Malware Analysis Report

2024-11-13 16:48

Sample ID 240712-fnckfssaqf
Target aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad
SHA256 aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad
Tags
amadey stealc 4dd39d hate discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad

Threat Level: Known bad

The file aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d hate discovery evasion spyware stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks BIOS information in registry

Reads data files stored by FTP clients

Loads dropped DLL

Checks computer location settings

Identifies Wine through registry keys

Reads user/profile data of web browsers

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Checks processor information in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-12 05:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-12 05:00

Reported

2024-07-12 05:03

Platform

win10v2004-20240709-en

Max time kernel

149s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\FIDGHIIECG.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\BFHJJJDAFB.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\FIDGHIIECG.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\FIDGHIIECG.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\BFHJJJDAFB.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\BFHJJJDAFB.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\FIDGHIIECG.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\BFHJJJDAFB.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3040 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3040 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3040 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3364 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe
PID 3364 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe
PID 3364 wrote to memory of 1116 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe
PID 3364 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe
PID 3364 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe
PID 3364 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe
PID 2332 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2332 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4416 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4416 wrote to memory of 100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe

"C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe"

C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe

"C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a54f8aa3-5418-4536-a9d2-4fd23ea1ccef} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f396995-1f16-40a7-9e55-584981959295} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 3264 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {357d28e9-37d5-45fd-87cb-102b7c67a231} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3920 -childID 2 -isForBrowser -prefsHandle 3912 -prefMapHandle 3908 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fce59941-8720-4b50-9ac9-f399a0a7dcab} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4780 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4788 -prefMapHandle 4764 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {588ee0b3-14a2-4555-ba55-22eb94718bb5} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 3 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8eed289-af34-4605-b0c3-5cc0da86e993} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 4 -isForBrowser -prefsHandle 5760 -prefMapHandle 5756 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5cb4f1f-3315-4970-a911-fff7a888d994} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5948 -childID 5 -isForBrowser -prefsHandle 5868 -prefMapHandle 5872 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce1899ac-d5bd-44b4-97d4-e0dfb52d57b0} 4416 "\\.\pipe\gecko-crash-server-pipe.4416" tab

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FIDGHIIECG.exe"

C:\Users\Admin\AppData\Local\Temp\FIDGHIIECG.exe

"C:\Users\Admin\AppData\Local\Temp\FIDGHIIECG.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\BFHJJJDAFB.exe"

C:\Users\Admin\AppData\Local\Temp\BFHJJJDAFB.exe

"C:\Users\Admin\AppData\Local\Temp\BFHJJJDAFB.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
N/A 127.0.0.1:51791 tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 44.238.192.228:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
GB 172.217.169.46:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 consent.youtube.com udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 44.238.192.228:443 shavar.services.mozilla.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
N/A 127.0.0.1:51800 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.192.238.44.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
GB 172.217.169.78:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.201.110:443 consent.youtube.com udp

Files

memory/3040-0-0x0000000000750000-0x0000000000BFA000-memory.dmp

memory/3040-1-0x0000000077E14000-0x0000000077E16000-memory.dmp

memory/3040-2-0x0000000000751000-0x000000000077F000-memory.dmp

memory/3040-3-0x0000000000750000-0x0000000000BFA000-memory.dmp

memory/3040-5-0x0000000000750000-0x0000000000BFA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 b216ac082608e4fd08c4dfb765dd61c9
SHA1 9f9eeb5f1d152e1d0d24dc51e910f772f0acacec
SHA256 aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad
SHA512 51accd2042eaf9459c5b60bf79c0f786f33058be3ccf853fc6e8a1bec3d4aa992d17481a91e9f9370bd836fb9eea67155368c34f01f9b940d39d1f141b25a495

memory/3364-16-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3040-18-0x0000000000750000-0x0000000000BFA000-memory.dmp

memory/3364-19-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3364-20-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3364-21-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3364-22-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3744-24-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3744-25-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3744-26-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3744-27-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3364-28-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3364-29-0x0000000000550000-0x00000000009FA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe

MD5 b5f67083e086299287f0dfb2a7bef96e
SHA1 dccf58d99cd7153859d1ad5a1c3f7e348e2ebbb7
SHA256 1b6722f558bf4483253663180682caec67066261bc0414d12d6e1622cb848d80
SHA512 55c4f5d435a1a27e6c8e14c88e454da4dc2398076f4596a6f983184831db0119c58be9c82b8ddf5ef37265b65b5cea56e5963c871b2be0f8e88064224681d654

memory/3364-44-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-46-0x00000000001A0000-0x0000000000D81000-memory.dmp

memory/3364-47-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-48-0x00000000001A0000-0x0000000000D81000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000011001\aae024fc00.exe

MD5 86037c510a58b81892f98de398dd778a
SHA1 0f85715b93e6fc8bd7a8218d0bbfa44a90782491
SHA256 482eff0a8df5b73a7d3c7915c4d4c058e80445ff38f0133b9c8c125bec84e54b
SHA512 17de2e8c469efd2cd79df22f93a13c2b2487892650eb7ef88db0222087a1662147e14e9b2acf45ac11bf0e192715a8dbdd7b203e7cf845516b92d89e40ce3187

memory/3364-68-0x0000000000550000-0x00000000009FA000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\activity-stream.discovery_stream.json.tmp

MD5 ace08027d88d58b941918bb03190f422
SHA1 dc7813d14c95dc33cd9953ce2991e8175c712c2a
SHA256 0b4403d0030b43c88562d7c65009dafeecb1a52f31e04aa61e29ac381141fe43
SHA512 211553c068ce02f1c2657f2354c2a9fdd186a94beb92bd7a23bc2e661481e605a410b8c2178328e1f76d32460bf695a630bc5feb056a3ba8b45929c3cefba104

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\fbe7de17-3ace-419a-a81e-042f13d3aa7a

MD5 2981728a060e01e67ff7c8232f0b8582
SHA1 aae954037be6837069bedddcac560593fec2a415
SHA256 b7441f7fecf46c5ad53b3ac671e4a59097a4b414139e204f788b9ea20c7185cd
SHA512 02fe348d296b2862047593e01810d297c6f63838196a8c2a3fdcf4657c9c9042f4cb3ca98ffa618e96eef9674ca770a212436c953f54efec4f99f230ed5f9c11

memory/1116-286-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\b213df6d-37b7-4dc7-ba58-f9b61a36e76f

MD5 366083f4af085cac4a62f98c3a20f514
SHA1 09157e81e353a871c33dc18647a45e9030ac3e4e
SHA256 81ad39b67786e0c835e33aeb1c04ccb8f28105aec94666a13b496554d938d3d9
SHA512 2c6c50bdf4b0f90c2c6d8e5f52595132a3e9abf268b20742080edd7add655222407e4b6bc9d5438a82f53d58a0256454844b303bdae2038cb8e07df9f2265a5d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\2bb68aec-63ec-465f-84f5-16f41211ef4e

MD5 9137a601e7cc20b481246f88cdaf664a
SHA1 1d92534c489a5005bd76b19820bd9be55a8665a4
SHA256 17692c4d8ca1ec90a24fbbd9b61ec10086110c4308f8a3856eab5f7380120434
SHA512 bfce56b58b9636bb3c9bc6c99866adc89459084d44f5c82c48e0515ef7bacc3124f9d7fb70c93e94f02635494b8ed174ca8194b1cf860cb9cb312b21e7ed1462

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

MD5 145d0c0ec1fe0fc7aa15fb800486a276
SHA1 c491f044fd574828b1b1ae0642e5478ebffa9792
SHA256 fb24456e911c7e3382129f17bdfb54d36301c298b0d8f6bc4772fd94c49cc446
SHA512 82cc10e6a8e3bc2cf0974b4b10c83b6c343c39072509bbe62292aae28175d7029efd6b5054cf1ccce7843dce7bd4116203c7aa8f78e6c85a7afb4c9952f5f5e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

MD5 238c002ac2e8754d281b99a46bb8c9d1
SHA1 f165c22f25037de6f3045fa6fd644d079bb4660d
SHA256 5833de12c54e4ad7d6efc06b6e10a7cfcafc0de57c37d9eb2ed60f7d98f7b4ba
SHA512 a1f0bf808e138da6581d83c9320d5dd9de3da7afe3e503a41198d9e9974044b1e4c614c453505b1da9b0765fc25578f9637474a56d5b9bb5dd3f18922d7cf838

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js

MD5 61e5c97589b462e251ae563d8a5f7af2
SHA1 93bb1742c22f0ef48425b942e5bb17d9a6e29ad7
SHA256 f93a8e9fda6a936cbee52b55363b52ba5c07ef5612798a3a43760ef329040c3f
SHA512 0d95e658f9b39b2cd6125265e90da715d5f855f8cbfba4729d1b5064e20ede7bd4b0c505d8a59523dcea22f74fb85c26fda3052acf75316db04d57e9ef9737e3

memory/1116-395-0x00000000001A0000-0x0000000000D81000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\AlternateServices.bin

MD5 b86fc1d67a097461d0262aff00d3dc74
SHA1 e4cee7e28d49e497bdea7bb3c1d76427fef3a0fe
SHA256 0dcb6d55c51e3c9b6d635588b9a5f31d6a8580081e7a60a67307710353873b15
SHA512 b83b5d64bbd5953061553e165b9957a3ba1fd145be3b9e6fe854a837c61be1868b2fc13998fd27a3add2918536fcb4c3a4d78e8a785012461d2accc27d021912

memory/3364-446-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-447-0x00000000001A0000-0x0000000000D81000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js

MD5 242a0a81e6f71f56a010a5af4a66a5c8
SHA1 2452ec0b7167e9d8563280fba3eb485dd8486a5c
SHA256 f1c1c84fad4de9259e2d59e74d29fc9e2a23944219fe71a6619104cc36ee36d9
SHA512 f38255c5ac752ec4ffff95e68d776cadd21393f098da17b22d92f742e7822044b8d7099bb103ef2c1c15cda07f3e5efd83ec3422028a08f899efec7b70d3e1f6

memory/3364-472-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-473-0x00000000001A0000-0x0000000000D81000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp

MD5 4c5cc8db51fb06cf3cdfd6a6af346384
SHA1 8d49746ee35c5dd81da712c945b717a8b48f88f1
SHA256 a6528d32948ac4f351e6981c38f73b10eec71b23ac051e38a20bd688fa0ce502
SHA512 11a21fe9f0850c32cfc03a404226e34950f1c237f9b8792ebd23b0c244cf235d611718d026ddfa214144b89a8fb6f6766ba1cd3e0928c2726c9082f3677c5f3c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js

MD5 f9cc0e1e72d626815d74e1970a2daf62
SHA1 bf01825678b1de78c2e06266caabe2d8ebf5dd87
SHA256 49f5c67f1e8c4622d698202d99d40fb2ef9e00f95167fb00c446a768f6820f32
SHA512 c783ab3206a3ec7c2444c62930b1374d5d78704663ddb21a5736ad26e8d2e5e1c54920557e5c8742bdde82139ac8062384cf3925381f8b4879f5ddaf8512cbbf

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 adf75fc41407349a03f4d96bf496e685
SHA1 8f72fff1497a24f93939b11e024d4ad1c81e30b1
SHA256 8efe8a155340c8f2a28729b187b39cff643e2e8de8c0e12798d2c9be798765f9
SHA512 868ffab103738215f1dfad2d1a24e2b4d180f0de1295f5972c3e80fb984a9bc0d8cb569e53611cb3e7c6e7094656f23fc5b6e095ef4fb129651064974ce4ac4d

memory/3364-589-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/6092-617-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-616-0x00000000001A0000-0x0000000000D81000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 d48592cd545a275911a82c514a350561
SHA1 fb92c1a1e228a0768516ecb948d59473501f68c3
SHA256 92544f0e66defbaac90339a76466bd46dae456cc2db923b5fa5531c5e9c2ba73
SHA512 3cb23b48a57d82f95723c1965639d5c8197ff8c53e36f6b46b2b557d4156e77a12c7d40baabded49ce58bf717ee3b54fd10507f255287294ae954fb236071bfe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 dcf34e966aced9a1585790b6198f96af
SHA1 d753db23de7a5096c48671df38c5a967bb3ed269
SHA256 5c12d868d46cadc2598fba09d88b8794590ead95514a9ecb3acb7c292cdb39e6
SHA512 74755608d576c875fe84df5466598169676d58ea356ae1476bc0434ed27f61051a1a536126cc74c1610d8483e2ee190c2389a51d08cc5bec7b2f62a3edfb9529

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js

MD5 1959f293100bcdd5a864f4fad71ae411
SHA1 f3d28e2973928ee511d2f5465ca0da6ba8b5589b
SHA256 69ec23178bedecb4ae106c82b48188482aab8a73f0d002b4b74853cd1414b47a
SHA512 2dd80c0957ca31f716574641aeb6e7a60621697754c6b62d69649b8a81816b7f70b4e2bad7f55e86fd26e6f528d454b842164262cb8c97b527a177e26e43717e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 5b3214b6c766adb29a46ea87fdf66c36
SHA1 b4e6158990a5acb4451e9c4921c3c95d046e3d22
SHA256 efa0c022557d96bae68b1bae22e37322059e3522d4698e6f3ffda5544cacd875
SHA512 89cbc2b92107879002a4fbced017f94d99e6c40ace7cf468c791b84f7b7f25ca52217c1558f95dd9c4be2dd31f23a645d81a31f92e604a493d6b14ecce7f5641

memory/6092-691-0x0000000000550000-0x00000000009FA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

memory/3364-983-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-988-0x00000000001A0000-0x0000000000D81000-memory.dmp

memory/3364-1460-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-1461-0x00000000001A0000-0x0000000000D81000-memory.dmp

memory/3364-1644-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-1645-0x00000000001A0000-0x0000000000D81000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cookies.sqlite-wal

MD5 32e28e123de341c40e35ef7bca0f2838
SHA1 20bcc0745285b172a86e1939653846d713fd6d2c
SHA256 c8ae62aad7d76740a60758073cb1aaff3da8db2e65b09a00a76693b29c7ae9f0
SHA512 6c78fa50e541befe7c8ffa66ba384057aa9316baf58b8e6f0c821dbe0897dc5b5e49a295848eda4f9b19b11ce19158f0d9be1b7ac2e3108cb9b9011a550cc033

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\places.sqlite-wal

MD5 50629c52481c683df53702ae7ef11844
SHA1 1c21e2335e6309f1a55832a708e68bb3eb01b920
SHA256 1d3b86f1a00698cc3965bdc0332289d216981d905d050c8188d62487d7d5505c
SHA512 ab51ce223cfc9413115e64316b0967794a368d495f20d2e816ebf48bc4efb2f05ad1e0bb1109190bc802a06bd4ddd54a856d5372f972c3fbec825d2c8854944d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js

MD5 123be9f25e10cda6fd34b4181ba620cc
SHA1 f62a0451f20cd9c3c6639ac68bb5983046bcccc8
SHA256 7c627394250bf49021e42327aebd7378cc6cab5ff5ca3392ac7cef1cc047973f
SHA512 c3562f7db888e81156b559f090162e54fe18a157e7a752be93ea74f2913468b0a8029fb61effa7a0271f22d856ced5f11ee0017355cc4fda1996711733f4337c

memory/3364-1693-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-1694-0x00000000001A0000-0x0000000000D81000-memory.dmp

memory/3364-1703-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/1116-1704-0x00000000001A0000-0x0000000000D81000-memory.dmp

memory/5044-1711-0x0000000000DA0000-0x000000000124A000-memory.dmp

memory/5044-1712-0x0000000000DA0000-0x000000000124A000-memory.dmp

memory/1116-1765-0x00000000001A0000-0x0000000000D81000-memory.dmp

memory/5660-1790-0x0000000000720000-0x0000000000BCA000-memory.dmp

memory/5660-1989-0x0000000000720000-0x0000000000BCA000-memory.dmp

memory/3364-2122-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/5496-2123-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/5496-2325-0x0000000000550000-0x00000000009FA000-memory.dmp

memory/3364-2808-0x0000000000550000-0x00000000009FA000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-12 05:00

Reported

2024-07-12 05:03

Platform

win11-20240709-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\AEGIJKEHCA.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\AAEHIDAKEC.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\AAEHIDAKEC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\AEGIJKEHCA.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\AAEHIDAKEC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\AEGIJKEHCA.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\AEGIJKEHCA.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\AAEHIDAKEC.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AAEHIDAKEC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AEGIJKEHCA.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1448 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1448 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1448 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3040 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe
PID 3040 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe
PID 3040 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe
PID 3040 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe
PID 3040 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe
PID 3040 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe
PID 4592 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4592 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1440 wrote to memory of 4636 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4636 wrote to memory of 4392 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe

"C:\Users\Admin\AppData\Local\Temp\aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe"

C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe

"C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1904 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff68c7d8-4a19-4a06-afa8-76adce81510b} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78614967-18c9-4586-ad60-0f5004d6ad0a} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3260 -prefMapHandle 3256 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e8ae51a-8f91-483d-bd91-86e84cf23130} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3616 -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42749d2e-c38c-4a70-b9de-da636f98152a} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4680 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4540 -prefMapHandle 4664 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {470de6e0-1ea1-4154-81fb-d35358ae35b4} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 5268 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86c89247-2989-4ca6-86fb-c09b4509ca8a} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5456 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fff7103-3b44-4e14-a851-5b9a8cc69e9a} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 5 -isForBrowser -prefsHandle 5180 -prefMapHandle 5216 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b6d3037-203d-42b1-95d1-7843d25b01c9} 4636 "\\.\pipe\gecko-crash-server-pipe.4636" tab

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\AAEHIDAKEC.exe"

C:\Users\Admin\AppData\Local\Temp\AAEHIDAKEC.exe

"C:\Users\Admin\AppData\Local\Temp\AAEHIDAKEC.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\AEGIJKEHCA.exe"

C:\Users\Admin\AppData\Local\Temp\AEGIJKEHCA.exe

"C:\Users\Admin\AppData\Local\Temp\AEGIJKEHCA.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49900 tcp
N/A 127.0.0.1:49908 tcp
US 52.33.222.107:443 shavar.prod.mozaws.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
GB 172.217.16.238:443 youtube-ui.l.google.com tcp
GB 172.217.16.238:443 youtube-ui.l.google.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
GB 88.221.134.209:80 a19.dscg10.akamai.net tcp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.78:443 redirector.gvt1.com tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
GB 172.217.169.78:443 redirector.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
RU 85.28.47.30:80 85.28.47.30 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
GB 216.58.201.110:443 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com udp

Files

memory/1448-0-0x0000000000500000-0x00000000009AA000-memory.dmp

memory/1448-1-0x0000000077686000-0x0000000077688000-memory.dmp

memory/1448-2-0x0000000000501000-0x000000000052F000-memory.dmp

memory/1448-3-0x0000000000500000-0x00000000009AA000-memory.dmp

memory/1448-5-0x0000000000500000-0x00000000009AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 b216ac082608e4fd08c4dfb765dd61c9
SHA1 9f9eeb5f1d152e1d0d24dc51e910f772f0acacec
SHA256 aba717ff50dd3ff2b81104e804cef5cb531a0b39b1b7dafa5fa65cf0ba7606ad
SHA512 51accd2042eaf9459c5b60bf79c0f786f33058be3ccf853fc6e8a1bec3d4aa992d17481a91e9f9370bd836fb9eea67155368c34f01f9b940d39d1f141b25a495

memory/1448-17-0x0000000000500000-0x00000000009AA000-memory.dmp

memory/3040-18-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/3040-19-0x0000000000E01000-0x0000000000E2F000-memory.dmp

memory/3040-20-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/3040-21-0x0000000000E00000-0x00000000012AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\c2c7939d0a.exe

MD5 b5f67083e086299287f0dfb2a7bef96e
SHA1 dccf58d99cd7153859d1ad5a1c3f7e348e2ebbb7
SHA256 1b6722f558bf4483253663180682caec67066261bc0414d12d6e1622cb848d80
SHA512 55c4f5d435a1a27e6c8e14c88e454da4dc2398076f4596a6f983184831db0119c58be9c82b8ddf5ef37265b65b5cea56e5963c871b2be0f8e88064224681d654

memory/1344-37-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/1344-38-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/3040-71-0x0000000000E00000-0x00000000012AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000011001\226c8c6353.exe

MD5 86037c510a58b81892f98de398dd778a
SHA1 0f85715b93e6fc8bd7a8218d0bbfa44a90782491
SHA256 482eff0a8df5b73a7d3c7915c4d4c058e80445ff38f0133b9c8c125bec84e54b
SHA512 17de2e8c469efd2cd79df22f93a13c2b2487892650eb7ef88db0222087a1662147e14e9b2acf45ac11bf0e192715a8dbdd7b203e7cf845516b92d89e40ce3187

memory/2308-97-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/2308-98-0x0000000000E00000-0x00000000012AA000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\activity-stream.discovery_stream.json.tmp

MD5 73c90ae0ef84bfdac4e0f1a159ba1f27
SHA1 03826d4ff34ba38f2784919336666f009c129be5
SHA256 5db58e00be2cdc018d6ffca83c9adfab6818038cca5fde209f525f6c3a46b9a9
SHA512 ba01402914cfdb6f7ce430d0fb214993acf0fc562e58af003dc1854e8137e3b59c0bd5e3f55df831ff08aed9e5c1b4807f531663e6d84565caaf5ee0598591a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\a14bc278-546f-4114-a531-5df14c0453e6

MD5 44da68470007b492fd6ebb75cc0ff60b
SHA1 1998dd2cdef0133105a40eb6e2d495b78df79b3a
SHA256 a35ba0c5dc70bc1dbda63977e76c963509956d182ad928fd3eee93647fb01217
SHA512 3ca0d833ee48c60ff9bc02d17717a078a9db297686b86327fad05dec550758e1a9fb9fe4f631e5643db344a0651e645ceb3d9c0bffa8501c846a03cd80b36055

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

MD5 8358d810ea7cbe80007cd3c200934c76
SHA1 4c3ecc73f4e8d3d4b12dbdd02c95c797a4a1df48
SHA256 94e2e6735ad121676c2bbfd7dfe10d1b35d77d9e4ed5d4c884ed02d40c7f7e75
SHA512 e95f0985b6bf39d7f77c3c884425228802b3dece8abbd97dd8b83acc1a4720ad366e24b0c36eb24188e586b398854557e9fa9ea0e2e84be2b63a7ff8d0ba6877

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\c3d90760-5219-47d7-af8c-1d799f41f32f

MD5 952733b62f7e792b27265e538e9b263b
SHA1 4544fc9dede266925434a1d020f06dd7b61f8823
SHA256 eb45c4149d899a52bd6bf715eaa40be9c0efe49684f4cbeb5f3169ab8cd87b68
SHA512 d6edaf4598f07c576c09a521a2f14ff2369f9743c95487833511ad3ca7d8a9635e4058ec2e56f324128d3b82283e79ea76fcb3d8050974416f2c37fb42ef3862

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\00697d61-6c28-4bbf-b8bd-7de95d71fdd3

MD5 aeedcb555a27f28d95d82ecfa4de009a
SHA1 2aacaaf58a03bbab8c31116e4b559d828c814ba8
SHA256 d0c56e6594e6ae19f7bd97a01dcc2b8458cf04044e4b0a07d76a51a71b10e022
SHA512 80928c1c4aa71666068d36a01d0421ab3798a2e513d82da61e49f9426f3ab175286794af891c373dfe9cd65debf44b86abc3555fe3e0d2527e16b21d527c8b92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

MD5 62264da14d5d71e5a1904b7ed6fa9892
SHA1 577fbdd91b75c2299ed26db738749a2d823256ab
SHA256 5810ceb69cf41f08f68ac2f64bbd4a67d5dd02d956b9d8129ac51a46d555d371
SHA512 ac16997168da602e9be4696d0bbca26ea1f94630eafeb24dc2dd163c8f9eb7dd108aba2ddfdd5e355beeebc2df64834da1768728fb4ef0c169ba2d4f239d26d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

MD5 79006a035d184dae0cf239fe476a1513
SHA1 eddeecf95089c8222e75b1138a2877154008a068
SHA256 00e01c40f47ffef6c99442d894e7092118335346ede3946e5cc4591ae179437b
SHA512 64efec41e33e9c45c200d8d7e3b44c1bb29e28b5e67a29b77a20bfdd36b1e952d7eeb0ad0217ab5b866c6b1bf732a627df738cb2a88d57e0c8564bb35e7c8c3c

memory/3040-392-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/1344-391-0x0000000000E80000-0x0000000001A61000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

MD5 5d1cfd79521fa8647c1d6e59731215fc
SHA1 28a3afca295e02d9abf377b5fbfced8a57f7bed6
SHA256 3d28281662df2023090f5b2de1d2c43999dbf3ecf6492c2e9bbc2a0fdb50741e
SHA512 c146079d53f6e2d477bfdd9baece17315fce647cf0e0135ac9f4dbe76617eff3cee25edc36db48b8930a4546e2a2b149989be1c793e4c6513b72fb7eaddcd9f6

memory/3040-441-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/3040-451-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/1344-460-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/3040-461-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/1344-466-0x0000000000E80000-0x0000000001A61000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

MD5 f81385a3c1d3e53dbf61be1e8fbe8c95
SHA1 7ae7826c55d54bfed8b97fab442105c16be75f70
SHA256 29a7456e0b58f9da7f8af9eb1111834be71c975f8b5a81c772a6dc9869d5a5b4
SHA512 d54603648d24ba4e6319a1d725847bfc28112901c840a82cc5901eea634fb035e01dd000bb5d3fc90adc7bf881755c7a213702e6efb73df74884df9b186b9329

memory/3040-497-0x0000000000E00000-0x00000000012AA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js

MD5 f018298583eebb6574955261708df58e
SHA1 ce986a9841f2c64b0476feedbfa7d06d994fafc7
SHA256 2cd3dc19d048865642d7619308f5778464b126fd23965c84d54be13334449b5c
SHA512 8d568285bd94b1cdf9a28e4292a508cf0f125772939709b154d73743690eec04a888e2c63924293349f00ab6259bda6f02c9979fa0fbef93a73ac4eb667cfe96

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 2ae25fb44e5328f7939594c14cfb9dd6
SHA1 d8f9aeaca3d02e4e6412a5aa64cb2cc474fbb4ce
SHA256 3eae3969cae6655264c3e50e537e3aa1990f530934ca39e305ba09b887d7f5b6
SHA512 0c3512d6c6efd1be482752c05d2d61a6efcc67c57a19abe01d4af4080454c0254cbad87651337969e08a0bb9d7034fd94b4a7a0eaad2c16811d49fa094be9c57

memory/1344-583-0x0000000000E80000-0x0000000001A61000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

MD5 aabbbfdf331f85e9f3f9b3cfa9843e8b
SHA1 ea5f7c091c90684045df23514f041522be4c7ad7
SHA256 79f263e565f2b08eac1063db80be481e914b396bd805a0ac0023136bc11e94c3
SHA512 12d43fed85ceae1f2cae4ee9f696cac8b771b6ec44059ece9fca42ad841656bd963984344a07698333b9ea4b5055b03f4efdc7a90c6ca8cb8b56d290b7e3a1bb

memory/3040-599-0x0000000000E00000-0x00000000012AA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js

MD5 c89c9ebbd1472c664aa10a53d2ee2f4e
SHA1 39c788c56ca40679583dd8a322c528ac217f327d
SHA256 9c39ea2e1643177d2104abc99117be28ef6c4545b942b5e5ea3a5b68baf57502
SHA512 5c8cb169ebe1665902e3b34a978abb5ad1cd9d3f2095fb3c38632ebd57d8def756ad02b9b63637765f3d967932923518b06097b8ba2ab3b627a6add91915c417

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 42e5fff3833929d92aaace0d38654ab3
SHA1 6a047bfebdc058982bd6b4ecf70a70f028761611
SHA256 1913972e83ab722dd064c8f9f9af02fd2567ab08c4594e6616d0a96e38fff97b
SHA512 311dbb2c717113fa9fd39fbc9b7adba467e6aa76793e652f1d857a5b64e5a70b615365639b3501d7e43d223f8384ccaa1d0f79b79c08791d62846375eea4d0ba

memory/1344-727-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/3040-838-0x0000000000E00000-0x00000000012AA000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cookies.sqlite-wal

MD5 0a6e2f1f40636d634e12e15fb1420054
SHA1 b872da95ded584a32d1016cd58e1fe18b5016ff9
SHA256 16a280c604c5a7004a64a112387ff1d0c250e9e443c013bb59e1843fe99d4d27
SHA512 307f324345d66297aa0910fec7ad63c6c76cccaf752f52af593b15c3d2e8dd77d1e910f29967fe0ec1b38bb82f28469480300bdf32bfbef4c7aca59069a4a21a

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\places.sqlite-wal

MD5 c63c3f954889b2d51f1802dbfa85ec85
SHA1 d3401fd596e8264ad0a1ac6a03c6dd76b8533fce
SHA256 3231a7c9d4a3b787e8758f1a7f28ef7f03b5dd2bcb7023bc239f0acb30b7831c
SHA512 e43192ddcedeb8c7e53c89e4401a8ed963ee5124bd9039a10abb969accec1987e7496bff92217667837d7beca290e98367bcfbbbe9699489c8550f7e89f94484

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js

MD5 7b4e644baa136ee646acdd393c7fa296
SHA1 6f4f15f4efb19816d7313a2215f5f73a389bd696
SHA256 2ad460419d75fbd04a48b905564baa5acae954d65390f53e8bbe1a16ab429da2
SHA512 52b8b929196d4c610f99f63bbc74fe44c2c0601c59d83a273052ccdc7c54faba83e33de7a1888205d752705fc4c52a4435ef417bef5e58ec5594d416a10692ea

memory/1344-1005-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/3040-1079-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/5020-1107-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/5020-1108-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/1344-1109-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/3160-1124-0x0000000000FB0000-0x000000000145A000-memory.dmp

memory/3160-1125-0x0000000000FB0000-0x000000000145A000-memory.dmp

memory/3040-1173-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/1344-1339-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/3040-1471-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/1344-1512-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/3040-1657-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/1344-2011-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/3040-2068-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/1344-2438-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/3040-2470-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/1344-2892-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/1344-2908-0x0000000000E80000-0x0000000001A61000-memory.dmp

memory/2824-2912-0x0000000000030000-0x00000000004DA000-memory.dmp

memory/2824-2914-0x0000000000030000-0x00000000004DA000-memory.dmp

memory/3040-2915-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/5028-2918-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/5028-2919-0x0000000000E00000-0x00000000012AA000-memory.dmp

memory/3040-2928-0x0000000000E00000-0x00000000012AA000-memory.dmp