3cc |
| SHA1 | b46ff8f6cef0573d8769b3d129ded2f5e803f3f3 |
| SHA256 | 77c3cd086c41d0b34d0244834463ffdd9004e0e6f5ce31b31504a5e632011d8d |
| SHA512 | 7eca5e63513de60bbad26106067138286457f21cf0ae3c97c2aef9914873be47e061da380554bf8c24421feced68fb3a700ab8b896872c136b8b49f623ad5146 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\prefs-1.js
| MD5 | 66b4a5a863b30ee6750b2a9a85dda8b2 |
| SHA1 | 0df4b7722112b31410121ac68343fe7d3d502843 |
| SHA256 | d6aded97d71724f7dfcc021a4fbfa01842ad76018d310db1730edfa26754e135 |
| SHA512 | ca26d722116aa3eb3e0b1ef04bcedbe3bbc2b684e1610d909a9184fe86262155fa6f1e6a0238d8ae9b808a5fc565250ff53ff9b3661f564dd6226ef5db42e8fc |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\caju9pwo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
memory/6576-701-0x0000000000390000-0x0000000000851000-memory.dmp
memory/6576-841-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-982-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-2181-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-2424-0x0000000000390000-0x0000000000851000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9b493ccc7149534642051c5de9f1b717 |
| SHA1 | b2e4887dc5552a1fc44d2864c2ebec346b388bb5 |
| SHA256 | 620efaed5cf4be4ca8a4cc6fba0baf19039f1e88eadd2c9186f1188e6b95814c |
| SHA512 | 587be3fef9c38bafd94e3f67db1be87b035a90523befafda8d3370a249e281dc45aa3ca7c852e9ba9bfa3e9f4d4c314898e3f0237502ef7f87e5caec96595194 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c63a4483e1b17445170deb33ed2b5288 |
| SHA1 | cce2b49141af5b6e8171bb0c1356a27c55ad5c63 |
| SHA256 | acdb41567d09efcf248e6abe24b13bd9dff1e4aa9d14402a9b3650ffa3f3e7c6 |
| SHA512 | 3fc6253b785e7eb93c496a256c6eb46964d16721844062fcdd3c9710ba8d3c13d536e3858241c982c1b275bc191b1307ceadbccaf5a329f1c526397378bb2a9f |
memory/2324-2457-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-2458-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-2459-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2124-2461-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2124-2462-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-2463-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-2464-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-2477-0x0000000000390000-0x0000000000851000-memory.dmp
memory/2324-2478-0x0000000000390000-0x0000000000851000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-09 05:38
Reported
2024-07-09 05:40
Platform
win11-20240704-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\IDAKJKEHDB.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\IDAKJKEHDB.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\IDAKJKEHDB.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDAKJKEHDB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1300643590-245460719-3687711119-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1300643590-245460719-3687711119-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1300643590-245460719-3687711119-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\IDAKJKEHDB.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1300643590-245460719-3687711119-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1300643590-245460719-3687711119-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1300643590-245460719-3687711119-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDAKJKEHDB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1300643590-245460719-3687711119-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe
"C:\Users\Admin\AppData\Local\Temp\2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1000008021\a946bae8fa.cmd" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0x84,0x118,0x7ff83498ab58,0x7ff83498ab68,0x7ff83498ab78
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff82d213cb8,0x7ff82d213cc8,0x7ff82d213cd8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.0.1124890138\1227146181" -parentBuildID 20230214051806 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {423e9430-6492-4bba-8346-19415e67b6be} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 1860 228d0d0c558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.1.69674284\2126213883" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddaa228b-756c-4bff-a6f6-a50f9495b031} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 2436 228c3f87558 socket
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=2328,i,2199579226663915343,15488510068085636221,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=2328,i,2199579226663915343,15488510068085636221,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1900 --field-trial-handle=2328,i,2199579226663915343,15488510068085636221,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=2328,i,2199579226663915343,15488510068085636221,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=2328,i,2199579226663915343,15488510068085636221,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.2.2043437312\562031320" -childID 1 -isForBrowser -prefsHandle 3480 -prefMapHandle 3476 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1036 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bb59ac9-5b59-4b72-8f22-418b68701eb6} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 3492 228d3895258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.3.1689416761\1888601120" -childID 2 -isForBrowser -prefsHandle 3404 -prefMapHandle 3420 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1036 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a987882-ed64-4d8e-82b8-b3904ad0aa32} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 3208 228d57ce458 tab
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.4.1107744767\731558254" -childID 3 -isForBrowser -prefsHandle 5164 -prefMapHandle 5100 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1036 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be075a47-f53e-4e71-ba5a-d13ea3dbe6a2} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 5140 228c3f7dd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.5.572263598\2095941108" -childID 4 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1036 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c153452-70cd-4247-9726-39c55885882c} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 5304 228d6e5f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.6.43784931\181234597" -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1036 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39023bba-a4ae-416f-a02a-97eab8e15c7c} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 5500 228d70f7258 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4052 --field-trial-handle=2328,i,2199579226663915343,15488510068085636221,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IDAKJKEHDB.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe"
C:\Users\Admin\AppData\Local\Temp\IDAKJKEHDB.exe
"C:\Users\Admin\AppData\Local\Temp\IDAKJKEHDB.exe"
C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe
"C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,588872689435923193,3593534706213107383,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5620 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3960 --field-trial-handle=2328,i,2199579226663915343,15488510068085636221,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 82.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.77.91.77.in-addr.arpa | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| GB | 142.250.179.238:443 | youtube-ui.l.google.com | tcp |
| US | 52.33.222.107:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| GB | 172.217.169.14:443 | youtube-ui.l.google.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.179.238:443 | youtube-ui.l.google.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 44.242.121.21:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.242.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| N/A | 127.0.0.1:49789 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| N/A | 127.0.0.1:49807 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
Files
memory/2476-0-0x0000000000720000-0x0000000000BE1000-memory.dmp
memory/2476-1-0x00000000770C6000-0x00000000770C8000-memory.dmp
memory/2476-3-0x0000000000720000-0x0000000000BE1000-memory.dmp
memory/2476-2-0x0000000000721000-0x000000000074F000-memory.dmp
memory/2476-5-0x0000000000720000-0x0000000000BE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
| MD5 | 8daf94b97ec9ab1d0cf61f9ef429808a |
| SHA1 | 4e1a9a1813908a0c794eafb71779fb60b8418836 |
| SHA256 | 2f5a6e5ac6b5c85737a2b0572f346bc0908d8d5404096a90aa02c165dbfcd437 |
| SHA512 | 87447bd5188c56e67f98d0e6299bd3e4b486d8632f227b72bca9865985ac6a485253474eec0d9ff5fc15f142b4244059d0b79fc608373a104eb78490a0cdac48 |
memory/2476-17-0x0000000000720000-0x0000000000BE1000-memory.dmp
memory/2876-18-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-19-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-20-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-21-0x0000000000680000-0x0000000000B41000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\78373aece0.exe
| MD5 | d342b0b1abfb52f8238f15947684c901 |
| SHA1 | 822148d3b2b2663c25b865a1f98516095c5e01b0 |
| SHA256 | c11e7133c481e34c3ac90d33416e85490b4e4b3b2af782fae22138298bb0e404 |
| SHA512 | e6558c4cc35d8b1784602695a7febec0aef5c9b6fba90fe4a90a8da27592678da6f61655770f35fc425c3de1d970576117982cffb12a9f9d1942daf7b32e4f75 |
memory/1712-37-0x00000000001C0000-0x0000000000DA8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000008021\a946bae8fa.cmd
| MD5 | c1b73be75c9a5348a3e36e9ec2993f58 |
| SHA1 | 84b8badeca9fa527ae6b79f3e5920e9fd0fbd906 |
| SHA256 | a75e65563e853c9fb8863bcf7c2103ec23893f31a42b9332042ea3f5f2d40ea0 |
| SHA512 | fe6d1df55358ba710c25e0e6b189beca8ce991d65a0fcecefdecacd2b96e0802ea549157c1449d2853f0ab37b8e865ec70e51772d2deefe8238d7581c81bc4a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f9e5616c068d89c288975cccf486ba9 |
| SHA1 | 049ff88576a2a7c47740819b750a2f8edfa0d0b7 |
| SHA256 | 680a4ebe591a39c80dc406530a6e51aa0bdee8ab91b8d326f90616435b595e26 |
| SHA512 | 98147f31a4d6372e73970295464c8943709632e78b15f581436f30d63f9cbdcbaaf9c80e2cce366f95709f52c7bb2283770de686dac7d1c0b7e2cb704b7a0383 |
\??\pipe\LOCAL\crashpad_3032_ECSFYVKDWTSBBVKF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4af3ab7cb0460a8ca1bc42c663f441ea |
| SHA1 | 47603056b2829b869fbab04884da29544077fc3e |
| SHA256 | e4c2390de67f4be3f7a84f4ef879a25c15c68c62a226ab9c9007c03597184369 |
| SHA512 | 9c4cb6eee3f90f4cf46c0544d371cbe3b93a092f0057963e54bdbc6c6e584564aa4e3e8cc0085360ac7661a18c929c37cdabaa35035d925fc23446dba609323a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68ed434310a6955a04f8217713af0d8b |
| SHA1 | 444f49c4cf82699f3abb2a50d6a068b6c291a8a7 |
| SHA256 | 07f2850a66b4855feda784321468de7319d95a847941db5bb9c7ff6303e1d992 |
| SHA512 | 4bcb41ed53117c38068d0dfdaeb235518a939a8993ca7f3e106b4c85f6a30ea428d8341bc0cb666db99aa68bc2c058fae172de64417d024f23d69a19b5f49675 |
memory/1712-81-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rz0s9619.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 816ae2fb31dd2bd28b074ff8c0102025 |
| SHA1 | 51c5c619d3c68919ade11803f94ace88d2a9cfba |
| SHA256 | 9e0c30b7369007efa592c95989bc1ec876b9668a3fa413e8952d08e70776085e |
| SHA512 | 6e4722395904c4a1512a1ea96e3b7b73c7a2993d9274d05e3ac1c6345db116a533b8928f3b033431c7724533d5337ae6d5a8354de6bc6d24e020913991ca6b91 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rz0s9619.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 6e5d8a4fc1394142a5f4066b07b10e93 |
| SHA1 | c900ba686f3fbeb07df5e7ba329ec6fa60e37050 |
| SHA256 | 7e3a87385dfafd0763a015d3397044099e8db5f418504a0040e1f56840d3f1b1 |
| SHA512 | de8e8b50c66ff8c230f0724e23267c7474107942c6e5d524f94bed74cd8e5c918ad0dadf5b9c7d6b056d6b835ed1b8e6def9509ed4a14ce9b0d9ede0106836ad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\prefs.js
| MD5 | e43798e151a04ed3a0dabbd4ec874e0c |
| SHA1 | 7de0679c1c688128990ce454f75ea65b6d8f09cf |
| SHA256 | a75a7d47e413095538c34c41d56e0328ce2299491f69d2423b2e27fe3e328828 |
| SHA512 | 0e99f03126492448db256032426332ff4df352497b0a5bc443ebd240fe32a7007d94014dc6d6415e7490c4f7173b203319883f7a199458d1e4f11c9d57a7a05b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\prefs-1.js
| MD5 | 095d13d2005c494126e5ccd7644913da |
| SHA1 | 8a5bd76d5ba3ad469a2e1efb81501aa002f11dd7 |
| SHA256 | 8838ae75d9f864c942d854390d372f0a7cfa57e2dae6c61f536a0b4cabc03eca |
| SHA512 | ec294990f854c2c0b6bf7b27a3f80fb7f85fa8e994e80547fa2af94207b5b32accb44e44150cc6af368587d5651311e24effd7f894d79a247c1fa659f78b6901 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 51c3c3d00a4a5a9d730c04c615f2639b |
| SHA1 | 3b92cce727fc1fb03e982eb611935218c821948f |
| SHA256 | cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f |
| SHA512 | 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 103d7813f0ccc7445b4b9a4b34fc74bf |
| SHA1 | ed862e8ebd885acde6115c340e59e50e74e3633b |
| SHA256 | 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b |
| SHA512 | 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\cookies.sqlite-wal
| MD5 | 8c6935e87da511e3ce9e558dcb96c864 |
| SHA1 | bb56f63e54e0a3ac846b6357fe506dd21b3c6532 |
| SHA256 | ff1a8dbc2a33360cb7927cd6878b582bf82a4f8db0df8caf81b2e647be2232d8 |
| SHA512 | 17ef09eea0a54d485f590e06e269df7e5f5cd3a0f5b9e06817cae45ebdcdfb58d122882fa624f252126dc3e68efb595debf2c3cc9c8477b64ea33e82b22dff71 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\places.sqlite-wal
| MD5 | d89eaf4ebc18e6b14bf8781d4f01aae8 |
| SHA1 | 22cc55b1ec45cde28e8c4a842674aa9457582938 |
| SHA256 | 4069d870535590fc613542a6182cae7bd2509f9581e9536d1467f1481085b0e7 |
| SHA512 | 97408edc051c9500e5ba510d4d725a9d81a09691f8da23e7b67defb0cf1d266341d9497f343ed0725a06f8c24127750ee6e30946d61d41c54006b41a1deb4c9d |
memory/2876-307-0x0000000000680000-0x0000000000B41000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/1712-324-0x00000000001C0000-0x0000000000DA8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a87f2f4c62a7ec657bd3748f647eafc5 |
| SHA1 | 1a6a4b37c75ed1d0e2990dda7eedf6ece4427e2a |
| SHA256 | fc10ee1d9967333930e44c7510332ade6bd83fa859320674c60d47fdbd8f81f1 |
| SHA512 | b8b11ce701c22f623c740d9d248981f408e7457ecf9cade8df3d6fe0f3d150437dc85c538a7d147d92a21b3b708f341b384bd17b12e6f9d448a03ec0b65bc746 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c431ab7e6030d01f7584a3d5d58be19e |
| SHA1 | 0a08ccb7ff4304b250b97ac656df55d1ce3476a4 |
| SHA256 | 9587ff0864b11e3cd6578d5cf69f78d4e1bf7d4c898328af5437635467d6e217 |
| SHA512 | d6212d9764409e18766d8b0c6927f7e8a2eb32c1e5f6cca7f9c9af7d0f92b97c5e0152bf7e266c86491c9efc52fcc7845eaf97195fb540565f2628fb25ac1fef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | afe9015aa6b4bbd1fcbc1366af0c3bca |
| SHA1 | 03b686fc51770e755ac8b9eb20cf53d90e820eff |
| SHA256 | 0673ea56721daf46359caf9c0056a32ccd1095ced4dcd518aaa2ce98b23ea89e |
| SHA512 | ca51461a316d1ef8dc3db83205c5994ef40768a332c59d63f0bf85f03074acb8c366855d9a00b24e24eed1dc772b0ef6023be893aaa8a51fc2a3c7e0cc3533b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 988115b5c33b33df01629af4d608d3f0 |
| SHA1 | 1028a1b5194ea7f2d2f00c9ed1ffdf2172906496 |
| SHA256 | 3d33aedb885129e1b962ebc3c7d88e0658b298e36382472b4b4b24544e12972f |
| SHA512 | 23f1ff349cd05fd0d16c049ee6823085cf6be50b24141490a507415326684d50252672a689515ab1f8009a3c4a67745b3a6cc0a0a6c4476799c6f5256f5d8344 |
memory/6748-359-0x0000000000FF0000-0x00000000014B1000-memory.dmp
memory/1712-357-0x00000000001C0000-0x0000000000DA8000-memory.dmp
memory/6828-363-0x0000000000560000-0x0000000000A21000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e2286a2095e281390a8145698b063710 |
| SHA1 | ca987882214718639eed9141b1b09059a810bbae |
| SHA256 | 5c1d94ae0fd58a7c944a971ff5b7121c4671f11086f7c846225691af0ecae71e |
| SHA512 | 3335f303d34d6e78d825ab8745e620a3f8f2af79f8b570fa0a6a992a253be07ae0d3f3df7a052f0ab8eb55048caf99d7e6ce129a94cb6bb887ce33a13f5fb122 |
memory/6748-378-0x0000000000FF0000-0x00000000014B1000-memory.dmp
memory/6828-380-0x0000000000560000-0x0000000000A21000-memory.dmp
memory/2876-381-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-388-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-389-0x0000000000680000-0x0000000000B41000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9c9a8a733b3101ddf92ac3786628411b |
| SHA1 | 1d7ee64c769655d25233c37aa8260512771880e5 |
| SHA256 | d1f9300d76f4210f7b79803537583b5e0ddee5855f45e7d7ac495a254356b58d |
| SHA512 | 00bcb7b89f32520966334ed45c6265ae7bc2082ee3ba78bfecedf66c8e3cac9c3b8206610227fff105b64b5bfe625cda201fac37c267ac8c76df3a8c0204ad15 |
memory/2876-395-0x0000000000680000-0x0000000000B41000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df4ab3de89c5b4f6445629adc79fff95 |
| SHA1 | 8e7d91edf582fd63834d97e94426a0a3cf2dde9a |
| SHA256 | e704a047716fca1c1327d35bd3b835e98d20876f1dc299c81e365a446835b310 |
| SHA512 | 9954636a36b2465ce7b9fd6db14d4af193a990d8ff72310e2386ae2d5a7e66a5d686ea1ca5159a105249a61a7de543c4a54d4d28d05739f4a1c8b4ed06ce5d88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15e41c15256b9ca625a4d54306228979 |
| SHA1 | 60dc8ddf4a27d2bb6aa426a3b93de2218150ad61 |
| SHA256 | 6a74beca76a6a2136158e9dff6c0e7f9ff4fbf74224bcd56bc94bd2bdbaa6686 |
| SHA512 | cc93dcae413e82514ad9b4281a52dde8a0b6135038a7b3c78628cc225c2047c15efd3e1f27ca56f6d051125ca0dddf66c95f3066a499a66bc97080e7488331e0 |
memory/2876-406-0x0000000000680000-0x0000000000B41000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rz0s9619.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 9a10d369d20e76f5a54b6959c0f69140 |
| SHA1 | ef58bb4dcf84d084a54400a2a5dcbb6981419abe |
| SHA256 | f9036f78f87df49897d75581883e611943ce75c61aa0e9422837da97d907803d |
| SHA512 | 240b0a5e2e9a543c6ebc9bb3ae959031364754facca7ffb96f012ca663537ffe6bbf71b363c6dc747262d9fbfe8ea63439b6cbc1bf711846bba40497033a78a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\prefs-1.js
| MD5 | bc461790ba78aac8b8a75d5341f65449 |
| SHA1 | 100e2f6474d549349ccdca7e92d00577c56ca11a |
| SHA256 | 32aec831d1019cf5a2869ec018841ea9792b25deaf5fc77d323a86bf969d0adb |
| SHA512 | 48047452272a8e14ae0a1ba40639b45d5018f8e056ce9690bd19a21aecd87e35805829c64506fe682224f57e23765c78da70430e122e69bdc64bdce8ecbf6745 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rz0s9619.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
memory/2876-642-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-2063-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/7140-2124-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/7140-2301-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-2434-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-2460-0x0000000000680000-0x0000000000B41000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 50882fd94cffec9341d356ddb7f45f27 |
| SHA1 | 16f01579ea75b6eeb6c5250c8067452a649e66ef |
| SHA256 | 221c7e6f3db63e8116e457020c326e3084a89b864b1d5a9006c93d0718dd018f |
| SHA512 | 6949fcc884f34eef7e180d21e19a02a57ae489653650db3c04eaf3dc4cc16cef7fd52d281f0ea1671b7af17d3f356f5a6b4f4f18e17b3a66ccf9ebffb62f89b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c47d4f0559e741d9e857db95fef0d2a5 |
| SHA1 | 7ef5d5d55eb7f31549294411047ff1c3ff42d968 |
| SHA256 | 3a427c5a8bff05571cc76f893a971761c43b788d2bb8490b7ec8ef455a2f8cb5 |
| SHA512 | ebf53fb1f2947cde7be75a91322a70914def854a6a5059d881c771ede3c5a45084d7c06a7662e194420b00da279aaa0d83d4ac42f93bb7049c1896bce25c3fce |
memory/2876-2498-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-2499-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-2500-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-2501-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/6840-2503-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/6840-2504-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-2505-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-2518-0x0000000000680000-0x0000000000B41000-memory.dmp
memory/2876-2521-0x0000000000680000-0x0000000000B41000-memory.dmp