Analysis Overview
SHA256
ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5
Threat Level: Known bad
The file ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5 was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Credentials from Password Stores: Credentials from Web Browsers
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Identifies Wine through registry keys
Reads data files stored by FTP clients
Unsecured Credentials: Credentials In Files
Checks BIOS information in registry
Loads dropped DLL
Adds Run key to start application
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Suspicious use of SetThreadContext
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-12 04:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 04:00
Reported
2024-08-12 04:02
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\d6d5a874e3.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\5946973d7f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\47a74827d5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d6d5a874e3.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\d6d5a874e3.exe" | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1200 set thread context of 5052 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\d6d5a874e3.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 4788 set thread context of 1308 | N/A | C:\Users\Admin\1000037002\5946973d7f.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\d6d5a874e3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\5946973d7f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\47a74827d5.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe
"C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\d6d5a874e3.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\d6d5a874e3.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\1000037002\5946973d7f.exe
"C:\Users\Admin\1000037002\5946973d7f.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\47a74827d5.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\47a74827d5.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7471ebbe-527f-4be4-88e5-3bf7f3901705} 3180 "\\.\pipe\gecko-crash-server-pipe.3180" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b51832b4-673e-4edf-9bd9-856695fb8fdd} 3180 "\\.\pipe\gecko-crash-server-pipe.3180" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2928 -childID 1 -isForBrowser -prefsHandle 2620 -prefMapHandle 2864 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79959629-80e3-47dc-949a-256e1c08f8f8} 3180 "\\.\pipe\gecko-crash-server-pipe.3180" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=928 -childID 2 -isForBrowser -prefsHandle 1240 -prefMapHandle 2996 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {694203e3-dba7-4b7d-8a80-ef63d4dc34d8} 3180 "\\.\pipe\gecko-crash-server-pipe.3180" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d505cc90-ed8c-4836-89ce-1f438a95ff6d} 3180 "\\.\pipe\gecko-crash-server-pipe.3180" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 5196 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4b94a50-d6f4-47bc-a3e1-00e09d762951} 3180 "\\.\pipe\gecko-crash-server-pipe.3180" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c87c6e7-4fbd-4ef9-8156-ffcc1b12b446} 3180 "\\.\pipe\gecko-crash-server-pipe.3180" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5636 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fac6607f-b55f-483e-92da-152cba030d53} 3180 "\\.\pipe\gecko-crash-server-pipe.3180" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6324 -childID 6 -isForBrowser -prefsHandle 6252 -prefMapHandle 6316 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfecfa22-a4ba-4661-9e32-491b8190b2a7} 3180 "\\.\pipe\gecko-crash-server-pipe.3180" tab
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| US | 8.8.8.8:53 | 100.113.215.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:53491 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.99.165.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:53498 | tcp | |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| NL | 142.250.179.174:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r3---sn-4g5edn6k.gvt1.com | udp |
| DE | 74.125.111.136:443 | r3---sn-4g5edn6k.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3.sn-4g5edn6k.gvt1.com | udp |
| US | 8.8.8.8:53 | r3.sn-4g5edn6k.gvt1.com | udp |
| DE | 74.125.111.136:443 | r3.sn-4g5edn6k.gvt1.com | udp |
| US | 8.8.8.8:53 | 136.111.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
memory/4396-0-0x0000000000740000-0x0000000000C03000-memory.dmp
memory/4396-1-0x0000000077DD4000-0x0000000077DD6000-memory.dmp
memory/4396-2-0x0000000000741000-0x000000000076F000-memory.dmp
memory/4396-3-0x0000000000740000-0x0000000000C03000-memory.dmp
memory/4396-4-0x0000000000740000-0x0000000000C03000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | 5b496c08c6603286a74edf4f17a1f7e5 |
| SHA1 | 343311b9d583bde7ed9039731036fe7fd31cc701 |
| SHA256 | ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5 |
| SHA512 | b2f80db9884dafc865f351bcbba774a342e10127ff3d720691d4f347a73ed1edab6e76d76f10e0b99e0d2a667675f5a2f5cb756b8d4240f21c75ed9ba1aa9c93 |
memory/4396-16-0x0000000000740000-0x0000000000C03000-memory.dmp
memory/2016-18-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-20-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-19-0x0000000000151000-0x000000000017F000-memory.dmp
memory/2016-21-0x0000000000150000-0x0000000000613000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\d6d5a874e3.exe
| MD5 | f5f1e8f743ec3d40dbe97e0e67e14861 |
| SHA1 | 14b889a8602eb0d8c05f4bd415977c99fce99b90 |
| SHA256 | a3c814c3833951d016c68679e2f8902cc1ba30d8acbb14a64aa3a58e3f23d51d |
| SHA512 | cc23bf8b3588fc68e2641c813c2ce1eaa7aa8d123071def3f88fc679abaaffed0d22fdb7e36e3d782170b69e62f0e4585a30f591d328d5c83039b997d8a30732 |
memory/1200-40-0x00000000739EE000-0x00000000739EF000-memory.dmp
memory/1200-41-0x00000000002D0000-0x0000000000400000-memory.dmp
memory/5052-43-0x0000000000400000-0x000000000052D000-memory.dmp
memory/5052-46-0x0000000000400000-0x000000000052D000-memory.dmp
memory/5052-47-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\1000037002\5946973d7f.exe
| MD5 | c05fd08043fd1dc414300a92bc73e1fc |
| SHA1 | 9d3c8c2a2bd2881606dc2a826aad65f63a332853 |
| SHA256 | 531cbb2c4dbaaea781ad6798ce36c7ce254c8f88a892dc42ee0aaed205e1a73d |
| SHA512 | 43f00dbf42c84002b4ab46b907953c1236407cdb55001d01ac193a87e3fab9ecacdf4bbac7d2a02297a41f4e62a2a37b93c2e8b559e791c5484791f2faa1d065 |
memory/4788-66-0x0000000000320000-0x0000000000358000-memory.dmp
memory/1308-68-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1308-70-0x0000000000400000-0x0000000000643000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\47a74827d5.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/2584-86-0x0000000000130000-0x0000000000373000-memory.dmp
memory/2584-87-0x0000000000130000-0x0000000000373000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\1634055f-7cb0-47eb-a35a-955a82fb28b4
| MD5 | f9b5f5ff4917f0d6789300c897c57277 |
| SHA1 | 2a5265acc663317ef8a411914ee82a43378532e2 |
| SHA256 | 9cb87acee519466923c60f59264881ab3ef50bfdc605d6cdbc62dda699fe372e |
| SHA512 | 9363e962c1fc0525fa59cb5eda6938433fc398b83e19e788e0e05587ee911a8f866ca88aba8d9cf1b2e202ecdde5186fe2a5e51d4b6d1eae2c68553050994eb9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\2692edbc-a5e1-4cfc-a0b1-7c72b4e6849d
| MD5 | 8215473a00a983e0b7fc3ba6f61073d5 |
| SHA1 | b7b739de238b1e5d87a805e0fd55ac0462452733 |
| SHA256 | 7139c24946a19bd1d9b5b459b1e2d09acb0518f4966727b2c99b8ea58bbaabd4 |
| SHA512 | d45ecc49f3e793d0a7537fc6c1b4435295f26f03f58524297b40d3c09c3ede498a0b51a591c2ad855a7fbd6af773a643d73a9fc14a5c300509d55e2b4514a50b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\89d7a29b-8ae0-4f60-babf-f46c70aa269f
| MD5 | 4b0f91b97fb5f645d5d227c441ca09de |
| SHA1 | 5796c1acf3a9b8e4a043150903e160147ca8d811 |
| SHA256 | 956ad19ca53645dc78abfcc83dbb97b6f9b8866a4d64a21cad46b8aeea9f0958 |
| SHA512 | d6d701250f82eb827c42e9f0e3012eed61b5f8a0047954256e4720dd6de421f59fa21608cf8383b2a1c9649b1db4da2137d20a843df1c4dc4c21a0c4705599fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e9e3e5c83035064a492e080394fb6993 |
| SHA1 | 613678055ec776d38c8e2b9a1e73683b1de61fba |
| SHA256 | 672d7ded46c952c1c894542a3a646e92901540d93d9a74d2d91b15dc39e1a1d1 |
| SHA512 | d9d19385586a08da523fda04d32492f0ad8b58fa58388efb89d6a55070617568fa06edd82c94672c409c885a900e99199915ded422b94fa4506a1644a5d36a02 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js
| MD5 | 52e3b5d3fb81be8f289ac40f64133534 |
| SHA1 | 0aaf8661af9f96d0dc2dcf08b4c857a3efb0c7aa |
| SHA256 | 053732947cd2c7fd1b4fae3b6e648f1637a9901aa233d3174469e0938afeb13b |
| SHA512 | d474cc5fb946683d439673d76e62460938baad46f125e385f3614c1ee43739a4fa913da15ff7dcbbf8bbd376f237db2e2e06dd6658bbbef8c2ebec9af51822a4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin
| MD5 | 6bc89396eb7758e9c022ad30bb9efdd5 |
| SHA1 | 00ee03a4b6899dab8f1467dcba94bbd93802a6f2 |
| SHA256 | fc7e09a2e31b1912f21b8ad28fb42959b2b1486dc6b5c9f2b4c4944696df24f2 |
| SHA512 | 08ea95cbb5d31c71791a6f39b72ed8e71d89a122a2f267ed849892d153251511de1a853ec116472e859337eb847e9bbc92c1126746a75ade3785604809a76608 |
memory/2016-415-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-426-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-437-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-438-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-443-0x0000000000150000-0x0000000000613000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9cd059eef6e97092e1360212847f3b2d |
| SHA1 | 2105531f18c36aadaa94160739d080694715435e |
| SHA256 | 03005282266a9e38b7696d865af2d65384fdc603b906037095134731ec5fee0e |
| SHA512 | 366d27f8dd2e98520996afad74469b4d5273f517ec7934f84e1f4ac32906683d835d8a6ce41f1f6f6779b04ff6467a1569c6beed0bcff34519419875b7e3073e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js
| MD5 | 0687bb6e9873cf66677dbfeb2d2d5206 |
| SHA1 | a0250aaa2e1753e3ba803b2b0be0f1cb80865d1d |
| SHA256 | 9196fc947c176b13717c60672a8ed4aed7b92781f1daad52c2888bfb5933093a |
| SHA512 | 8bbcf6660255f5062ae6f4a99647b68943e65a643d720e2883c9a421de555aa9fa8f6c1d5745ae58b430f98a8b66e0ec06f0a52de2473316a91a7c205cdff9d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js
| MD5 | 5f3c229f7f2b3288d86ae8c97f29206b |
| SHA1 | dc2ada874b8b5af6ccd11c5cd5bac50d851244d2 |
| SHA256 | e493c1b745ade3a477cf05468ab77d804d4b83dc2058f92ebb9ea1e10b5e820a |
| SHA512 | 55dd0bb00cbf466c963b93668c78b1691bc144a172f9a3b078387f3847c8fe8cb32e53b6cf0b624f4e94ef603c822d3c0abfb5136c3424be0ca1b5c805b7e938 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | 06df424d5f737566867544a07bd0e400 |
| SHA1 | 56d523a7c6bf3988dddb55b6177c7b2baba0726b |
| SHA256 | 33ec0b3e9258318c3e2df991f7ce10c82d67fbd2f6ba7f266e92ef7c194d96fc |
| SHA512 | c94455aef79aa6a8d27ed4b136c9a60e93b18d865910454d77cf742b18239773263768c0891f9868603049912d09c40c78e59b2c6773053159374bcda7c63c69 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | b6b5118182810be01de8ffb49d702d41 |
| SHA1 | be819c265f746e5b58b977c3596c9701d9b2474c |
| SHA256 | 99e9ceba29c95eb39697252be82c86ef51ea873363909a1b13fc015aaafd2110 |
| SHA512 | 6004934d791bb0ccb328f23ba5539190690cca416e65aaf75837175c4d0f2d30174c160069307121b0da36705ac65010c07c0d4b35cd72a2415983952139dc90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js
| MD5 | d5c548998174330a180bd4aece0a7043 |
| SHA1 | 513658f0bf2cd80f109ad73a8b9c59edc8b19880 |
| SHA256 | c10464197ad66262e743a466983fe7d628970646abd57464df5166ed73f32807 |
| SHA512 | ed53a07cc5fd318f2aed94e23a1e0ab6c0cf5b0b6b31d074d6ae98651f5073aa7a07e40abc569d45a2c1a51bd166867567a1fe7c4692cbdd9c7b686ad5e82e73 |
memory/2016-1160-0x0000000000150000-0x0000000000613000-memory.dmp
memory/5796-1377-0x0000000000150000-0x0000000000613000-memory.dmp
memory/5796-1405-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2178-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2607-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2613-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2615-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2616-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2617-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2104-2619-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2104-2620-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2621-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2622-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2628-0x0000000000150000-0x0000000000613000-memory.dmp
memory/2016-2629-0x0000000000150000-0x0000000000613000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-12 04:00
Reported
2024-08-12 04:02
Platform
win11-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\28d908c376.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\8986e5c397.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\5946973d7f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Software\Microsoft\Windows\CurrentVersion\Run\28d908c376.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\28d908c376.exe" | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Checks installed software on the system
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4276 set thread context of 2372 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\28d908c376.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1056 set thread context of 2316 | N/A | C:\Users\Admin\1000037002\8986e5c397.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\28d908c376.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\8986e5c397.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\5946973d7f.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe
"C:\Users\Admin\AppData\Local\Temp\ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\28d908c376.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\28d908c376.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\1000037002\8986e5c397.exe
"C:\Users\Admin\1000037002\8986e5c397.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\5946973d7f.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\5946973d7f.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fc760da-e3f7-4048-906b-ea6e70cbbc5c} 1228 "\\.\pipe\gecko-crash-server-pipe.1228" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2280 -prefMapHandle 2256 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a54ac316-a577-443d-8f1d-519e4441da3b} 1228 "\\.\pipe\gecko-crash-server-pipe.1228" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3108 -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2688 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8205a63b-3afb-49a1-8ed4-077a324ce461} 1228 "\\.\pipe\gecko-crash-server-pipe.1228" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3720 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 2960 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f7a78a5-0d02-4f36-ad52-9b587c21135f} 1228 "\\.\pipe\gecko-crash-server-pipe.1228" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1284 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4508 -prefMapHandle 4504 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c7f7468-9d20-4094-8dfa-6a630d1f8fe5} 1228 "\\.\pipe\gecko-crash-server-pipe.1228" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 3 -isForBrowser -prefsHandle 5472 -prefMapHandle 5456 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40f114a9-4141-4e00-8ce4-eb21810ae2d7} 1228 "\\.\pipe\gecko-crash-server-pipe.1228" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 4 -isForBrowser -prefsHandle 5624 -prefMapHandle 5628 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5efc00e-452b-4c91-8542-32794c2164cd} 1228 "\\.\pipe\gecko-crash-server-pipe.1228" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4620 -childID 5 -isForBrowser -prefsHandle 5844 -prefMapHandle 5848 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdc5bd1b-8b39-448e-8a74-71d5ca3ee481} 1228 "\\.\pipe\gecko-crash-server-pipe.1228" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6296 -childID 6 -isForBrowser -prefsHandle 6352 -prefMapHandle 6348 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75b4dcde-c885-4f00-b8e3-4aa0374cea5d} 1228 "\\.\pipe\gecko-crash-server-pipe.1228" tab
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 19.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| N/A | 127.0.0.1:49858 | tcp | |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| N/A | 127.0.0.1:49867 | tcp | |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| DE | 173.194.187.41:443 | r4.sn-4g5e6nsd.gvt1.com | tcp |
| DE | 173.194.187.41:443 | r4.sn-4g5e6nsd.gvt1.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
Files
memory/2340-0-0x00000000006E0000-0x0000000000BA3000-memory.dmp
memory/2340-1-0x0000000077246000-0x0000000077248000-memory.dmp
memory/2340-2-0x00000000006E1000-0x000000000070F000-memory.dmp
memory/2340-3-0x00000000006E0000-0x0000000000BA3000-memory.dmp
memory/2340-4-0x00000000006E0000-0x0000000000BA3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | 5b496c08c6603286a74edf4f17a1f7e5 |
| SHA1 | 343311b9d583bde7ed9039731036fe7fd31cc701 |
| SHA256 | ccc2a60072b214515b1ba5af3838f7c41d5c15531a2047f812588429f8264ee5 |
| SHA512 | b2f80db9884dafc865f351bcbba774a342e10127ff3d720691d4f347a73ed1edab6e76d76f10e0b99e0d2a667675f5a2f5cb756b8d4240f21c75ed9ba1aa9c93 |
memory/2340-17-0x00000000006E0000-0x0000000000BA3000-memory.dmp
memory/3440-18-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-19-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-20-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-21-0x0000000000260000-0x0000000000723000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\28d908c376.exe
| MD5 | f5f1e8f743ec3d40dbe97e0e67e14861 |
| SHA1 | 14b889a8602eb0d8c05f4bd415977c99fce99b90 |
| SHA256 | a3c814c3833951d016c68679e2f8902cc1ba30d8acbb14a64aa3a58e3f23d51d |
| SHA512 | cc23bf8b3588fc68e2641c813c2ce1eaa7aa8d123071def3f88fc679abaaffed0d22fdb7e36e3d782170b69e62f0e4585a30f591d328d5c83039b997d8a30732 |
memory/4276-40-0x0000000072C0E000-0x0000000072C0F000-memory.dmp
memory/4276-41-0x00000000000C0000-0x00000000001F0000-memory.dmp
memory/2372-43-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2372-47-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2372-45-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\1000037002\8986e5c397.exe
| MD5 | c05fd08043fd1dc414300a92bc73e1fc |
| SHA1 | 9d3c8c2a2bd2881606dc2a826aad65f63a332853 |
| SHA256 | 531cbb2c4dbaaea781ad6798ce36c7ce254c8f88a892dc42ee0aaed205e1a73d |
| SHA512 | 43f00dbf42c84002b4ab46b907953c1236407cdb55001d01ac193a87e3fab9ecacdf4bbac7d2a02297a41f4e62a2a37b93c2e8b559e791c5484791f2faa1d065 |
memory/1056-66-0x00000000006D0000-0x0000000000708000-memory.dmp
memory/2316-68-0x0000000000400000-0x0000000000643000-memory.dmp
memory/2316-70-0x0000000000400000-0x0000000000643000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\5946973d7f.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/2452-86-0x00000000007A0000-0x00000000009E3000-memory.dmp
memory/2316-87-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\4457ad61-4005-4509-8a4f-d8b8375dd550
| MD5 | f6b80e5813dd3403233c8ed6f1edbca2 |
| SHA1 | e8c3ea9c9fa35bf9b6bac1c26f4b45add04794d0 |
| SHA256 | 6af8b74e708967eed080d11d0dc128c752177aa4d1801839ce662e9264589664 |
| SHA512 | 6c740471d5a319ca869ece36bf3a7e4c89370c3cffa976b57158d570ba4fe4ab8a869595d0a041412d2dda855172cfbdaab6e5238ea079d53e14823fbc3f9e4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\087faaa8-9356-4972-a941-6ba5fad93489
| MD5 | d2956c37b8a9a317a74d10eaeefc8eba |
| SHA1 | c0f358f6ce3afbdea5ee47e2a826ea2b21c1d70a |
| SHA256 | 1b9ad7635ff31fe58aa24ae3cb6ec55ef7773e1bbd0768ac49bcf38cddbd4907 |
| SHA512 | d83dc6546c4c4c2d6fd289a99fb515c087195182d887dfe77a87449fb2cfe1581ac4e9b04a93c8bcd26916e4ce331bde0152ec741b3e4d76bd0dac9aa0fb0703 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d2886145c021111532aa61b25091756d |
| SHA1 | e4bace2e6310253f59b06a5adfd629c8e2cb845e |
| SHA256 | f4d7670e12221c320f0d56906dbbe66419c1e4fc06e7956807c992c30f1850b7 |
| SHA512 | 50adb19f6453929062a65dca0d275f73dd7282eb95d00f20b19d242030e12e069cb6c7c89f02dd55d2a0f22243a0767b857a8cb1037e334d1eb7f94f22f0b6bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\d6c9c986-57af-4627-9173-e3cd068db553
| MD5 | a27ceb503b57641f841650c503f87254 |
| SHA1 | f7beea0efbc8df0c69559a60c4f0b32cf8c154f8 |
| SHA256 | cc32e383afb777c55a3d0987b6a3a2e4cd1ec3d8ce56056646842dbe31989e0c |
| SHA512 | ea5202121c5a4fe4951089208b7e6640365de1f36366b4a4374d5ce89e332b2517dd5bdd16938de07d1ea8748c0e5d8e75942e34b22f5514ea6ff697ede37b97 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1778af45615cfd4f237a052b9e6e88af |
| SHA1 | 4b494dda46b3d26c88f73b21e931bc0a5c093721 |
| SHA256 | dff915e9e10507af37ddfbbb72a705e414e783e3b79656569f7be6061bae849a |
| SHA512 | c1b620a52a08e6fe67bf0ca760a2d9ccec77cf17bbefb6bf6a29e7b3b65a0a80ad1c98b7582ac1307be213c2412b62bd5bbdbf117f8f573801a79778450d2e27 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin
| MD5 | fbbb3af1cea26fdf8475f2c175bbdb6c |
| SHA1 | 6369ce2847883fbf049279c59f4a9e1c2920890a |
| SHA256 | 85b710351ed08c455c1de6771bb41fd8b5e7ccd40c9340fd08133ce0efd09443 |
| SHA512 | 389c7caccefac599c5f01b226844e36ed9ec90402ca0a57e9a3ddf8036479421623031baaf1655fb1dbbe5f53e4984f1a6240c8099f5291440e5d62a7f08866f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1b142af34f641c3046872b9d2d22eac1 |
| SHA1 | 3225871605bed9239495a2541c3c8115ff47c2a9 |
| SHA256 | 8bb2b9b1a4ef806dbf0d6a789d5c392eba51d890bc382726f93b002d79d919b5 |
| SHA512 | 2cc50df490becc63761c6aab54a3ec02f46bf8971f47cff44cbbf5dac3e2a525b8fef709423239d9aecfe2f13681125de5edbb8dede13c58e77cf4b08a942b48 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\activity-stream.discovery_stream.json
| MD5 | 4ef88b152e14e9219e19eb3120ce1ae1 |
| SHA1 | 4ae904e1cc9c028c0755dd5ed396a095329b6621 |
| SHA256 | ff3e64e72c9305d7d8decd7a6ac2683597b5b265a9fc972d23617cff96e87145 |
| SHA512 | daa4bb92c40d4b31cdc8f3be8d5242ae8172969ea32f818a994b8b9672b3fb7273b001eb2e43c2897ba39d88286433bf48511387641005ee980e4d17fd42a7e4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 4ee9cc2d3741e6cf12f4c1753f692d78 |
| SHA1 | 4c510dc4b325ca08975acb454165920cfc79cb70 |
| SHA256 | f2685ae95728cb293c7697bb39b1b95b6d434a507a37223833b62cd4e9bb717e |
| SHA512 | 78e9634bde81f1c11f4026f7258847dd36aa2f9aafaed44087ac405a843d25f0a62afe87e3b044edd56e2f652b571f63252a4270089d00e1d38a74a6390a028b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin
| MD5 | 8075c370b7a80d28702315e9cfc51ea4 |
| SHA1 | 50161668fda2930b9aeecf1418a73bca124a22c1 |
| SHA256 | 67b47556a645d4c3aaf558f7c91135547f364d1d41f1a95194edcc4867940da3 |
| SHA512 | 0119cbe04785266ffa77671343f9830ac64705db105ad1fe6cc0b35d8dd7341cee4c81436c1e2f39d0cd1b4433af2c63606ba22d7a61bf152a8913f6d037fb86 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs.js
| MD5 | 63e62f0a11ee11b3a500da3e4a03ccf1 |
| SHA1 | a1c1ca3e66a04545e5c2a25a3c635702cefa0ac7 |
| SHA256 | 59ef6b272261ba1aed0f2c572231d0185481a289544ff5b617582d14d54707f7 |
| SHA512 | 17d024320a9de65b44c92ad9e53a7d1896218c54d3a0cfa39e0c98ee22feeb7399db36c136fbde1b67becdf98f91ee8660bf8aa77f733d95a15046ca908b77a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js
| MD5 | 0146d8ab758001e20244ff0608658162 |
| SHA1 | 384e00fff450c3e32a2cbf4a873bd6339f68f724 |
| SHA256 | 80be065b437e62e05213cd904bb93cc80a3ea8429a08b654fe50da4883ac6549 |
| SHA512 | 02eab0996fb2c45b934684751d657f0e0d1ff1b3a52868414201423ee854687d74772d21cd31989f1b497a14a41ead695661aae31d0c4ea5137316ba759f9dfb |
memory/3440-465-0x0000000000260000-0x0000000000723000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cookies.sqlite-wal
| MD5 | 6dea88812061a9ee96d3fd2860b34dc6 |
| SHA1 | 28e141429ed0ad32761b4bac6b70f702c5c3c2bf |
| SHA256 | 40426ca40725fde7faf01c7fedb056beb908bf6c2b1d6f4a846f56b8386b3d6c |
| SHA512 | a18745e4d9c891cf06cd8f11565514792075c29be4e31188277b7fabc027777b84ce5556daaff5154d04fb8f51a0cae5cc579e1e981c01d1c18cd36b29ec45e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cookies.sqlite
| MD5 | 22c36879e6831b1d3496dc46066c7378 |
| SHA1 | 75ba571d01e5c5d15b1086ab35c149ac43921ee4 |
| SHA256 | c2e48d9e330fa9f3f6056a243f59c3bc42b1656381ed67f1f84946a54fcb252c |
| SHA512 | 433d6d80a1dba4feaa6e7839bcb68e59177b6d14480d67e2063310411e121aa8ae06caea696e30503bc653813e92d051330f54387de9a7363bd54ccd62ef4bcc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\formhistory.sqlite
| MD5 | 97c1441748d6cc3e5a7030cda7543975 |
| SHA1 | f5598a45b101a5404126cd27fbb7f4b70861ee32 |
| SHA256 | 2015b584b844b091d6a6280d45e9a589ea0feacf5f4b19bdd4cc21c60dbaaf91 |
| SHA512 | 29d358ec7725038c6648251d8b9c32f3a40458e9c97926e0000ab42f0369b96d1ba5216eeb7c35800c740633dfd3b1e6e6aa73859644bdb9cdccaf2a3516bcb9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\places.sqlite-wal
| MD5 | a672943f46e75252d08f8fe515850b83 |
| SHA1 | ebcd94df9fa713a87f917bbdcd1aef8fe19fb8f1 |
| SHA256 | 243e9bddd72df0116fdc5acc2a3dd41196f868318c32f36e01630c96d3b0e7d9 |
| SHA512 | 500eeaf5fc8344825fedd624e42f4e0e36b5716e0a1a223fc4778f380b1847699a353b05c8831583686a222385395a7f9f0ed7993b0cee50ab0befb5d145aca6 |
memory/3440-518-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-520-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-519-0x0000000000260000-0x0000000000723000-memory.dmp
memory/2452-521-0x00000000007A0000-0x00000000009E3000-memory.dmp
memory/3440-526-0x0000000000260000-0x0000000000723000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 239704b6872ad902ec0ea9c44119c9fb |
| SHA1 | 3ca1a2e0beaf8a7e199539a4421aabb1fc182439 |
| SHA256 | db860224cea31cf331ec42a53636b8bee8122f7d509dc44c17e0a50e99bd0948 |
| SHA512 | 0c0555e37f65c846cca90905e34ec22ac3e80318c6b5e234bbe6e9984069e0aa475c6e990e5ab5e19a85374a7a05fe197f7cf0b9531132e45f632c7a35ffb835 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | e6a16427ae22f70ce5c4be95cac93d22 |
| SHA1 | 3a1d3846010f8f5ff097f0c4ae5b265ffd514c2d |
| SHA256 | 813b693ca1c3219773e2471d849d147fff38341175cdfcbc0d74c8e803ac1fec |
| SHA512 | 5f8c52eb8aa095605e8b05963d2bb8bbf0e419f97c45646b7ef5b2e83e67a3250baca05851b67745a1f43c6e518ff46b92a5ffa762d92f7bcdeef4d97138521e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js
| MD5 | 2e8b07ecc3a7b8519efe6012c673238e |
| SHA1 | b773d448f7fecea3c35e87c304de66a1d5ada51f |
| SHA256 | 4d99b434a958fba0f7f16744180e11dbe45c2113b848a4aa98b8f145f521b111 |
| SHA512 | fd93ecd3915fba1a776c899f6a4db9673b69a7057b6a4e94328bf5712d2a2368b92416b79fa025ade3dcda3aa8bac20d2392195e78c3f70036aa7eec10af62c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 58fe8717ec26e17249637c889a197bbd |
| SHA1 | 2b37fecff78e82eb16ec4de59c7e3b4875038e0d |
| SHA256 | 2107939574f9abe13350cf9b9099645dd68b85c5d26aaed49111183f802e95af |
| SHA512 | 47b287354f17dd0899c8b09f963b9a3423c7f62e5ebdd507392530bdb4b51f405c6c50074aed4fc1af19bef842ef25f2c427a8556c5419fc66ac7b64bb4d976c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
memory/3440-1265-0x0000000000260000-0x0000000000723000-memory.dmp
memory/2060-2050-0x0000000000260000-0x0000000000723000-memory.dmp
memory/2060-2121-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2645-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2647-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2657-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2659-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2660-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2661-0x0000000000260000-0x0000000000723000-memory.dmp
memory/1976-2663-0x0000000000260000-0x0000000000723000-memory.dmp
memory/1976-2664-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2665-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2666-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2672-0x0000000000260000-0x0000000000723000-memory.dmp
memory/3440-2673-0x0000000000260000-0x0000000000723000-memory.dmp