Analysis Overview
SHA256
259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd
Threat Level: Known bad
The file 259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Loads dropped DLL
Identifies Wine through registry keys
Checks BIOS information in registry
Executes dropped EXE
Adds Run key to start application
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Checks processor information in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-12 05:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-12 05:02
Reported
2024-08-12 05:07
Platform
win10-20240611-en
Max time kernel
300s
Max time network
301s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\445fa0a4b2.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\d97bf81a34.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\00a5877a53.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Windows\CurrentVersion\Run\445fa0a4b2.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\445fa0a4b2.exe" | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 832 set thread context of 2104 | N/A | C:\Users\Admin\1000037002\d97bf81a34.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2676 set thread context of 4304 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\445fa0a4b2.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\00a5877a53.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\445fa0a4b2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\d97bf81a34.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe
"C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\445fa0a4b2.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\445fa0a4b2.exe"
C:\Users\Admin\1000037002\d97bf81a34.exe
"C:\Users\Admin\1000037002\d97bf81a34.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\00a5877a53.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\00a5877a53.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.0.19618515\652589225" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1652 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {070a6be1-ecf6-4dd9-a9b5-5ab269c7b113} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 1764 2246ebdbb58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.1.1101292760\478660733" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21706 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdd798b3-ae81-4337-a4a5-001753a6db5b} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 2140 2245c872158 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.2.1422336327\878201955" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2796 -prefsLen 21809 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {484b2c63-a3ea-4af2-83d1-ec57f7b6d0e0} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 3040 2246eb5ce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.3.794031687\1621949624" -childID 2 -isForBrowser -prefsHandle 3320 -prefMapHandle 2464 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee19dc2-4ccc-4510-91fb-d98caecb6bb0} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 996 22473064a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.4.1683067599\460580353" -childID 3 -isForBrowser -prefsHandle 4708 -prefMapHandle 4692 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a64049ca-e622-4596-aae9-c069d4b04358} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 4716 22475c76c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.5.695800744\1999302700" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4948 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fa3a6e0-5134-4e68-881e-41bcb8fe4110} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 4960 22475c77258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.6.1521049519\553312737" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 4968 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e50958ed-7ee6-4893-a65a-3406b9dfe4d4} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 5088 22475d54558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.7.1782515130\1096917961" -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5544 -prefsLen 26529 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {740ae149-2aa6-42b3-80bd-3dbb1747fddf} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 4892 2247713fb58 tab
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 19.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| US | 8.8.8.8:53 | 100.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| N/A | 127.0.0.1:49855 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.110.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| NL | 142.250.179.174:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:49862 | tcp | |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5---sn-4g5lzney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | 138.163.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
Files
memory/2376-0-0x00000000011F0000-0x00000000016BA000-memory.dmp
memory/2376-1-0x0000000077694000-0x0000000077695000-memory.dmp
memory/2376-2-0x00000000011F1000-0x000000000121F000-memory.dmp
memory/2376-3-0x00000000011F0000-0x00000000016BA000-memory.dmp
memory/2376-5-0x00000000011F0000-0x00000000016BA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | b2f0d9cde6cd1f83091b9f2a6875e6a9 |
| SHA1 | a7bb83cc3f9edc38751ba908d3e0bf393dcfdfc6 |
| SHA256 | 259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd |
| SHA512 | 51bae1077f202a997dbb78e3ece8cf14737362aaeb0e263917a0ba44cfb89cee3b2532c2e5db88151e07c2c8f644be5a4fc3cffb4c6a7f202ee58812afae5de6 |
memory/2376-13-0x00000000011F0000-0x00000000016BA000-memory.dmp
memory/1908-14-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-15-0x0000000000861000-0x000000000088F000-memory.dmp
memory/1908-16-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-17-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-18-0x0000000000860000-0x0000000000D2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\445fa0a4b2.exe
| MD5 | db946418424011c782182c76ab8c179f |
| SHA1 | d640d54d341cf6341bd434c9015d23d22156612a |
| SHA256 | bfdffea79fd6126c2256fab3f3b0421ec9b3a77a618fc406cd0f2e7d4a38f04e |
| SHA512 | a73c645fe96ff6e49207326af35635998af343d2aa5ddd5e8b2bbd2bcded52869d588bb8c69eb220593d3152be99812e3462b1b09deea80adcac30bed9ed8956 |
C:\Users\Admin\1000037002\d97bf81a34.exe
| MD5 | 62c81eb8cd78dbcf5767f84caad6972e |
| SHA1 | 9a508e8724c1431394717ebd3c6dee2f9f21d082 |
| SHA256 | 166a8fac98b553a4e3647cefc034fe826b753958c0be902d9483148edb001250 |
| SHA512 | 2feaa6cb070e548790b01601fe13846cd7eb005e2f1b8441092f4f92a1e4cfea6c1bc84314f78ea023e10bec8e3d5712ca43336c090eed0073c7ed99ebbf5af5 |
memory/2676-39-0x0000000000960000-0x0000000000A90000-memory.dmp
memory/832-44-0x00000000003B0000-0x00000000003E8000-memory.dmp
memory/4304-48-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2104-47-0x0000000000400000-0x0000000000643000-memory.dmp
memory/4304-54-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2104-51-0x0000000000400000-0x0000000000643000-memory.dmp
memory/4304-52-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\00a5877a53.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/3584-67-0x00000000011F0000-0x0000000001433000-memory.dmp
memory/3584-68-0x00000000011F0000-0x0000000001433000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\e7f69535-c382-4282-8fca-7f272ad2b08b
| MD5 | 8eb5dac91382eada115a2d7c506f8de0 |
| SHA1 | c89a803a204a90cf07b57acbb245d3371c95c95a |
| SHA256 | 55ef004d98fb9c9fc4ea73e55ffd554190c8973a5a18ea8009d4b5c053bb5899 |
| SHA512 | 165867cb7eba8b9adb3e74a9f298901768ac6edf29f78212ce07ef5000cf8e8d6815af3c9048f565c7b2ebba261302b72ad2e9a771fa3b0d3baf58f3f18aeb3a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\e175b8a1-6099-4d69-a76a-781f3eb0d5dc
| MD5 | 7b47b0e42a336407b8cf5d4f314b485b |
| SHA1 | cf61d0941230bea56173595e8237ec1d7b57aafd |
| SHA256 | 356f4979450f5390bbedf168f00e00bc33a802b458ec94bf4a034e73fc9ef826 |
| SHA512 | ac1e84f39b9a3daee5b97d62c3a2489b7f43b97731d0f7ea3b88e1b271b3b1fc512b81d33f42eb89cfe9c18ce4a6d774b8d71ac5fc61732f29d814e19ba2de6f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c2cced1d7aa1ad750047f4c020d8bfcc |
| SHA1 | c6055b89e52ccac5cdf52ec8aae8e1c2c03088ce |
| SHA256 | c480c6a2c0672c121680db26926775a37b402d7e434b8390119ad872c17b469d |
| SHA512 | 7f40892814764bb079d8b41c33742223d23649c901d463cb0bf9a41c0e73da3c6318245f744b8829ebb0f1c05b6258d5cff8284bbe9f8022caf0fb3b2ecf8fc5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
| MD5 | 851cb82269f00d289553c1447c7b9c58 |
| SHA1 | 91cdab107b3fe885a1b41d67ce956190470e9a59 |
| SHA256 | bf7282998779d72095775f6c1a6a0c1dd3154fe8df9198fccfd8bed7c654ead0 |
| SHA512 | 5bb6a3c97e2a73af139efe5942e4d3183fc543f683dd41ef760e52af49d1cff5e4c02702d5bf4b24a9733f42d148cf904411b50efa7929a07f84c3354034c466 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d748aa903bd5ecc6b4d26dee23c88cb5 |
| SHA1 | 261d184847ab1d3de7871e5c4af723217980d590 |
| SHA256 | c9d52b3fccdee15501fd916b79365d0af36ddeb5f806a3f4393a2c62cfe149ca |
| SHA512 | 0b4a181cbb29d50299f1872ce243b13a17efc7a876261158d1f41ed6f75a0a9a9398ec5eeadd8e108e5ad88dfa619510c9141a95b04b37f3bb8578afbe22aeb7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 4c1f58aca80b52032da4ac4bee4ce462 |
| SHA1 | 9ce602c07d2e23aebc8a60043c1e530197c6b04c |
| SHA256 | 84b09dcc0173819e4e0f7e70560d18b08b7588e87a1243a1331a8e8cee3ce372 |
| SHA512 | 60c5f8e824fcd032d05bbc1cd356ecd3d53b7952283670ad5b06f548d1ffd330400af830c44b0400de1eb606c893af4f53b5165ba7ab7b8ab19a3bedcedfe83d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
memory/1908-194-0x0000000000860000-0x0000000000D2A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | da8d649e80251e5aea3385e1556c8c43 |
| SHA1 | 2663b67d9f253ae19f79ebabb4362db2eee1bab4 |
| SHA256 | 42ef1f55a030b61bb317376cacead743edf464a826ca5665bd4873cc18fac779 |
| SHA512 | 5d11ccff32dc4f6e5575c65270cc7e9e8d3e39cb9d719c02307593ae23f6cec76c61af38a38cf9e7966592be5994536c312368cdb27b3af038475bf294ce53d4 |
memory/1908-259-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-269-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-270-0x0000000000860000-0x0000000000D2A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f6ea354907746df9dd80ec9ed4c83653 |
| SHA1 | b23e04cfa0daca79f316fffde8e93494e074d61d |
| SHA256 | d62bfefa2cba7650effc22e472645ed6125f3f0ac294af93d6e5de6cfffa9a30 |
| SHA512 | 139f4afacb4ee156d7bf7fd5abcb15e86927053d3da7ba8e61caaebd3b90026d4f45f87cf1e2bc031eb54d0d426d95e707e64186454e3ea68b5e519cc3cd704f |
memory/1908-276-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-277-0x0000000000860000-0x0000000000D2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 4067c76945ad26046292a71176842f03 |
| SHA1 | a88c0e5380eb8cad6819b1c0438ebbf0290e2bb6 |
| SHA256 | e993a03aa88a21a20330d190c1e7bda88390ed6e01c2574d85b55e6431e0f652 |
| SHA512 | c2dd79d421db188b78805f91c7df0d617ba0402cb9f5256790b791925f85dfe2b267485de3e6954942402dd86c5f0ffbd8c7acd49d4d1da40573130588fa4b10 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
memory/1908-352-0x0000000000860000-0x0000000000D2A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | cb6eaa309751919d2f146ebb6b7b980d |
| SHA1 | ccc40bf1ea7107ea934034b01d5b6ac0e04577fe |
| SHA256 | 0d39b8c8223863b694b543482464db109ddb975aae9189d5387df6b4ef7fa497 |
| SHA512 | 7d045d77ad47947ae526eb59700355882860a4b245c58add2adf871ab1a3375ac73c9e64a92722f3cff571989514ca48c80f0b660045bce15dfebc96427dcd6b |
memory/716-362-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/716-363-0x0000000000860000-0x0000000000D2A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 792a9225c20ba7bee624f485d35b2dfe |
| SHA1 | 4d187d56649087d735626221ce5c1cbf4f65d6e2 |
| SHA256 | 79fa15f6bf5b35d7ee0b1f13c188be35c8f1939de7b08534c1c1a6f22694d728 |
| SHA512 | 337669f8ea6723711080ff3a3523592b8ab036ea85a0619805602c9702eba231c32cde3e6c167ff8964ea147e237be626b1bdb2b178c565b94ca9c034de6de3e |
memory/1908-374-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-376-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-381-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-382-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-383-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-384-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/2812-386-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/2812-387-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-388-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-389-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-390-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-396-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-397-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-398-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/4956-405-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-406-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-407-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-408-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-409-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-410-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-411-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/4740-414-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-415-0x0000000000860000-0x0000000000D2A000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 8bd42b1079076bbe8a3c2e738518ac8c |
| SHA1 | 170c1db96c59d8d0c74f7d7fdbb371a587abdae8 |
| SHA256 | f3132d1d1ce636f5f04050c1e583ca932b9e556e81c2d8afe7e13ed5e7d13de9 |
| SHA512 | 21f4385a504363dfc0014abdd8b1e1cc249f79ac06422bc6feae25ff594b3d444a85f844653e4e7ef5af2650083d67c7f50ceb303579c6818301ef4856a6c5f6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 68968659f79a5aec142dab2ec004cb93 |
| SHA1 | ae015f484fe1dc0b20c8eb71af16390f7c56da03 |
| SHA256 | 7b94f8092ab8e74155171d5344ba8737ec0380128a88e1f0f6c6b64a6863a29f |
| SHA512 | 266d58a8160c92da21053c3db12a97b26d40cbbec14d65dff48f3cf9d2a13bd4db246b07174d45ee09c34c28e86ea0f8d781cb13bec227e20856528a029e2c7b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085
| MD5 | 193b93ec2f42f5bae489f61ed1602433 |
| SHA1 | 3b4eccd8f40a08ee86cd0c6a84cd902edacf4008 |
| SHA256 | 6e01ed9e60cf205d3075e10c222314385dd52aec9908e39eac38c78771e91d68 |
| SHA512 | 2e1331ce0a06471bdbcc6fad2b63c8ab78d1c5089692fb9c6ba3eaeaa9e8b831f684cb1b584425c52e052bdf0fe34b6260275c1e8b3733ff84802a67e9996f7e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | aa5fc5770f44440cb78299565d31c268 |
| SHA1 | 0c7cbdb9c09b368ae0cb6205e4c64ee604b6bafe |
| SHA256 | 13d8650cfcd6e18fdf6c5b9a9a13436a906510935d981fa2f412aadfc866c6bf |
| SHA512 | 810d62549624a36cb9365d0d58e9faf6e6f11f5bca0a696207ba3543baea998fef799fe29977df2cfbe6696dffe440baf4866e0750448cce95d5a98ff04938f9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
| MD5 | 04222f80e7f668fe6cb5abb2acf2de55 |
| SHA1 | 6d5d768eea5845023a639e280f1a50f33285323a |
| SHA256 | 7dd188c29e4731db706c9c995e92a42a50f8c0fb0566e42bb353319a0b7383c1 |
| SHA512 | 520731a998038d10c5ffa65a165545e7cb15358fbf90f9245073e176ffa8bf0e8fd658c466d2c0ed4d497eeb6c5d06b336b198849d1c3719bfc2f79cf82f7ae5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | b3f0484972145486d9d48812126b3ae9 |
| SHA1 | e722b538026a854ab97afd41e3640bcd6a1ccc2f |
| SHA256 | ff7634592301e774e3faf6a9a62902d3a9de0a0223786fe9bc90fdd71c8312fc |
| SHA512 | cd7bd0c3c93329aa4ce09f769deff22160f625dd21d254013137e999cd49e260050ca4ac562a2c74706850ccff2867b702729b78caf05b0adef1917fbe9666a0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\54075BE4BB4CEC68713D2AC66A9955D8EB1B7384
| MD5 | 03d4bb994b34199f9d4660b95c94dfe1 |
| SHA1 | d924323ce6eec4237e0e10b87096c5312eb05a39 |
| SHA256 | 3917c00b0dc29489213f0ae3863935bee9b79a95aa6bcb75d84be5a3d4cd131f |
| SHA512 | 3995fbd42a64e1f0065b2f945391f4800464cb8990ec227273a10f3fc0d436def57f6fb9dcb2747dc36f19093831829abba02cdfef6474b3644f9804165a46ca |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
| MD5 | 325f5e16d84528b677d98f2b79ccd63d |
| SHA1 | 2528f4a3f759a424a87d3bc769ef7c8deaea5250 |
| SHA256 | 8c4f3969ff34b500255257b852b171350dd68d6cb01ceae162dd44dc176122a9 |
| SHA512 | 894dad44183358c95b6a52f6aa090a98236dc8aa8b11e2695f0777d42f51c5bb41339b396c8a357821c7a187e0ff3c690cd0e65fc13d20d1aebfb805b590e432 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | acbdc382f38de38a5495c914f7fe932b |
| SHA1 | 047f1a1efc23947655b9bb7a9ad5a78329463f06 |
| SHA256 | 67c3cabb021990f076dd487ba808cb051c6cce45bd5eb5169e7c2ef7d5e621c6 |
| SHA512 | ed328d4d8ddef5f3b701baf1fc84153ad69be7f18b8a6c4afc1cbea5506eeacec4b24c382201e9b7e137b3e2301dccffce1020bd4c8c2acc93bdad50c0ca05c4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
| MD5 | 556188707146e39beffee94f3ef47eb8 |
| SHA1 | 26d3de95b90635525bf7362d9b742d793e454c80 |
| SHA256 | f86551698b34a6fcdfaebe38529d596eaa06d3e63552520f1138e3a00833c88e |
| SHA512 | 180e15a7f6231ef02cc6ddfcf2d5578b7c69cd936aa41f19d22f93309cbb4c1339ea68c98500e693b7d384c27fccefdd1eb37cf7e050c9b0d0e029dbe8b3f447 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\targeting.snapshot.json
| MD5 | c8645ab5ca9cbf9b935755443884f23a |
| SHA1 | 7e0b69d3c0b3d6568aba62f83f01b2a4bbdec1fe |
| SHA256 | 0f569c91685fb13de271a2e04a0061a72192d447e9ff5ee73a56f876ee67be6f |
| SHA512 | 0360c0e0ea147773eccdfbffb7650b29db53f2fc3b0b8327f368b1d2514c37557a75aa1e408665da2c126720c487dfcb10d3fa95165d7892bf3e39ffa04974d9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
memory/1908-492-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-496-0x0000000000860000-0x0000000000D2A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 8d1608192f86fa02da06a201581d83b3 |
| SHA1 | d4a2a67feb97c94b2483701ddf4d4a357af0b5e9 |
| SHA256 | 80357437cbf3956dc51104ec36495f1ce9fae74b5cd39b9eff9df34d57c16f64 |
| SHA512 | 541ddec725992e88063f9593b9da22945e176e5fa864cca5fe6d4dde59a956324c553456813b2ac3d78ac4d68ac1e4e9dd347ef6ea27ca70f6a07932eb0508d2 |
memory/1908-507-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-508-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-509-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/3644-515-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/3644-516-0x0000000000860000-0x0000000000D2A000-memory.dmp
memory/1908-517-0x0000000000860000-0x0000000000D2A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\bookmarkbackups\bookmarks-2024-08-12_11_f70S+BIHcjdozL1H+8sV3g==.jsonlz4
| MD5 | 14e152530b0003973263fd54064ea363 |
| SHA1 | 98a18c46e4980317a1f795bb0f364f02b7524f06 |
| SHA256 | 98818f8d867aabab23dcf95b03d2d912fd8d6106f1bf48e1f04dc9b5af42f199 |
| SHA512 | 21a75ea8970d68bac8100f499d88b38fbdd904d5217e69492f10f63c9026f43f00508fc62e059f54f82d7a1bb6c16b15f14b281c87542613ddd20893029ce664 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 05:02
Reported
2024-08-12 05:07
Platform
win7-20240708-en
Max time kernel
299s
Max time network
291s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\9267c7b48e.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\613bb19e7e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\c284c30766.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Windows\CurrentVersion\Run\9267c7b48e.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\9267c7b48e.exe" | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2604 set thread context of 1864 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\9267c7b48e.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1796 set thread context of 1084 | N/A | C:\Users\Admin\1000037002\613bb19e7e.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\c284c30766.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\9267c7b48e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\613bb19e7e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe
"C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\9267c7b48e.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\9267c7b48e.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\1000037002\613bb19e7e.exe
"C:\Users\Admin\1000037002\613bb19e7e.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\c284c30766.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\c284c30766.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.0.376908202\435434635" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3cd3162-6f11-49fa-b1b9-111c34bcf6c5} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 1276 123f4b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.1.1189140004\1778891705" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23f48568-0508-4aa7-95ec-78ea172b60d0} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 1496 e73058 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.2.721844314\1961400216" -childID 1 -isForBrowser -prefsHandle 2068 -prefMapHandle 2064 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92fa0411-bcfd-4356-a71a-5706a53b1e6d} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2080 1a58a858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.3.2028683650\1882709280" -childID 2 -isForBrowser -prefsHandle 2904 -prefMapHandle 2900 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c75441a-2fee-4529-9b5a-9dd2bab92f39} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2916 e62d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.4.1500050912\119562157" -childID 3 -isForBrowser -prefsHandle 3768 -prefMapHandle 3720 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b47eadce-6d0e-4fd8-8bfc-63d5f331d4d7} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3784 1a789558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.5.1955781134\735157703" -childID 4 -isForBrowser -prefsHandle 3888 -prefMapHandle 3892 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a09adbf-0d2c-4be6-8915-cec29a7f5e1b} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3876 1f5df058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.6.1178332260\763669154" -childID 5 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b53c8b5c-1e6a-412a-b7a1-468d3a7a322c} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4032 1f5e0258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.7.381959050\1909578793" -childID 6 -isForBrowser -prefsHandle 4324 -prefMapHandle 4328 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e6956c7-827a-4db2-b92b-35cf1ea25634} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4340 1b892a58 tab
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| N/A | 127.0.0.1:49296 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49302 | tcp | |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| NL | 142.250.179.174:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5---sn-4g5lzney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
Files
memory/2304-0-0x00000000013B0000-0x000000000187A000-memory.dmp
memory/2304-1-0x0000000076EB0000-0x0000000076EB2000-memory.dmp
memory/2304-2-0x00000000013B1000-0x00000000013DF000-memory.dmp
memory/2304-3-0x00000000013B0000-0x000000000187A000-memory.dmp
memory/2304-5-0x00000000013B0000-0x000000000187A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | b2f0d9cde6cd1f83091b9f2a6875e6a9 |
| SHA1 | a7bb83cc3f9edc38751ba908d3e0bf393dcfdfc6 |
| SHA256 | 259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd |
| SHA512 | 51bae1077f202a997dbb78e3ece8cf14737362aaeb0e263917a0ba44cfb89cee3b2532c2e5db88151e07c2c8f644be5a4fc3cffb4c6a7f202ee58812afae5de6 |
memory/2304-14-0x00000000013B0000-0x000000000187A000-memory.dmp
memory/2692-16-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-17-0x0000000000DB1000-0x0000000000DDF000-memory.dmp
memory/2692-18-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-20-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-21-0x0000000000DB0000-0x000000000127A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\9267c7b48e.exe
| MD5 | db946418424011c782182c76ab8c179f |
| SHA1 | d640d54d341cf6341bd434c9015d23d22156612a |
| SHA256 | bfdffea79fd6126c2256fab3f3b0421ec9b3a77a618fc406cd0f2e7d4a38f04e |
| SHA512 | a73c645fe96ff6e49207326af35635998af343d2aa5ddd5e8b2bbd2bcded52869d588bb8c69eb220593d3152be99812e3462b1b09deea80adcac30bed9ed8956 |
memory/2604-36-0x00000000003A0000-0x00000000004D0000-memory.dmp
memory/1864-38-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1864-42-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1864-40-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1864-52-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1864-54-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1864-51-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1864-50-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/1864-48-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1864-46-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1864-44-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\1000037002\613bb19e7e.exe
| MD5 | 62c81eb8cd78dbcf5767f84caad6972e |
| SHA1 | 9a508e8724c1431394717ebd3c6dee2f9f21d082 |
| SHA256 | 166a8fac98b553a4e3647cefc034fe826b753958c0be902d9483148edb001250 |
| SHA512 | 2feaa6cb070e548790b01601fe13846cd7eb005e2f1b8441092f4f92a1e4cfea6c1bc84314f78ea023e10bec8e3d5712ca43336c090eed0073c7ed99ebbf5af5 |
memory/1796-69-0x00000000011C0000-0x00000000011F8000-memory.dmp
memory/1084-71-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1084-75-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1084-85-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1084-83-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1084-79-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1084-77-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1084-73-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1084-82-0x0000000000400000-0x0000000000643000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\c284c30766.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/2628-103-0x00000000011E0000-0x0000000001423000-memory.dmp
memory/2692-102-0x0000000006500000-0x0000000006743000-memory.dmp
memory/2628-104-0x00000000011E0000-0x0000000001423000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 266240a5c838b08e9427a8bef25d9bdf |
| SHA1 | 3e8f650c2518f5e77972e469023bbbcbb9d78238 |
| SHA256 | 7dd24bbd2a61d86c86079e986a3321d755e08b582ea9296fcf78972140512547 |
| SHA512 | c5572e091193dcfa6371a63056e0bd83c46fb1fef656fce07803e1e2c46f8a5aa399bb459817220658bb9381848fb00b4d5c1a07fb6c0cbd54883d616f59d010 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\datareporting\glean\pending_pings\37a6ccc4-79c8-42da-8448-5c7eb7c7d575
| MD5 | 62e2ea56f66187ae7b0af72a56ad5d4a |
| SHA1 | e2e9e383108ac54c7618a8874bc1d09a7428e7cd |
| SHA256 | a506c57db5d04b7c0eee5f130c1e303dc650af3eb211a86529f9bba502040875 |
| SHA512 | 21a3f625f4aded3b9dc077eef0be0ab6a96a2592977ac0edaaa3e204740cc8f3d77df5390de705ecc99cacee56b176e8aae741206fd6576e4c8cf9bf6deecfc8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\datareporting\glean\pending_pings\fa5f9d06-db10-47ae-9f96-8365f5f47e01
| MD5 | 45c95b9affe0c7dafd25079b6b58fe01 |
| SHA1 | 598441fd16b5a05ceaca0281b84f5f6ff186a70d |
| SHA256 | a8daae2e7dd62e7f87a48fed3a2b8da22deb5ce471dec79ac1e60ee7a0476f31 |
| SHA512 | 318e04aff44173826bf715b5961922312263dc681693613b447ecdf0afdb1ca201de52074789c356498f1e2920f0e15ca257989467bbac0040f513bb0b3cc44c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | a6bc39c0c3ecce8e9a446b69978616ef |
| SHA1 | 91e53afc47f7f63278471a0becfcb6485b0c1d7c |
| SHA256 | a70742bc199c8953ef451417493651b309c0a4b9eea731eaa4411df8db2bf1c8 |
| SHA512 | 430cf4c7e23f7050b1664cfb7caf4f5daab88abf0f20f801dbd4042fbf3aaa4627a8aeb891d58d0e5b70d0f2c0068fb05de721633ecc12a5a55fc995c97646b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 9d94688c4d7b1c97564802430b389174 |
| SHA1 | 36965259e53fb3f753e57bfb968dc2b8a6a642f7 |
| SHA256 | d7614d843ef0a8f02f506ad4d829b65322deb08c23a14ce07b13c3c7ad7808c8 |
| SHA512 | 14f93edbf9aea1a7422a97414c2a3776e5c3aa4ddd0cbb19ad77f85d593508fd76def100597b6b1ca3ea4b0e817857bc6aa8cc431c752b25f9b63e01b57ed4a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs.js
| MD5 | dafec63a4fdbc587c569316f5060667e |
| SHA1 | b233fcfe6b9a20d15d17628dc3ca3d93d7120095 |
| SHA256 | 48778b34b81a4118903b040227e4f8a8efbe598446b739c63fadb4093432e7e3 |
| SHA512 | a88f76a8eae3fd88f806628a1e592e775d8c071822d1ccd4b1f97bf913340fd56d802278c7cccb120ec300d89adf892ff4e00ef8f979f2e9cad4aebb2209f803 |
memory/2692-213-0x0000000000DB0000-0x000000000127A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs.js
| MD5 | 42961517d5a0348d6b1d84c45d3d8a1a |
| SHA1 | fb3c72637fca303134181fabb0ab4e009610c6ff |
| SHA256 | d36326ad3e0aeb8d6e23aceb743e5929c2ad03a003cdfe666a4e23e4085666ed |
| SHA512 | 00136d233c0f65bfb091417458550adf059615afb333fb84896118215269a1e6ed10f2a6cf15f1aaac4758d3d7569ede31b6249d694050c686a8602588344734 |
memory/2692-250-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-251-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-257-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-266-0x0000000000DB0000-0x000000000127A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 62d45518d7c2934fa81c447655a61959 |
| SHA1 | 02c65e3d191dec5345883d71db2cb1ccc5eda7af |
| SHA256 | 3c2b0a4f1257d0ffda09cf6b1052da90f304b0b270caf821ae214b78a6bbfc6d |
| SHA512 | ee372768f82622b850b2e35dfee0662a6d56eceb828cfb3ace11ff27af999bc6533a7d3bc425f5eda327bbcfba527460751e62d19207caa267da7fd09db3fbf0 |
memory/2692-274-0x0000000000DB0000-0x000000000127A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs-1.js
| MD5 | 57c45527e982f9fb75ee539771e7e621 |
| SHA1 | cd3a711c552aa24af2e7fd624a235436c848cad4 |
| SHA256 | d74407ab55b4ab53a8fb90673a44583c4add2e1f318288db8f52ba38f6b6d37f |
| SHA512 | ba55f7bfee7417d657a0abfc104b21d9225c6232b84445cac839bf36fcf66c2fe15b10b2b03651a210ef0b5d984a48bd7d49c7500975a9f9003a96a0e0f34cc4 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs-1.js
| MD5 | e7703e0cc863fa9624b187a51c595fcb |
| SHA1 | a06b73dd7940551e77796af55a45e09ceb61c1e4 |
| SHA256 | 15c07dbe5d5caf4c53a4e7bcf081bd445b3a8e1a98468d4fd8386ac9f5c1e5f8 |
| SHA512 | 128ff1c729ba9e18fd39e4831ee4a2a0faf9e4119ed6cbc4feba859dfebf9d21066874fde1c668489bf8d1be38ca0714551d753bd1fce1cd49f4547c4b2981cb |
memory/2692-354-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-358-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-360-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-371-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-374-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-375-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-376-0x0000000006500000-0x0000000006743000-memory.dmp
memory/2692-377-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-378-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-379-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-385-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-386-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-387-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-392-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-394-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-395-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-396-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-397-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-398-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-399-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-400-0x0000000000DB0000-0x000000000127A000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | ed2206c31c18c206b287ef8b2e5207da |
| SHA1 | 9878fc226db2caac66b3fcfdad2f1cff7cbd6318 |
| SHA256 | 15d1f1d37069811fc3f53467189c8c5cc37fe631469810f83d292f6b83230ab5 |
| SHA512 | 797862f00dec0fe10fb907b98ddacbc2ea3477aab2669ada903fdfbb6df1a2dfe7107972e1de486d9d8079b2cb1f1ee14f70205d6e6e1e2fef234f19bf7be18b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
| MD5 | 3c7567054b3c8aa7a624bc9ccc852f48 |
| SHA1 | b0d3d25de1d04d5fcab8bee269081eda1f90f99b |
| SHA256 | 2542c92499179deb684ed8d3d7b1a8479f62c9322587515952b1468dbf89a5c6 |
| SHA512 | 0f4f25c156d07afccc575247ad3ea7bdf731d8964a18222464a9bd9ad59b46db15371305d4c2e3f4f5c1ce18d3e0cacf8fc82648af3a12dc94d656babd2d2b1a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085
| MD5 | 941c6bd9c75b038225325589d10972ef |
| SHA1 | d6c86c6f80ab14dc9fa2e3a416111e222db6075b |
| SHA256 | d918ddc672f5fbb5ead8980573de87776dc02fedc2d3c277dbc672611ea70b32 |
| SHA512 | 160205d0348a456d033f8043b3d09c188410d8864cb86595bbe9c63d07a2798d3cabcf60bca2e71c8aec4ef4864acd44bef46714715f2d84066e7cfe07b94ffd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 52ff28c03bdb5dfd597e20f409a5e1b6 |
| SHA1 | 4addd89cfe0a818bf5777d24ecc0f77610891fc5 |
| SHA256 | 60001f451c49b588f7cce20d38d73ffa072b144f5e0cdf8e627395fef1b63257 |
| SHA512 | 5a9d46b38f51630e28ff27b9eba34e7d645abac3dd34d88da192ac7629039951534f3cbcdb89590aa213dc1f898cbda7e52cdc7296fe01cfb8bd22bb0a77c21b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\1A495955E7161F0B821C21A824220FD399FC7DBC
| MD5 | a535f811409769da84fc08b3dbc4f931 |
| SHA1 | 14bda2f40d6fdf537574141792ad3e3d0068f848 |
| SHA256 | ac9c142af1c9585018fb0cdef08d0f87b0a64918f4c636e4ae33d74f968195d4 |
| SHA512 | af688f51a48c2b6a0a72c86245423303de867748c62749e479ce395f741640b9efa0f9a8f3ba1c1c3af9d7587cf043b492c92bdd3e29781ee11b4f36b9651f7a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | cd7fb359358df14ef91f86018914e6ad |
| SHA1 | 813bd634c9fca5717bc0840a4e66a5bdb1e761e9 |
| SHA256 | 6f75fa324b0a0b961bd41ae29c8b16a3c0fa8e5b2ebf461ab3ae6bc33e7aa09b |
| SHA512 | ebee7ee3e8babdbd7a5bf85b38ae8b83ca0f8c354ca948bbd9ea3ebbf9c42a74703433f058348e2fea28cb1c583c42a9bdc2ce5919b58a3feba2907d816e06a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yrxx2hps.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
| MD5 | 856d91c4110fdffa7c458033d0fb2e0a |
| SHA1 | 19823fc36d1032398705a5f6d0a6d04963fa46a5 |
| SHA256 | df8e1a314b0e72e14316fa20239ffeaf10849f6752a863a4a3116b855db9ed67 |
| SHA512 | 313df35e30e1a457afa8f9f332424f2e28b52c29ccfff02ec622a638fa3712141ad0a014334acc4b71cb732e010cdd6af748d01cdf9a2fcbba03261f49424ecb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\prefs-1.js
| MD5 | 7332e2c4c075067c221735f83e46c851 |
| SHA1 | e4fba4d0baac24b679a1c5079ceaa49238661ff4 |
| SHA256 | 2c23c998db5595f123a208fd69ba7e6cadd7b483c624dd23f271f65e6277e05b |
| SHA512 | 32d4f0d75e3fc7950a4ea9a3aee6fad64ca62915f2ae75d0da9b8e6c873e0e8989a0c06028896439b04f0adb712fe283a4e9002db0da3f2d34124660b6fff02d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\targeting.snapshot.json
| MD5 | 667557fa7af954f455c83b70c135ff99 |
| SHA1 | 458d8b40e80ecfc4aab08deceaf68f4812ed8a39 |
| SHA256 | d02f017638fe963c688c265b410dc3c319c1e84cdb43b0f339b18f64e3b5d749 |
| SHA512 | b24da66038c81464707b193ea6cdcfb76feb794e3bb93adcb7cff4b728a17c361257831237c7b1f14daa1b37e39763e5eb825274779f40da0d28a603e39abd63 |
memory/2692-465-0x0000000000DB0000-0x000000000127A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 5073a8a704f96a96e9a30a5d441cbb90 |
| SHA1 | ad685b7311e529890a30e4d63d21d57ad01540b1 |
| SHA256 | 9844a81a4d837b34724fbcc7fd46d59968b205481d62fc9141ef344d8f0f7c58 |
| SHA512 | ca46c7222ea6fb2ed8a044c14c5acede2b4d60274b8ed5ebfef5000afde0e0a08569ca7e2dc1cfa4fe52ed88f96339a0e4c3c147ea663b9c9a74be049eca66bd |
memory/2692-477-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-478-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-479-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-484-0x0000000000DB0000-0x000000000127A000-memory.dmp
memory/2692-485-0x0000000000DB0000-0x000000000127A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\bookmarkbackups\bookmarks-2024-08-12_11_CbmwIF9owvsCs8vtVFuz+g==.jsonlz4
| MD5 | e4eda0553a9a2b8ddd9d4a1d368365a2 |
| SHA1 | 78c066fc1716b0cc7882ebfb1b3eec6373aa7246 |
| SHA256 | c325c54478a203494578b723200002225ed06b3905bb9596cb8d657372ff250e |
| SHA512 | 65a16309c4bf12f503ac8a88180f269ffd949743f7c1ab6139c89d6d11d6313bdc05967c74dffb759acc8e550604531e0334314c526f6355adda4f290ea1603e |