Analysis Overview
SHA256
f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e
Threat Level: Known bad
The file f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks BIOS information in registry
Loads dropped DLL
Reads data files stored by FTP clients
Checks computer location settings
Executes dropped EXE
Identifies Wine through registry keys
Reads user/profile data of web browsers
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-09 14:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-09 14:13
Reported
2024-07-09 14:16
Platform
win10v2004-20240704-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\AECAECFCAA.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\AECAECFCAA.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\AECAECFCAA.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1000010001\0e0f587120.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000010001\0e0f587120.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AECAECFCAA.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\AECAECFCAA.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AECAECFCAA.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe
"C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe"
C:\Users\Admin\AppData\Local\Temp\1000010001\0e0f587120.exe
"C:\Users\Admin\AppData\Local\Temp\1000010001\0e0f587120.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C3DC.tmp\C3DD.tmp\C3DE.bat C:\Users\Admin\AppData\Local\Temp\1000010001\0e0f587120.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffcfd8dab58,0x7ffcfd8dab68,0x7ffcfd8dab78
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcfd7846f8,0x7ffcfd784708,0x7ffcfd784718
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.0.988976479\1532313381" -parentBuildID 20230214051806 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fb9782f-f454-46c7-af5e-83ae9ff2adcf} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 1844 245ddc0c158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.1.2042838663\141267630" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94eb27d5-7cae-49ea-a6ff-c6ba69ff88b0} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 2472 245d0d86558 socket
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,8015029887621293668,4475788816974321802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,8015029887621293668,4475788816974321802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,8015029887621293668,4475788816974321802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=2364,i,5351176254279918369,6113472044472924249,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=2364,i,5351176254279918369,6113472044472924249,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1664 --field-trial-handle=2364,i,5351176254279918369,6113472044472924249,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8015029887621293668,4475788816974321802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8015029887621293668,4475788816974321802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.2.847932756\751329649" -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 2808 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f550465e-0be2-47e6-8bb9-8ac1b078b62f} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 3376 245e0275258 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=2364,i,5351176254279918369,6113472044472924249,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=2364,i,5351176254279918369,6113472044472924249,131072 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.3.2118292327\710164039" -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 2976 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17d782e2-7da6-40ca-886b-0bb4b6b462ff} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 3692 245d0d76e58 tab
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8015029887621293668,4475788816974321802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3980 --field-trial-handle=2364,i,5351176254279918369,6113472044472924249,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.4.1404783601\1401962820" -childID 3 -isForBrowser -prefsHandle 4200 -prefMapHandle 5232 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {612a4dea-0f48-4736-90f3-6410d6431854} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 5212 245e488f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.5.492060313\97226952" -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bbd5748-a97f-4acf-9d92-2d42eb579c74} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 5376 245e48d7958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.6.151857671\652914768" -childID 5 -isForBrowser -prefsHandle 5612 -prefMapHandle 5212 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 896 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c4a7185-32ca-4090-a56a-487dacdc9d21} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 5596 245e48d7658 tab
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\AECAECFCAA.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IECFIEGDBK.exe"
C:\Users\Admin\AppData\Local\Temp\AECAECFCAA.exe
"C:\Users\Admin\AppData\Local\Temp\AECAECFCAA.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=2364,i,5351176254279918369,6113472044472924249,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=2364,i,5351176254279918369,6113472044472924249,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,8015029887621293668,4475788816974321802,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=2364,i,5351176254279918369,6113472044472924249,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 82.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.77.91.77.in-addr.arpa | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| US | 8.8.8.8:53 | 30.47.28.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 44.242.121.21:443 | shavar.services.mozilla.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.242.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| N/A | 127.0.0.1:56838 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:56851 | tcp | |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.199:443 | r2.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.168.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
Files
memory/2716-0-0x00000000004F0000-0x00000000009A9000-memory.dmp
memory/2716-1-0x0000000077724000-0x0000000077726000-memory.dmp
memory/2716-2-0x00000000004F1000-0x000000000051F000-memory.dmp
memory/2716-3-0x00000000004F0000-0x00000000009A9000-memory.dmp
memory/2716-5-0x00000000004F0000-0x00000000009A9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
| MD5 | 99b800d074dc4121cdc4a127276b9f6e |
| SHA1 | c2099c6ed0cd5be77000c13cda849a84fd7bf662 |
| SHA256 | f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e |
| SHA512 | b317716aefab1fd83b3fa6c0057c613e98deb55f577b50d4a4ad93fa2ec71e25994ae28549c3f0d03396ce9a721c83afb6d0c754c2cd46eb85159484d6e315ba |
memory/2872-17-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2716-15-0x00000000004F0000-0x00000000009A9000-memory.dmp
memory/2872-18-0x00000000007B1000-0x00000000007DF000-memory.dmp
memory/2872-19-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-20-0x00000000007B0000-0x0000000000C69000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\4bace03766.exe
| MD5 | 3cf711041254d965f4d100dfd2af83b5 |
| SHA1 | 567f213eabaf61bf82e941631dbecd518b61d089 |
| SHA256 | 77e9b3740b0e2fd375cd1981ce2ad2ece335200794fa7eb92d4befee2094b9ce |
| SHA512 | 629f3136a6ebacf69800ed96000709c28ac096937c75cacb262394922779ab6cc613dd496e263ac02b41b998daa570771b68fd6a79b5d73fb3c4a45ef0bdb718 |
memory/3216-36-0x0000000000B80000-0x000000000176B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000010001\0e0f587120.exe
| MD5 | bc08b445116ecc06852a929a5d302c4a |
| SHA1 | a78aa42220b90d47b4cf63119e6082f06b295f57 |
| SHA256 | 5b232254dd2d33eb576516116977c884fba81d5a8427f742a73655f9e076efc6 |
| SHA512 | 657a21d453112fb909be4005e0cab1ebf467840e275a159eb535b486432ffa0bfcc60da92475b26f08a0ea481c927654520a43163e04e34324551cb3bfd69fdf |
C:\Users\Admin\AppData\Local\Temp\C3DC.tmp\C3DD.tmp\C3DE.bat
| MD5 | de9423d9c334ba3dba7dc874aa7dbc28 |
| SHA1 | bf38b137b8d780b3d6d62aee03c9d3f73770d638 |
| SHA256 | a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698 |
| SHA512 | 63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0331fa75ac7846bafcf885ea76d47447 |
| SHA1 | 5a141ffda430e091153fefc4aa36317422ba28ae |
| SHA256 | 64b4b2e791644fc04f164ecd13b8b9a3e62669896fb7907bf0a072bbeebaf74a |
| SHA512 | f8b960d38d73cf29ce17ea409ef6830cae99d7deafaf2ff59f8347120d81925ff16e38faaa0f7f4c39936472d05d1d131df2a8a383351f138c38afb21c1a60e2 |
\??\pipe\LOCAL\crashpad_3604_KWMZMUFWFXJVVZYJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f0f818d52a59eb6cf9c4dd2a1c844df9 |
| SHA1 | 26afc4b28c0287274624690bd5bd4786cfe11d16 |
| SHA256 | 58c0beea55fecbeded2d2c593473149214df818be1e4e4a28c97171dc8179d61 |
| SHA512 | 7e8a1d3a6c8c9b0f1ac497e509e9edbe9e121df1df0147ce4421b8cf526ad238bd146868e177f9ce02e2d8f99cf7bb9ce7db4a582d487bbc921945211a977509 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 90345a8a9ca1283f8e90814592b2bb30 |
| SHA1 | 80798994ea9d1be5846cc0dba420001d90f86370 |
| SHA256 | 1a39a1d9ce16bd3cc3b28094d65e41c8e9c98c553c45d7717214b0cd450e9eb9 |
| SHA512 | 3871d3956a359da61e84084c793e9c61553ba91f51cab601286839c1fd79194c70440d4c41447ce136c7e1fcc13135338e5552c279a9bb5831e70a2132a64604 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 652b57d88ffdccf498e36148b3000da7 |
| SHA1 | 4239555d23eb677a9aeb048e87668dfe4ee8fb24 |
| SHA256 | 8876ade90622a8e0feab4cd657a0eb27272ecab99b11bef31448ccefebc85466 |
| SHA512 | 2aa4adb6df12a45829794ea968625d6ecebb3547d56c2343f5b6765c939096210bf727a4dd34b340f7a81802c6c20ae7d8610548b9c5195005e5cf454c9faa56 |
memory/3216-129-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\prefs.js
| MD5 | f4a3230cf9d17d1f04a14a5c3d27fb0c |
| SHA1 | f88823655bf21e2e2bdddf406bb83c020f6f5afe |
| SHA256 | d68446687ff9f0c8c40015a337d1aa57577110b6fef67586599d2f2a29070478 |
| SHA512 | 0bbcf3c5abb336aeb4417fab9926241f22b9b41752848be1ffdc8d9a65af5352aac72a91e10b897a25db3f7f867d967df65947a3b534c3c8a5a68c539afad23a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | f8faf4ab72f614703ccd8f9005bbde9b |
| SHA1 | cf86d5b0ec4bd74e01a1e0f079dcb99f5b412dfa |
| SHA256 | 151f3bfe502aa0ec740da7f9e39d71a8dad7ba075a2643ceed6f88152eab8bec |
| SHA512 | ef8a38141e92043a4e475bc220f7d263fa7c6faccc44673182708337a4260d4d39c201705520295264316b4a125c53b02226812ba44e718edbf1097c20bd4050 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d4253286fb245c56c4d78c88de817063 |
| SHA1 | 0078521b125c7d046ed44be0a413b114ea428a3a |
| SHA256 | 7cf372923161ca153a300f741c178b64acbbe31b09a7f0bc1964c3e361ae9d9a |
| SHA512 | 206b6f70cd9bc2cdacfe67e1cf5136eb36b019371f8e0c2f837f4582e502d5f92ef699492530781ee5464168341e957e1cafef32a39694ee296f97f8930ef745 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\prefs-1.js
| MD5 | 9eae6b05a8a6de88566abf694e431ac9 |
| SHA1 | ddce0f1e6ab4cef5b3c61cb0b42248ffec030440 |
| SHA256 | a034f70cf02daf376cb8a3b02ee0b6a1f1017c2a54f6857cf5cb0a634879e273 |
| SHA512 | 5d325c1aeb8c0c197181d9d127c68fe3f9d9040b741b2b71aa3e861553be8307f2e8dd6b788869846c7b4185e905670d0374e5d36f2ca58e68e962484893311b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/2872-241-0x00000000007B0000-0x0000000000C69000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 51c3c3d00a4a5a9d730c04c615f2639b |
| SHA1 | 3b92cce727fc1fb03e982eb611935218c821948f |
| SHA256 | cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f |
| SHA512 | 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 103d7813f0ccc7445b4b9a4b34fc74bf |
| SHA1 | ed862e8ebd885acde6115c340e59e50e74e3633b |
| SHA256 | 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b |
| SHA512 | 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\cookies.sqlite-wal
| MD5 | 684fbdf5d6ec05d9b0f1cf8e3a3ebf4c |
| SHA1 | 45282d18e13eec36f2fcbf88998eb2e4ca300c80 |
| SHA256 | ec8d6853d7c687df6aa5c36a2f4f2e44bf59c141b40661c3088a7026444950bc |
| SHA512 | bc98f440a71d90270b1df7d0e00febff84dd8bc85045e46edfb681152b8b316bfa827e42c2f4477d45d473971d139275330ec9ac7fab76eab56f2137e4c25fcc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\places.sqlite-wal
| MD5 | 294d2b91b49407298b1975242c727320 |
| SHA1 | 6cbcdf0269cc7dc61f36520b4606bcea0c44f964 |
| SHA256 | 2968736876d68d8cb270d9867b23acca23ab3ee6c8b94ec6ba6077f699494324 |
| SHA512 | 1da8b69316dfdcd2a6da5350847738c8cd73b9286ccd5634ea7e10c08ac6920f75f891c16ec97ad0ac9b14470d5b796a0451c461cc472b3b819d5b1289d602da |
memory/3216-320-0x0000000000B80000-0x000000000176B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1461c8c0cd0024a4009aad3cdc1e988d |
| SHA1 | 6a9e2b52c9b9d115a849534e0c49fc8c0f31a9f3 |
| SHA256 | 22af5f9e29a11d7dae1df4234b71de390f49f3765694e272f4e822b8c4b8ac37 |
| SHA512 | b8da5d884e36d9af5ac7b4e5db3b3372e98d8a1ac08896eeb252b126d27422c13555d6ebdcbe422b397662163bd516cfed0f216db657b98fc392214f2e02d01e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ca9d57bc65b2edfd364a67eb6ddba044 |
| SHA1 | 9b822aaceffccb5cd4f2d3785fcf21a115bb376c |
| SHA256 | 275dd63213e16a5143b2da322c0b9025019b55df54996643e088de5956dde584 |
| SHA512 | da370005e0b533c0246f9f60c1c332f09f6eb0384efd6a32df031258c4d0cf7f360387ef690b0041ac2e16c388686b01176b6e4407b064631028b4bf2543b4e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 51f9a70fc8625ce5e5f830fb4216d352 |
| SHA1 | 9d8459a0415b6582fcbb772a98fd64c92968e4f3 |
| SHA256 | d7ffe619dda75ac75bf919100244e51140ad0f5725908a99506073376ffdf412 |
| SHA512 | 170b8c7a125ce52f3e164548857991b183f81aea7eb1f0911583bb2fd746e8d4655f17c2c2bbece5f4530dec8ac710be238c109fbe61d95472d0e5078b629b96 |
memory/3216-339-0x0000000000B80000-0x000000000176B000-memory.dmp
memory/6700-343-0x0000000000220000-0x00000000006D9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c0b7f7b0862fea315bfd04e3fc251a38 |
| SHA1 | 6e12aebff8abd1ebd16f80282ab1e6b7ee1d8587 |
| SHA256 | eaed025a557e732fdcd1502a943459a948583ea713eac84f4ac1010e087f01d7 |
| SHA512 | 28c728bd7c11cb52a5cc5c0fc95d7d81c4225746e75334f70a928baf50aa9e03f0a5d4b9e5f705b4a84dab7ba009695fd6ab4fc9d030581cc51ac333321ca1ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 38210b6d7dcbbb210ba19285ee960a50 |
| SHA1 | 64aece34b14fc219d4822cbfcdeb4c9f9c162da0 |
| SHA256 | c72792903856eecf7988877cb296cb2e9e0c51ca04339ce7554683f38de976eb |
| SHA512 | f97b55c044927fd45ca18c4f0960f1ff0ba3aa345f1b73608f51acfe4fd40cf0c4eace7ec40c72694e3bc9cfc938efba6832d08d43ca9938c860b94d46e8cc54 |
memory/6700-366-0x0000000000220000-0x00000000006D9000-memory.dmp
memory/2872-367-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-368-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-373-0x00000000007B0000-0x0000000000C69000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7da412f4268d7d4c31bfe37bf3e47486 |
| SHA1 | 43c90a5971041c283a063dc7d238a69e06da3322 |
| SHA256 | cf883748540b3c545d929e92b1c4a76b7621e1ec49d4a63f5f1d1a770df0f1e3 |
| SHA512 | b4fb1cca58867218a53e5399783cfe8959dc502f992ed97bedb8b2c54b976dce37ccb74c9f7320620da5636a659f2b7e0e3867c7d4727f9e527f9435e59e0d41 |
memory/2872-379-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-380-0x00000000007B0000-0x0000000000C69000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8744c07a7b6312d7a2e9008cccceaf39 |
| SHA1 | 69e8aeedb00b32a1d3d34e33cdccb4df04db024e |
| SHA256 | 60c6fdab9f50e85d559db4ec5e9a8be88a1ea258583912cf4634edcdc2aebe46 |
| SHA512 | 079dd47ddf86c4698debe67ab7491e11f46a222d5a88a566d8853a2f31e26598747d6a6742ca4dc734b71219f0006fc535d043589feb386e42dbb912c5751525 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f025fc155d8477727e02ce0aedaa3bde |
| SHA1 | 1f3929386203debd0b68c9d2bae1069399e0d924 |
| SHA256 | b0c1a5a06db788bb120a9c38e3418fd0663378402bfdd8623405f617966951fc |
| SHA512 | fe409c6a309572ba9801588dfbe0ca2d5ab36fc7e6d8000ecc5f6b60f90671c3490443e222bfcf804d279577c11c5ffeba7c8c119f753b985e4d6256c3f4c6f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\prefs-1.js
| MD5 | e242e1c9af325df9470ceda429bada2a |
| SHA1 | 46198e08d79d6ba5e40993ddea59198336cc7981 |
| SHA256 | d7b3cfc2255f0e8677a4aeaf91b0ab42093f25b7c138d57f899e07598bcf05c4 |
| SHA512 | 1adf94e8de4dd12460da099ca4da5f5f60ae0642b76ea204d1542cbdfc59ce22129e8b66d1467bc583597b6652a3cac4d616f02b9591ca13c71c190c8d6c3415 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\prefs-1.js
| MD5 | a29db17c3827b4246374ac43aaccf2d6 |
| SHA1 | 98bdec89650792968765321fc70a4022ab5227ad |
| SHA256 | a715e91be03afaa44fdcb15f4feaa4d6a9b88e38fad4ae1bdc5c0116d46f5883 |
| SHA512 | d91312873fde69d0ae25eeeb9530a3f04d622c53e7a725e1ef9ea1ed1f38f292d3713877ef40d33602b0fc0d94a7c6df2abee42fa1e65c8e1e54dc92f9392a26 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 05c9931b32b18e61980ff16a4c7b8f02 |
| SHA1 | 0ac5e6c2d6b01e162fd4e515b70af6bb92b7c25b |
| SHA256 | 6d8483de9d81f0d4c8005fd09c90cb19ce1c031b04722491326578a16f2155e4 |
| SHA512 | 920274119cd148cf22dbd36a64eacdca7ad72e6df3f7ee89d1765fd93a0511ef9ec6f39e2b6906731c9227580edebe5b5dcecb4102a544d1f3d3ebac44dced88 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
memory/2872-524-0x00000000007B0000-0x0000000000C69000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vg8iw5f0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
memory/6516-615-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/6516-636-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-1426-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-2377-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-2458-0x00000000007B0000-0x0000000000C69000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 87dffe067a3d2b394ac7c67bb28d69b0 |
| SHA1 | 678ecbb75a4a342792ed3ecc23b45c35e9177a0c |
| SHA256 | 8b3d112224f1cb93969fbe5bcf7b5012e48647574cf242a250bd139394582244 |
| SHA512 | 01771ed15b723acd5e1099095de9370c3c48593bd95914e2cf41b19ec6755a74197acfb2c4d710882da60e8ee54096735dbe42f5bd6f2f0d632de33cb30b845d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b06144cb1c8c21e5237b77ea8ad2f0af |
| SHA1 | 964abcc3a311ef9cf0fc381683371f9cecec33f2 |
| SHA256 | beb4449dcbf964d371db58e5384684468e111d961041ed0c09028cbf00a7efd6 |
| SHA512 | 5198cef91a330b9f1c0f2a5027d34b920779e9f06b656f3e77e3489a29b5c00c91370db3071b675842a6a137089c53825e8de36675f045f4ea86ff999afddbcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 042a2178e2a86f648c1a22f03d8cd008 |
| SHA1 | a816ed60503c75183cf4739d3eb7f7db3f601754 |
| SHA256 | d63c8b6e3a454c1c995fad28489c541482f0bf89be88fa0ddf0ef38454b20e5c |
| SHA512 | 47c6f1603ef07594fc0696177e7d74d32ef3f77d3a7f0772c3751111040f95b96c13a01f64fbc157de90c4a8c478ec5a096393724513439ec27df4501c73520f |
memory/2872-2500-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-2501-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-2502-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/6476-2504-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/6476-2505-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-2506-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-2507-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-2522-0x00000000007B0000-0x0000000000C69000-memory.dmp
memory/2872-2524-0x00000000007B0000-0x0000000000C69000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-09 14:13
Reported
2024-07-09 14:15
Platform
win11-20240704-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\JEGHJDGIJE.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\JEGHJDGIJE.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\JEGHJDGIJE.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000010001\308a927c7d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JEGHJDGIJE.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-299327586-1226193722-3477828593-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\JEGHJDGIJE.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-299327586-1226193722-3477828593-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-299327586-1226193722-3477828593-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-299327586-1226193722-3477828593-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-299327586-1226193722-3477828593-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JEGHJDGIJE.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-299327586-1226193722-3477828593-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe
"C:\Users\Admin\AppData\Local\Temp\f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e.exe"
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe
"C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe"
C:\Users\Admin\AppData\Local\Temp\1000010001\308a927c7d.exe
"C:\Users\Admin\AppData\Local\Temp\1000010001\308a927c7d.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9579.tmp\957A.tmp\957B.bat C:\Users\Admin\AppData\Local\Temp\1000010001\308a927c7d.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffdb44fab58,0x7ffdb44fab68,0x7ffdb44fab78
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffdb43a3cb8,0x7ffdb43a3cc8,0x7ffdb43a3cd8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4960.0.1984878429\470709438" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e838378-fc42-460f-a0f6-673179bebe17} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" 1852 1911a504758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4960.1.1393697439\2138781652" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b45f0daf-0373-410c-ab9d-76760fc1299c} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" 2436 1910d684a58 socket
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4960.2.783664339\447743898" -childID 1 -isForBrowser -prefsHandle 3248 -prefMapHandle 3244 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f374fbca-76c9-4876-8b80-6dd29b233d31} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" 3260 1911c94a258 tab
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=2076,i,588440497534370141,17402869598132430841,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=2076,i,588440497534370141,17402869598132430841,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1928 --field-trial-handle=2076,i,588440497534370141,17402869598132430841,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4960.3.835206591\1752524233" -childID 2 -isForBrowser -prefsHandle 3020 -prefMapHandle 2820 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd0fd30a-6d9e-4930-86c7-1256914e189d} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" 2944 19120010258 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=2076,i,588440497534370141,17402869598132430841,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=2076,i,588440497534370141,17402869598132430841,131072 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3832 --field-trial-handle=2076,i,588440497534370141,17402869598132430841,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4960.4.2011479136\469374948" -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3cba376-18fa-448f-b429-d70b0ae5ee1a} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" 5164 19122267258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4960.5.2123704327\42767227" -childID 4 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d01f2f70-26fe-4c04-8970-4626e5a09226} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" 5336 191222d1258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4960.6.1217473469\1566978807" -childID 5 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67d13495-73d5-4d53-add4-b1eaf7b72102} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" 5236 19122346c58 tab
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\JEGHJDGIJE.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\EGCFHDAKEC.exe"
C:\Users\Admin\AppData\Local\Temp\JEGHJDGIJE.exe
"C:\Users\Admin\AppData\Local\Temp\JEGHJDGIJE.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,17252982373147123838,16022805892615979072,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5084 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=2076,i,588440497534370141,17402869598132430841,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| RU | 77.91.77.82:80 | 77.91.77.82 | tcp |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 8.8.8.8:53 | 82.77.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| RU | 85.28.47.30:80 | 85.28.47.30 | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 52.33.222.107:443 | shavar.prod.mozaws.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| GB | 142.250.187.206:443 | youtube-ui.l.google.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| GB | 142.250.178.14:443 | youtube-ui.l.google.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| N/A | 127.0.0.1:49804 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| N/A | 127.0.0.1:49822 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 77.91.77.81:80 | 77.91.77.81 | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| GB | 88.221.134.243:80 | ciscobinary.openh264.org | tcp |
| GB | 142.250.200.14:443 | youtube-ui.l.google.com | tcp |
| GB | 142.250.200.14:443 | youtube-ui.l.google.com | udp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | tcp |
| GB | 74.125.168.199:443 | r2---sn-aigzrnse.gvt1.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | consent.youtube.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
Files
memory/4808-0-0x0000000000D10000-0x00000000011C9000-memory.dmp
memory/4808-1-0x00000000770D6000-0x00000000770D8000-memory.dmp
memory/4808-2-0x0000000000D11000-0x0000000000D3F000-memory.dmp
memory/4808-3-0x0000000000D10000-0x00000000011C9000-memory.dmp
memory/4808-5-0x0000000000D10000-0x00000000011C9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
| MD5 | 99b800d074dc4121cdc4a127276b9f6e |
| SHA1 | c2099c6ed0cd5be77000c13cda849a84fd7bf662 |
| SHA256 | f97ff5194352acfd96ba9dce6341293f59c10a1aa7b716f5643840abde275e3e |
| SHA512 | b317716aefab1fd83b3fa6c0057c613e98deb55f577b50d4a4ad93fa2ec71e25994ae28549c3f0d03396ce9a721c83afb6d0c754c2cd46eb85159484d6e315ba |
memory/4808-17-0x0000000000D10000-0x00000000011C9000-memory.dmp
memory/3336-18-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-19-0x0000000000161000-0x000000000018F000-memory.dmp
memory/3336-20-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-21-0x0000000000160000-0x0000000000619000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000006001\c601e7652d.exe
| MD5 | 3cf711041254d965f4d100dfd2af83b5 |
| SHA1 | 567f213eabaf61bf82e941631dbecd518b61d089 |
| SHA256 | 77e9b3740b0e2fd375cd1981ce2ad2ece335200794fa7eb92d4befee2094b9ce |
| SHA512 | 629f3136a6ebacf69800ed96000709c28ac096937c75cacb262394922779ab6cc613dd496e263ac02b41b998daa570771b68fd6a79b5d73fb3c4a45ef0bdb718 |
memory/1672-37-0x0000000000370000-0x0000000000F5B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000010001\308a927c7d.exe
| MD5 | bc08b445116ecc06852a929a5d302c4a |
| SHA1 | a78aa42220b90d47b4cf63119e6082f06b295f57 |
| SHA256 | 5b232254dd2d33eb576516116977c884fba81d5a8427f742a73655f9e076efc6 |
| SHA512 | 657a21d453112fb909be4005e0cab1ebf467840e275a159eb535b486432ffa0bfcc60da92475b26f08a0ea481c927654520a43163e04e34324551cb3bfd69fdf |
C:\Users\Admin\AppData\Local\Temp\9579.tmp\957A.tmp\957B.bat
| MD5 | de9423d9c334ba3dba7dc874aa7dbc28 |
| SHA1 | bf38b137b8d780b3d6d62aee03c9d3f73770d638 |
| SHA256 | a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698 |
| SHA512 | 63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b03d35a1e3ffb7a9f63b3f24a32b8e85 |
| SHA1 | 878b3c3c4877e1f132819392c12b7de69e1a500a |
| SHA256 | 832cc8b01bdcc3a2edda654aed8b35bd35b4b308f2843187157e805c61c90435 |
| SHA512 | fe947eea87acd7d8052bf802f5e1e0105379f07f84160ac51b7771c9d03ae0822b5d56e2ef09b13f0a16b53071df3001f4fe4f255307096477d3db2c9671ee23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8db5917f9989b14874593acc38addada |
| SHA1 | e2f1f19709d00cef4c7b8e1bca9a82855380a888 |
| SHA256 | 69518d96a22b831de7923bc73ef0ce86cd8394befe8e1c20bf4f95285a15cc63 |
| SHA512 | 39a70a4207338e819b5dd8dcb5b2b4edaa136a27d51edadac3f76f7de224c54753173a13a55667129f0310b3bbc9f258da0a5b9a7f8b7be6c3c45b64a04e40a2 |
\??\pipe\LOCAL\crashpad_2132_DCPWJVLOHZRCIOUQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6f169567-6a38-4af8-a1b0-b57776f754bb.tmp
| MD5 | 07b2fb8d114dcc69619e54657ba90450 |
| SHA1 | f8d683422b14edfdb4c76294ab19842a4c64f5be |
| SHA256 | 986556fe7d5bb6bb8e1abacedb3e04dc748e00e3173f526c076df1823553c676 |
| SHA512 | 63ef16d18b3f426fe03514a3c730958953546418774fab098d529203e9f3fb049dbfbdd468a1021ed9bc1fb2a715fc181eaef2ed3430cd75d82f6e29c31f1ae0 |
memory/1672-111-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vzqinq9r.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | e3ccdd9bbc88cec40a367c30c38e2234 |
| SHA1 | 90227f8c2e086c659b35d81f85bc52eea7a10134 |
| SHA256 | f8ffb0da9122e92ca7017e5da312a50e039b0b96c3d7e020276d92d8a6a73aa2 |
| SHA512 | 2fb5eb4330623f06b68a16348caca52ef2a68da1114f41e1a4494aa6823001583aa021acab617d6a91e8f1e3a152c2bf94d5ef5e0e0c1a255c20b3b0d89dbd00 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vzqinq9r.default-release\activity-stream.discovery_stream.json
| MD5 | 02fb48fe51afcb6763d2ba0bde6f3eb9 |
| SHA1 | e428a44e43e756506abc0c62ae0255758173d6b3 |
| SHA256 | 09b0cb1acdaee14c874d64ec63bfa09bfbe03ed24dd25ac499599a45012c0df1 |
| SHA512 | c879a159f220cc5b9bce281d23e1248460c27dffd0ba334c5e772a471737849567ab23f73d6b9bfaeb896358e0871d2a103febd0b7ed71ac855823b44ad6cb7a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\prefs.js
| MD5 | a73e5f872b946f34c5e102e5bdc50244 |
| SHA1 | 1440cc425f2409c7381bcb849a9a6bcc97bf220e |
| SHA256 | de253458123b049ec690cbb21b7b9f1affd66a7ec826a408dc5d1107fe3502b1 |
| SHA512 | 6c374d5ecd775f3ce03aa7e71577a2160e7c7968b7cd9b8ca58b8fe268065a8d2bded64665e51175fcb69b7c1865aff95d469bc717663c803d557bbda1bc1b03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\prefs-1.js
| MD5 | f54c54bba108a52b3930693ffd5d2a3b |
| SHA1 | 235800a87466b3535ef6879073347dab0f495d14 |
| SHA256 | fdf6a1786aef43161ed18d76b7b843988cb85bcb2c5b75d85b540af7981c0456 |
| SHA512 | a22430ad0a8557d40fc157fb9a4debd5039105f26dddf3f77c6f204973996a2db6c25e0a01764bea1bd9eff5605d1d59644b2242dc554b29e8fb0b54974c1497 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 51c3c3d00a4a5a9d730c04c615f2639b |
| SHA1 | 3b92cce727fc1fb03e982eb611935218c821948f |
| SHA256 | cb1e96afd2fec2b2b445be2f46c6b90db19c2ed2f0278f57f7490a299e88c19f |
| SHA512 | 7af8ec3160e4dbae2c3359146c0a82c32a02697d332138c391e4295d00f49ed1070857a0afe16222c5cea1cafffc4d26df525543f187be43a59967df1e919542 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 1c0c8433626cac08202f23a1dae54325 |
| SHA1 | 3a5700eeeacd9f9d6b17c2707f75f29308658cd3 |
| SHA256 | 7aad4c7a174a145a4f9f11506145b521631ee2cb1ca2f7617b900ba515b31cd3 |
| SHA512 | da693d1d63c9971cb80792063f0e8d3335edb67ee1dcde4040d0dc8f44398f99d9f683eaab8cf44ebf5cdb78eae6672d43fd9ed9b45a526a80a311d8c77bcc8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 103d7813f0ccc7445b4b9a4b34fc74bf |
| SHA1 | ed862e8ebd885acde6115c340e59e50e74e3633b |
| SHA256 | 0ccaf58bb2aa430724873fa21515e5f3fbd875390288aade3823ec16962bc27b |
| SHA512 | 0723baca97705968a068676f74ac01bd492dac94a4fba391de578b6357b79c4aca5412f564dc0ea7ae5b6145256c7f8f22e8a4823f41e2baf50d201ec073be1f |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\cookies.sqlite-wal
| MD5 | 329aa5f0974245068956a53af0cabc40 |
| SHA1 | c9df2b524965c3590d4be2e7a1a79c566d480b05 |
| SHA256 | eebab12597a1ef34a474c6df1ab74f426651e069520a829d4d726da6abdc8da6 |
| SHA512 | a9f142c15b2d5c95943f9c95c57a6fe1a8783d6e1b2a3444d4d27256c454958547e2837577321a9a66c1e79a4000145e49be6ca3f93b7cb4c8c15ca06aefebfa |
memory/3336-302-0x0000000000160000-0x0000000000619000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\places.sqlite-wal
| MD5 | 946d2887d668a337e292f1c99a14915e |
| SHA1 | c56e24ad19a0c571bb8f5e50cafad3bd2e72515e |
| SHA256 | b04d063a9e51037afc4f5e52953703239c84aa49b6027b904180ce7380357230 |
| SHA512 | dbbcfe44fc5c2bca501f89aeb60aeb72fa174c6cb80e018f3d577fabc3dec64856fadbcef1e953ffe89518daa01385e5bd1346094980e44274ced39e52ffe168 |
memory/1672-314-0x0000000000370000-0x0000000000F5B000-memory.dmp
memory/6648-318-0x0000000000910000-0x0000000000DC9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 51924c8752708ba87982dbc8a569b37b |
| SHA1 | 5b24b1b9a53974c4cbede27f2ac25d1e66d3a84e |
| SHA256 | f614365d207aa868ca7ef88e45ed0882e81d875c6361e87e98bfaf4d815fd611 |
| SHA512 | e8eacb87278710c7db608003ad39708654cef2aad0a414adb44150bd42aa3aa5437e1f0fd69c6135915a6f7d7c8f354df2ebdbe67ef172c5a99d725dcf915cf7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8db6f21bbd7bf4081f7338e35f2107fd |
| SHA1 | 83bc1e8311f1a492dc07703aca2ef0f012b53ec0 |
| SHA256 | c6af2c71ec1f1c16aac61e6a63a563f9ccd9c12d09c08db9668f2da8805a84da |
| SHA512 | 1217c620c3e2c8cd2edf52ad8cb1a20164cba635dded554220e51682000df838bdbb7fe5876c5c4b4b01d0bab11676ca92860d4a11e732fba9beae0d27512c89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 50dbaa6307180649657ed06f61324f7f |
| SHA1 | efe8db6562fabb726f98825a5bf9a8b67e3e7031 |
| SHA256 | e22a79d124c016ebb5741f4c4d7062c27f4e6787c00bef78d387f4b2129151a5 |
| SHA512 | 64bb4635086beb51d8af7e8ad20a3a5a744063e770d6b127762f28353192a837ed00285b8a165f4f6535c100269f376c88f04b2c7524a84c2e165e9d0a2b88bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\60c29c9a-beae-4f52-a00c-1a4e975209cc.tmp
| MD5 | 48fe2eddee321f2fb498cc7a45fea89f |
| SHA1 | 497bdb5a6231fca1eb211786a013f88d8cd96211 |
| SHA256 | 5164b72c30ce5ff8e247196d5898c0cff4b9e110633c00439cf01ef96c221f34 |
| SHA512 | b81c82d66a1a82538fc22cdb35b2220c8678400ed7bb9735565e38dc8ef3b95b02594acabef1010a3cb49d5d5e5e95ffae4ba49bdefe1dee60f349cb516cee3a |
memory/6648-361-0x0000000000910000-0x0000000000DC9000-memory.dmp
memory/3336-370-0x0000000000160000-0x0000000000619000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ea85f921404f7bd93997a9e45ae31c84 |
| SHA1 | 5644e849f7274f64b75b5b5e8642d1b27e7b55bf |
| SHA256 | a5b4e6fb643975a8c85572aefcc048d9cc00ccda9868356932c40029f4e920b5 |
| SHA512 | 06a40d04d6a16dff5363b0941509086de6fb9f047fcf9ee9d79f41eb89a0be445b286aa05ca6c848d55fef61becf6d613fcd8d973d318ce18dde6a8e7dccb5c7 |
memory/3336-381-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-382-0x0000000000160000-0x0000000000619000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d4487b278f7567d0dca390ab0c7a3d60 |
| SHA1 | 7076da2a022d314b68b5b99ce014146c81683d6d |
| SHA256 | 6f05eccb4e8eefcdc30e91cd18c074d108901ab46e5c3e6527e95c95e88845cd |
| SHA512 | 23352ed1ab5bd40becfbb1e99197c275f58802d8f780e7ef35047d3b870ea0d80c5363faed604c4cc52c996c078b5bf54b07f0d3d618ca26570c5f6c5a7ba212 |
memory/3336-395-0x0000000000160000-0x0000000000619000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bf12fef5502687e7246ae54a858e92a4 |
| SHA1 | 2185b11144c91111b72030b6b916386bd630e419 |
| SHA256 | 777753f4b41a98ad4dceb60d36be1aa668d4b8ad37fac2e65c4904486d5eae0a |
| SHA512 | 41655a533a014b1476468436c8066e31e19a78ada148102d3ad42ce4c546495ab9eaf867e58db2d7cf2e578a359bff781613baa6dc3bcf9bea0eb2142686fb4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 378f43432b80086bf459de680ce34abd |
| SHA1 | 04baae100f7cf613da297d9018d946c13ef58b74 |
| SHA256 | 09925822e61c0dab9e953f711281f6f57889b324963c5c3a90d67d756c2e8784 |
| SHA512 | 49d81cb80e7130300d420820940c8451166d6eaaf5d3aaf7ad83a9bc2fe3e63628e17b20e2974afc2be09ffc784b3063be7d8bee90cb112aa528a0572e203bf9 |
memory/6920-426-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-425-0x0000000000160000-0x0000000000619000-memory.dmp
memory/6920-427-0x0000000000160000-0x0000000000619000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vzqinq9r.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 3f7ef36b71acc33610b882b50a96a612 |
| SHA1 | dbcee009d381427c3c385c62b802e79e6c96c649 |
| SHA256 | c3a41d46e2570c2236add57ce7e50ce4d627426da6e8f0a152fe8ff5ccdd8427 |
| SHA512 | 510cf0b71f0a291e8d4b9aececf2d0a119ce52e75e67b469442299a0aa293dbb99a82835872b0baf80aab0dbe7b8570294ced05e6e2535087dd69d8613963a42 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\prefs-1.js
| MD5 | cb42db92ffc77ea0e707f7e511520ad8 |
| SHA1 | 59e43c2272e9b5ef79272629aef6034ae5cee41b |
| SHA256 | 08bdaae8246e9f4d51b0e72e7a2d8eb9f3b871bf72213422518ee4d60bc89920 |
| SHA512 | 2e8c867fec46822893e2a87c6951c6e761500964a5f2d6952b181f8db2837e7c6b7ab92da4cfcc4134451af4fdbd7056bddc058189ecb762759ae550ee9915d1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vzqinq9r.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
memory/3336-637-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-1954-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-2446-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-2472-0x0000000000160000-0x0000000000619000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f422900e1870765d0278bbc6cfa6e483 |
| SHA1 | 6940f571aff39f510c63d285e995a17cf1ef82a2 |
| SHA256 | 07713fd754a6c2780809ace9007c74d52ba2ac4ada2c4b3ddd2da5530b9ba78b |
| SHA512 | 48b4cd6457a6da03223ae82df4fe10d9603232a680dbe6d7dd426eba727cd3440c1e79412d634cfed18824cd6cabcc79b458b7b5d4b477b26d2042c335959790 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 973302c6af5bc5a3cdfeba1e39f9b68c |
| SHA1 | db058aabce3cbff28144a09271a20a3a15137696 |
| SHA256 | be68bb4cd1b805f1a9e3901796281cc9d4bd4afb8fac9f98ddd6cc19e784aebb |
| SHA512 | 8c2b17901fe308ef72393f367c8f2ecaca765ea92cd4005a2bf8a06fa52367ec27a6e5afbd747f0ab4d2bab68e5bdde718f5dca9e9a4c6e526a12b36af7e45f9 |
memory/3336-2510-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-2511-0x0000000000160000-0x0000000000619000-memory.dmp
memory/6960-2513-0x0000000000160000-0x0000000000619000-memory.dmp
memory/6960-2515-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-2516-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-2517-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-2518-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-2531-0x0000000000160000-0x0000000000619000-memory.dmp
memory/3336-2534-0x0000000000160000-0x0000000000619000-memory.dmp