Analysis Overview
SHA256
539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87
Threat Level: Known bad
The file 539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87 was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Credentials from Password Stores: Credentials from Web Browsers
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks BIOS information in registry
Identifies Wine through registry keys
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
AutoIT Executable
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Enumerates physical storage devices
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-12 05:03
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-12 05:03
Reported
2024-08-12 05:08
Platform
win10-20240404-en
Max time kernel
299s
Max time network
299s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\76b0bdeda4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\0d383a3ff0.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\0d383a3ff0.exe" | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2628 set thread context of 1300 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3388 set thread context of 3700 | N/A | C:\Users\Admin\1000037002\76b0bdeda4.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\76b0bdeda4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe
"C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\1000037002\76b0bdeda4.exe
"C:\Users\Admin\1000037002\76b0bdeda4.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.0.1699300312\1245909160" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {887f5505-07f8-46c9-a1e5-a720508be2fc} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 1796 1b77ffd9b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.1.1978711312\166743239" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51169f68-5738-47ef-b4d1-aefced0b0737} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 2172 1b7011ca458 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.2.11050568\1875956795" -childID 1 -isForBrowser -prefsHandle 2708 -prefMapHandle 2684 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5812ef9-7a4b-4436-808e-3103c561fb6d} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 2720 1b7043ce858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.3.675724113\2102222229" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02678771-4392-4d59-822a-e11ada3df290} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 2756 1b705551158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.4.1821092895\58823418" -childID 3 -isForBrowser -prefsHandle 4928 -prefMapHandle 4916 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d6286fd-b13c-4cd9-84d4-9d998c1cf387} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 4932 1b704b36458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.5.1626656698\471861220" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 5092 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd8d30c9-a0c0-48aa-a8d8-196e9d8bf0e2} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 5196 1b704c4ab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.6.1032471559\291607937" -childID 5 -isForBrowser -prefsHandle 5320 -prefMapHandle 5328 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03b6b3e2-480c-4eaa-94d1-389c0023be76} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 5312 1b704d56558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4628.7.1508561197\1279762685" -childID 6 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bd13abf-8e6d-4fcb-a255-6a0f95970f49} 4628 "\\.\pipe\gecko-crash-server-pipe.4628" 5500 1b704d57158 tab
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 19.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| US | 8.8.8.8:53 | 100.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49830 | tcp | |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 200.110.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:49837 | tcp | |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5---sn-4g5lzney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | 138.163.125.74.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
Files
memory/4180-0-0x0000000000A50000-0x0000000000F2D000-memory.dmp
memory/4180-1-0x0000000077C84000-0x0000000077C85000-memory.dmp
memory/4180-2-0x0000000000A51000-0x0000000000A7F000-memory.dmp
memory/4180-3-0x0000000000A50000-0x0000000000F2D000-memory.dmp
memory/4180-5-0x0000000000A50000-0x0000000000F2D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | d6612f5d347fb3a1e9b74b324271a5d3 |
| SHA1 | f4cf302408405179d0c865438d38cdf1dec0cf80 |
| SHA256 | 539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87 |
| SHA512 | 66d2c5d204236b07902be2ba81114e88b4f0009e3b2733c490f83d5fb119e15c0670759bbb7c08ab44f1aaff2337bcbdb3efc155cc69dc348be2cdcf62cc13c5 |
memory/2212-14-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/4180-15-0x0000000000A50000-0x0000000000F2D000-memory.dmp
memory/2212-16-0x0000000000F81000-0x0000000000FAF000-memory.dmp
memory/2212-17-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-18-0x0000000000F80000-0x000000000145D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe
| MD5 | db946418424011c782182c76ab8c179f |
| SHA1 | d640d54d341cf6341bd434c9015d23d22156612a |
| SHA256 | bfdffea79fd6126c2256fab3f3b0421ec9b3a77a618fc406cd0f2e7d4a38f04e |
| SHA512 | a73c645fe96ff6e49207326af35635998af343d2aa5ddd5e8b2bbd2bcded52869d588bb8c69eb220593d3152be99812e3462b1b09deea80adcac30bed9ed8956 |
memory/2628-31-0x00000000008A0000-0x00000000009D0000-memory.dmp
memory/1300-33-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1300-37-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1300-36-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\1000037002\76b0bdeda4.exe
| MD5 | 62c81eb8cd78dbcf5767f84caad6972e |
| SHA1 | 9a508e8724c1431394717ebd3c6dee2f9f21d082 |
| SHA256 | 166a8fac98b553a4e3647cefc034fe826b753958c0be902d9483148edb001250 |
| SHA512 | 2feaa6cb070e548790b01601fe13846cd7eb005e2f1b8441092f4f92a1e4cfea6c1bc84314f78ea023e10bec8e3d5712ca43336c090eed0073c7ed99ebbf5af5 |
memory/3388-50-0x0000000000AA0000-0x0000000000AD8000-memory.dmp
memory/3700-52-0x0000000000400000-0x0000000000643000-memory.dmp
memory/3700-54-0x0000000000400000-0x0000000000643000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/2580-67-0x0000000000260000-0x00000000004A3000-memory.dmp
memory/2580-68-0x0000000000260000-0x00000000004A3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | caceb3b07c2599f179f5bf1763d3a2df |
| SHA1 | f786adc9659ff6522d11ee4710de01af31de298b |
| SHA256 | f156e07fec4481eac4d1b82a211cf9036e3a224f572188722516d179dbe8e31e |
| SHA512 | aae9f31c4ada61cf28fedb7f196753cd9884efade3221f7d62be09d154cf264665332a3a7366b67b64ad2f4b9b185ea76c65805f9b0dae584700ef398c2e4de6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\73796c48-4061-4afc-b120-a871daf1324c
| MD5 | 92537fffb7c04447005f1293e545d329 |
| SHA1 | 87e009c1ab1e04a040659f7da15ac234d73f10f0 |
| SHA256 | 8dfbf111d7678f8966894268e757a68cf42b5bf141ffb5aa44e637c67ab98fa8 |
| SHA512 | 59344f37385ff58a6c24fb028ebea773a5e09974ccdcbfc80b07febf627fd04917a494c4e0a790dc744bdd0f9fbbd2ebab4814e027045cde0a5196fb54c5a871 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\c9d4758d-581a-4e03-9182-9b922553c934
| MD5 | 92c2d83feb1423f8a450454ff2799b6a |
| SHA1 | 377276b1927a8e53ce912a6f1f92275995d84640 |
| SHA256 | abda13ac3d24a253b9f068fbdc7da67473a490747940747e42b1dbf5f7fae529 |
| SHA512 | a30e8e33870d04fd91b834a2195e07feddfcab5ccd24b30161fd353e37cf23dcb079e9933349b8dde905e51c56872343b78016b98af8c169c301699aad509c5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 1fdc13de64cfdb8ba3fcd71aad9d33d3 |
| SHA1 | b7649cfd66d751435fa56a4b4b20daace452c692 |
| SHA256 | fa890605b23aecfebe4300d159f10096cfaba982a942c8ce829617b3de36a783 |
| SHA512 | 3c9dc261a1f0a96d4433d60de03423d58f0bd63dbf5db48962372658103f16991f6da06c1670deea1e51efd2a15aae699d1d287ee377e0a457299a7dd9f691a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 679c695b2c7ca15c7f256d9d5365b224 |
| SHA1 | 79c8c531fa1c0599570389d46c03b4fac94baf6d |
| SHA256 | 7c9919082f47992650799a04a07a08914991990b0bd388b895b7ace3573b845b |
| SHA512 | ea9c63ba68f5ddefe9df3e942bb7956d78ce25a97b0911ea6351f7f0b8ef4ff9ffefd40d660d76efd5908c852650922690f6945d1a9f6c9b70ced8758d88a5c2 |
memory/2212-191-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-202-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-204-0x0000000000F80000-0x000000000145D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f5ba49ae5e48f0540e6d3353f8b8aceb |
| SHA1 | dd5a7c13c5d6de2765e9b1b37a7b574bb11ecb37 |
| SHA256 | 3d7b98a7258c1e1d87c22dda513bd2fa1e054282cbeed3dc32aa8469b8d4b1df |
| SHA512 | 3d53783bc9d6234519165e18706324e96d113a69d6a6f38a6abb3fdde4110d00d19f427b628658072cdacc89e0387e4e0b99fea19a2d2cd05c2e530a6f8d0602 |
memory/2212-210-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-212-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/1972-215-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/1972-219-0x0000000000F80000-0x000000000145D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 5779a0c6c1de1fa5f022fd6ce97a1c3e |
| SHA1 | d90ec1146d2dada326a6422388cb124d49f204ca |
| SHA256 | 519bb5ba5cad4a9b7da0d7fd5607c4d41127aa11b72041cb5d7b6206d7c0272e |
| SHA512 | 774ca9683c5392186290bd8ee0a206d8da21183189493d61175e99cfe390e97207604cae61b1a13d7461e050ac161c959e9d41ae26fb695c80141cb7ee64f5ab |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a2671249c42d7f3052b47b058c262c9e |
| SHA1 | 4b87e2653d88f77c103ef0b1464e0b5d33da19a2 |
| SHA256 | 369c95ca45254dd593289876f7a7b02a96b3d07762317db14c7dc2a4fa576d66 |
| SHA512 | d1732b34a524b12d54b7be229bf58a8be59c968b44428052f4ef762c87041a01dabe778d5827ff99d669c7a1b1b9cb4145940a2371ba5aa5b644ce632f23c6ca |
memory/2212-301-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-303-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-305-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-310-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-311-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/5896-314-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-313-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/5896-315-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-316-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-317-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-318-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-324-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-326-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-327-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/5292-329-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/5292-330-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-335-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-336-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-337-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-339-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-340-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-341-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/3256-343-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/3256-345-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-346-0x0000000000F80000-0x000000000145D000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
| MD5 | 4cd8468f8987fdccc0dcc352f277d771 |
| SHA1 | 897279c741789d992362d0fc448bb0205a73daf2 |
| SHA256 | b7e34c9fb8362632d19c22fad541b05901cfa7a21bd0fbf42f58921b335f10d6 |
| SHA512 | 327c90a2704b3c7264e64f54c4b25e8872cc037d43f8c87d347c4fe2c326d520e654580ad684e58a80df1c9913255035bba6884445a3b5649e69cd6141a6165f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 285a0c85b5300e909dd8343c90f9c879 |
| SHA1 | d37b49e48471c01118e4da34580e76c14482487c |
| SHA256 | 37f4f5ac93738ce7f70a1275b21f726835e717336ecf725267eb6c034774d54c |
| SHA512 | 3fd985b64be1c88d2ed1d8221f23ae254aa83aced9a7a42ad52928ac60bcbf1c1a1deb83ff179150cdc9bdf254fa91a5c11d8ef68ccfc62a7336b3c728adcdc7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
| MD5 | 1e5c9d3e01234129b0582c5bdf10edb4 |
| SHA1 | 3c36433875e40ed0be68763096851a914916afe8 |
| SHA256 | 1c249621a38dcb6cb2ecea9e142a501a528f49c6d282817b214adfceea27c59f |
| SHA512 | cf72f92fbfb1a2d9505a99baf1a3ee9b0925d94c37e9d98316e123c708da962cda99a0eba57cb71f90c4774d8f020a6f513d9b0d17990a37d177419ae6e24327 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085
| MD5 | 38c93bc18c6c0e7f109062f36f13b3e5 |
| SHA1 | e78d245193c7e1f86fde40fcd52a0fd68d1472fe |
| SHA256 | b17e7399bd22a019ecc8ba3403b2356ef25f0e7ecc4a34c55b94f6f80d87e9d4 |
| SHA512 | ff5b96121bcc6e7e8d13633c3520202e045bc99c78eef0e993fce585ee5650f8410201f87e988e925b45113c5ef411c0bb9b4676beecd8684adbe35f76c1e29a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | 4e6d52d6d66c43e3c6b70507b7247373 |
| SHA1 | 29e291aeefc71d1efd0aeb3adf1a05e3da7c530b |
| SHA256 | de88ad8891208677429aa216706c1014e1b8d02e5c7c3b4932b9c4b6bd465c80 |
| SHA512 | 157477d297ebde9187f1638a2af24cdce791a451332465b4b9e74ddf4ce667c06955c4337a5a8a37b1471c922e14f14e7c6b3b7371ab3165b1096c1f2772b9bf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | fafe822197edbfdaf8d1bbdb0fd136b1 |
| SHA1 | a96be16734e82e4a6704b971514fe4169a27f1fa |
| SHA256 | 7fbec730458ad4f6df50d03dc34fbec505cf332d291ead65d4781618d13e8498 |
| SHA512 | 221d80dcd606c9ce274bfe51b593f41b940f67a2974f520a904f2b65bfbef9525ff9578cf51a67e07f97668169a83970939c8e8ec91f23e67bbc5837e24ed22f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | c72ef77cdec5facf278b0ac73146cac6 |
| SHA1 | 1ab635fa43ac0606dbf29aff7cf9cf54378561fb |
| SHA256 | f112dfffa0bf30d63cfa01082c094097c7e88715641b52581bf5fa378c4dc935 |
| SHA512 | 7b30f2ad333055adb6d8222eb04f55d4ee4ac6f8a6d11e6bca9d369cd170df68c2b22084a9a50439c16b128586295a6f3ace7055d5c1347bba86abfcb5fad8a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json
| MD5 | a7aa7d8d92ea8550a29cae1e4c6a76ad |
| SHA1 | 28728cbb9b83cb8d700883849537060ffa1f4190 |
| SHA256 | c5a9fbf6a2c4750574999c976d8ac02c1eb6e76d8a5e92e6c28fa15a3c3e708c |
| SHA512 | f01149d20dae9820862dda4b5e37aa9564dc57e2a501b5a87c87ed0282f22c098397f111976b6d3a5620c8c86e3db827eebe0f249b5582e6e2cad8b9a1e7bf68 |
memory/2212-398-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-399-0x0000000000F80000-0x000000000145D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | a58be80b0b6be072704c1b81e098b766 |
| SHA1 | c0c11753bd8814b22dd203efbcd32c512ab3b35a |
| SHA256 | 45ac0a1e4bda91d5d701daf4688248130805f65d7959febf389bc4d28bd4f9db |
| SHA512 | 82a16c5dd9497c7db857c6856d52e2e654d0b3a9c00594264f7b928a2759a9b5839de55729f3fc94d41c2363e41eda9af36a531a469618876fdbb09348f2d7b2 |
memory/2212-410-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-411-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-412-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/5092-414-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/5092-416-0x0000000000F80000-0x000000000145D000-memory.dmp
memory/2212-421-0x0000000000F80000-0x000000000145D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-08-12_11_JYHA1IDH37kjW2ud4k03lA==.jsonlz4
| MD5 | 7c618c5385632ed123b3929e89a9104a |
| SHA1 | 877eef304b5bca587c7f990c0b187b1fbe666e04 |
| SHA256 | 0c052f029079668e4dc8f63800c6b2fd173fd97de4739e5a66d017df726f519c |
| SHA512 | 78e0c287f8367a1fb67e816d2ca7a675cf880d1a245ebc1f4633c52a54bd7fb8ba4564d7c07ceddd9f56c9efbaadb2da1ccc928f679645b3d91dcdac7c87d64e |
memory/2212-429-0x0000000000F80000-0x000000000145D000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 05:03
Reported
2024-08-12 05:08
Platform
win7-20240708-en
Max time kernel
299s
Max time network
290s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\76b0bdeda4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\0d383a3ff0.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\0d383a3ff0.exe" | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2972 set thread context of 2452 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1520 set thread context of 2308 | N/A | C:\Users\Admin\1000037002\76b0bdeda4.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\76b0bdeda4.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe
"C:\Users\Admin\AppData\Local\Temp\539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\1000037002\76b0bdeda4.exe
"C:\Users\Admin\1000037002\76b0bdeda4.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.0.656125712\598250611" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6add0101-14ee-45c1-a400-abf831f606d0} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1280 11dd5b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.1.291480274\1164672918" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7cb9435-499e-4bf1-ab61-6ad09f47b6e4} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1496 e73c58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.2.1800076998\784561216" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e0e8cc3-ba30-4153-9011-f10d637d5092} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2104 19d9a858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.3.1638369663\160610286" -childID 2 -isForBrowser -prefsHandle 2884 -prefMapHandle 2880 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a22aa4d3-c09a-4c7d-b47c-4843b7da7664} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2896 e64258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.4.1303826133\1581313732" -childID 3 -isForBrowser -prefsHandle 3800 -prefMapHandle 3784 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51dc8c79-ab9c-40f1-8cf6-f7ba190847e7} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 3812 1cfb9958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.5.1820247056\1565151837" -childID 4 -isForBrowser -prefsHandle 2784 -prefMapHandle 3328 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f35a8518-9f5d-43f7-b73e-c802ecd56699} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 3956 1cfb7b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.6.448088790\723047656" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61971734-602c-401d-be0a-543a123f90f8} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4000 1cfba258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.7.1855895466\457827544" -childID 6 -isForBrowser -prefsHandle 4364 -prefMapHandle 4304 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fa2fab8-765d-4e98-982a-0b138dfa9b93} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4360 1ad9bb58 tab
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49316 | tcp | |
| N/A | 127.0.0.1:49322 | tcp | |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.174:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | tcp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
Files
memory/2644-0-0x0000000000390000-0x000000000086D000-memory.dmp
memory/2644-1-0x00000000771B0000-0x00000000771B2000-memory.dmp
memory/2644-2-0x0000000000391000-0x00000000003BF000-memory.dmp
memory/2644-3-0x0000000000390000-0x000000000086D000-memory.dmp
memory/2644-4-0x0000000000390000-0x000000000086D000-memory.dmp
\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | d6612f5d347fb3a1e9b74b324271a5d3 |
| SHA1 | f4cf302408405179d0c865438d38cdf1dec0cf80 |
| SHA256 | 539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87 |
| SHA512 | 66d2c5d204236b07902be2ba81114e88b4f0009e3b2733c490f83d5fb119e15c0670759bbb7c08ab44f1aaff2337bcbdb3efc155cc69dc348be2cdcf62cc13c5 |
memory/2644-14-0x00000000070F0000-0x00000000075CD000-memory.dmp
memory/2644-16-0x0000000000390000-0x000000000086D000-memory.dmp
memory/2728-17-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-18-0x00000000012E1000-0x000000000130F000-memory.dmp
memory/2728-19-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-21-0x00000000012E0000-0x00000000017BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\0d383a3ff0.exe
| MD5 | db946418424011c782182c76ab8c179f |
| SHA1 | d640d54d341cf6341bd434c9015d23d22156612a |
| SHA256 | bfdffea79fd6126c2256fab3f3b0421ec9b3a77a618fc406cd0f2e7d4a38f04e |
| SHA512 | a73c645fe96ff6e49207326af35635998af343d2aa5ddd5e8b2bbd2bcded52869d588bb8c69eb220593d3152be99812e3462b1b09deea80adcac30bed9ed8956 |
memory/2972-36-0x0000000000080000-0x00000000001B0000-memory.dmp
memory/2452-46-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2452-38-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2452-43-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2452-40-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2452-54-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2452-52-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2452-51-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2452-50-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2452-48-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2452-45-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\1000037002\76b0bdeda4.exe
| MD5 | 62c81eb8cd78dbcf5767f84caad6972e |
| SHA1 | 9a508e8724c1431394717ebd3c6dee2f9f21d082 |
| SHA256 | 166a8fac98b553a4e3647cefc034fe826b753958c0be902d9483148edb001250 |
| SHA512 | 2feaa6cb070e548790b01601fe13846cd7eb005e2f1b8441092f4f92a1e4cfea6c1bc84314f78ea023e10bec8e3d5712ca43336c090eed0073c7ed99ebbf5af5 |
memory/1520-69-0x00000000003D0000-0x0000000000408000-memory.dmp
memory/2308-79-0x0000000000400000-0x0000000000643000-memory.dmp
memory/2308-83-0x0000000000400000-0x0000000000643000-memory.dmp
memory/2308-85-0x0000000000400000-0x0000000000643000-memory.dmp
memory/2308-82-0x0000000000400000-0x0000000000643000-memory.dmp
memory/2308-77-0x0000000000400000-0x0000000000643000-memory.dmp
memory/2308-75-0x0000000000400000-0x0000000000643000-memory.dmp
memory/2308-73-0x0000000000400000-0x0000000000643000-memory.dmp
memory/2308-72-0x0000000000400000-0x0000000000643000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\ef9258e7e9.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/3060-102-0x00000000012F0000-0x0000000001533000-memory.dmp
memory/2728-103-0x00000000065B0000-0x00000000067F3000-memory.dmp
memory/3060-104-0x00000000012F0000-0x0000000001533000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 22f6765c3b05f569ff1f609ad71dfa58 |
| SHA1 | 59fc5c7804457dbbbeb8485151cba6257f21b833 |
| SHA256 | 215adfddf022e657ef0bcf5dcd66d4c2740af20afb563d3662ed7c1e88119dc4 |
| SHA512 | 7685a21a9ef2489ef6f3e704fd61564ca003b8fe0d38b6fe5af4994920d31cb9fbe1217cb5fd165feba21844e0bfdf3ee997704f73e32f79b6f4f82cdee223c7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\d90a86b5-2247-4287-9e5d-35d61fcdb879
| MD5 | b88cb8bf7c9a324e6420ad04034c63ac |
| SHA1 | e61460a0f61eac0235c1acf854d14ca5b3271483 |
| SHA256 | f98fc28d7932dcf66d6b0d74dd394ab732b7cf3b41bb3cbc6025f9fedb78f33a |
| SHA512 | 02e685fca8a35bfb7ff965e9fd0e9232793e683f408de608cd5de9d9f789283396ae7c6d8fc106a8b3b4cedeeb55c16dd431e50f89aed3aa04d58788724f0e62 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\0bb486a2-1330-4ea1-9f21-c73d26059f6f
| MD5 | 224e33e810f1987166f1e03fa3b75a0e |
| SHA1 | c94f911260a560363f1697f2db86e5b7fcfd1d6b |
| SHA256 | 36fdeaa80182de421b527e43228fae00858ba80c9ee3520a01cb7ef24ed6b4ca |
| SHA512 | e9c326f1e95cf703fcddbeea4c121d1a7210d27359c9cafc276d991354e466244caffb6087ef21858da400b82db533e8f6b0e24da664e5efbedd71597ac19eea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 3dc733f51b6c47c0e57ae7035b9abacf |
| SHA1 | d4c28a6f9d4bae9e297440a46726a2cb3e2504ba |
| SHA256 | aafa700fb884f14becaf86a0eb9df79dfa15885b2ebe11cabe5f48a3a5d9e0e1 |
| SHA512 | e02670f6fa626a21ad150e0e0e589ba9f1f7a1fb921dc28f4117dc0a30a337b9c9b165dd0a30da864fe4dbdf130372e846648792a0bcf5aad4e8d28118101067 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 67d69718f3a897829a16e486c7411d53 |
| SHA1 | 10a24ef440813948dea463f11b3084af4942667b |
| SHA256 | 8e065c9171abf0f5d6f8ea7279038bb26e97f29bc1a375879489d250904cac6c |
| SHA512 | 4101195a7269f3e675f6e1624742bb294d8fde0c4e49113b740c8b0521936f16356737f1d8826228d55a584ce39ce88294fccf602bea6ab43bd0ba591a2606c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js
| MD5 | 2d893594787dcad4867171b408e78252 |
| SHA1 | 606431a1794f9be55333c6004e01764f26b8db2b |
| SHA256 | 86bc409d00be778727165f919d52d850f9bf14dd49c020a3fbf5f3cddcc9384a |
| SHA512 | 6e38255a90eb3c5dc43fda11576584354190e328a7c65ce58bf55546743831f2c159d547a601de3f9306cdd01d256cbde5143dca09cbb440d25f4b10152f05c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js
| MD5 | 3ad1b17cbdae3524b0e088db88756621 |
| SHA1 | ab6d3e77b92e7908653f3a5422dd2a819a911fcd |
| SHA256 | 347ca0f68857c78ddbfec418bc19ae2547a9b1d1ec812e882a6f7081c5ac360f |
| SHA512 | a32765ef4c944548173fb94db0e2b4b76cd23ace64f13286edcdbf4649c89777dde204bad445b8dbf46d85923d5d0cbef9704551a0aaa9f5904d2d40379f3c2d |
memory/2728-260-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-267-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-268-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-278-0x00000000012E0000-0x00000000017BD000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ebe73c432e112ff0e7752637dfe9e6f4 |
| SHA1 | 061f90805281ae5993eb40537df7358f84d98a6b |
| SHA256 | a651fce736c6eabea5bf06c24c028963c7ade21d839fa925ca73637ddd9537e7 |
| SHA512 | 039fb878245f3789a0a6de34902901d8790669fbd3547243c8e7f664876f81790d6fac03146ea9919dccc6242028f93ca03d3075c667556641692053ad1725f5 |
memory/2728-284-0x00000000012E0000-0x00000000017BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
| MD5 | 08bdc6d15d5a8f8401675d3c66263a36 |
| SHA1 | b68950a9d31fa666525a4b6b34af39a3285157b7 |
| SHA256 | aa8909b42bb0ab89e3e04ba6c447304996560446e0b5df3893b2f2beb32f2f7b |
| SHA512 | 2507a3324c19bf911dfcc3a93c0a3fe3a2f6c8bae3017ab30f35aabad39de4298ac78a9dc2964be8981805f5ed9222dbd3a2cad5e6f1da30433d6eaf2bfe8040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
| MD5 | 9ea8f2dd9f91b0105beb1ce8f066474e |
| SHA1 | 627bd4a6f594a3ae33647dca0b825b26a9c92da7 |
| SHA256 | 59e5a110d6520a402b2636e0fbc536e94556bb6a576929c858ecf862a1bc0ce9 |
| SHA512 | a095db0570d3d907b4ad4ee48d995138dc27adb788952a3c5248a4a61c00212f125d85eb333b182c730d7e05a1db6504e49c72404fc39cda4ebac8b4375fb6eb |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
memory/2728-366-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-369-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-371-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-383-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-384-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-385-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-386-0x00000000065B0000-0x00000000067F3000-memory.dmp
memory/2728-387-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-388-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-389-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-395-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-396-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-397-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-402-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-403-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-404-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-406-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-407-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-408-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-409-0x00000000012E0000-0x00000000017BD000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
| MD5 | f653faf279801755e177d50f9c9fd90e |
| SHA1 | 310427a16367429cfd0e94f55b4dc9fac0e7c1e9 |
| SHA256 | 3f8c10833cdb9352d9fdc45cce7002977ddd6944b4d242393fdffb8022f990a6 |
| SHA512 | 737d19bb38af7d0b89249842e3a04873511f98874ef5631e6afb7c744965fd0e42d9163a72a1b4363b1293e5a50f797753d965698e4775aca3b5829b4df5d5c0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
| MD5 | 4cd8468f8987fdccc0dcc352f277d771 |
| SHA1 | 897279c741789d992362d0fc448bb0205a73daf2 |
| SHA256 | b7e34c9fb8362632d19c22fad541b05901cfa7a21bd0fbf42f58921b335f10d6 |
| SHA512 | 327c90a2704b3c7264e64f54c4b25e8872cc037d43f8c87d347c4fe2c326d520e654580ad684e58a80df1c9913255035bba6884445a3b5649e69cd6141a6165f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085
| MD5 | e606975b67224fc62bfb6bd357059dab |
| SHA1 | f2b57d2bd8bd3a558de95a6f3242a0d2cc9475e7 |
| SHA256 | cc4a93acf74c51e49e9f68e6b48779bcb27e2cc83cefbdc39d95250bacecaf8f |
| SHA512 | de5925688d12f6b4324e417938d11c43e441658d30c7d4e0d04a911d96223f4c6af2de7a4951ecba5bac3d85049f9cda1a6dbd8ca4236648ec6f652596a23c17 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 73af200889d2367a978cd6e42d3b3810 |
| SHA1 | 7b37d3e1e2a80eaf1fc71a0805b825fa302a9f3b |
| SHA256 | 42d0895cb9851fbcaedcd2220edb6e554e0d08bc2c62a39174b891432db38021 |
| SHA512 | fcc800635efce012f5f9cd83225903f307292db4278ff2c35370e5cc0a490bf0b88506a97b3a96bb443d7c2006035b32573ccc21324764c4f3a9a5aa23b06856 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 38736a3e36d43ef00b57727745c66eaf |
| SHA1 | c50be94bf8740a1e0f5409318a7b9758546a92b6 |
| SHA256 | 3045686c7097fce6c6d40f3810d535c58cc6b6be79ce15bff59e9911f8af80ed |
| SHA512 | 1a3df2ce786bb7ac49d6038f6e7b3e5ba0772f12c0f7ebda0c77c7c849c43032fceedd283a291c8634819fdd9f61d008fab9050be2307ea8ac2e5d8dbe399574 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
| MD5 | f04241785087a81fa354403e9f0c24e2 |
| SHA1 | 4cc082b28f1e7615e6125eb284b30f96693170dd |
| SHA256 | 147f44f854f77a899beb4442fe7a350fe4b713bfde97b47509b90d91fbd6c9ba |
| SHA512 | 0003ee6b74091057c5383f36518f87229e810997097a4bff1caef87cf5c083006cb0858bb335b29dd4ab7c300a224e9750337316c63d8229c126415b26d23ee4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\2AFE87EE06052E1C99E4C0F9FC1832E19231E674
| MD5 | 7eaea68abcb240902ccc22e91daafd7c |
| SHA1 | 50114f739f1a55152c7da7767d25c7198159323e |
| SHA256 | fa8aa7cb834cc68c8780a6ba76ffaccf932baff383434cce2698f988bf4a6cd1 |
| SHA512 | 793886d47f96c1c79a39f2ea3ec6bd271b0050b8d1cbcec9487d7c0f488eaeaac67222a66c90964e25b2b0a180e1070e58fb0dc62681f18819106b310ee11b2d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | 4e6d52d6d66c43e3c6b70507b7247373 |
| SHA1 | 29e291aeefc71d1efd0aeb3adf1a05e3da7c530b |
| SHA256 | de88ad8891208677429aa216706c1014e1b8d02e5c7c3b4932b9c4b6bd465c80 |
| SHA512 | 157477d297ebde9187f1638a2af24cdce791a451332465b4b9e74ddf4ce667c06955c4337a5a8a37b1471c922e14f14e7c6b3b7371ab3165b1096c1f2772b9bf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 09fc8a7821998b4b159831fd4fea8458 |
| SHA1 | c4e634861c2dd973e6b0bf8c9a9839718d76fe31 |
| SHA256 | 06f0e1b7f349ced06254bb43880c61c07024b9d63fe315a637b6d4329eb695c4 |
| SHA512 | e4d2984d1017f664bea0c584a357e93d1e045d86b891e1adb90a88850cf22ce73dce4c25aaecca5fd3e7bfbf9da6d241715012cf4106ce3851cde8420587d7be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\addonStartup.json.lz4
| MD5 | 35860b7440797fdf92b6b343858fae39 |
| SHA1 | 62c24f43eedf6e71b226f0159dbbfeecc152f47f |
| SHA256 | fa8d0fffa1b53a2ef40a65da9e28fe04dd91f053f4784f542714e60b4290f498 |
| SHA512 | 5ae3d1a8279ae0fdf7954c3cf2279ea9c525e36547c4ed92049f741be6bd46bfef82b40763c7d01e0620dcf356fc9fc45b12be4dce319d4d9b354f6fa15d1a69 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\targeting.snapshot.json
| MD5 | e0706492dc88c246ede4f60eaee14ce5 |
| SHA1 | d569516ba6b89688858f39231b77721cdf06df89 |
| SHA256 | b699e7c2dc62bed9049cacd5cbd62e5fdc504e5f168b1ec1b064e60d18a7e76b |
| SHA512 | 7b96b24693e37b3b133677b2fdd34c65df4f9ae2b6a2e8b860f10ffeb9b873129aff6aeb7552443745e1e9bb3599edb2c0639cba9d5615a81c79333857fbb6a2 |
memory/2728-477-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-481-0x00000000012E0000-0x00000000017BD000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | e927e39355930933a91017726d2ec446 |
| SHA1 | a9880e239220a4680be696d712429b16afd908fb |
| SHA256 | ad37a461a1540820708777b753d605e233110473f1e6a4cc7fe1d6fbcaabebf3 |
| SHA512 | bd44faac67b8529372f894514abb6ddf61217f747726f143db3511c71dab6692c4c64c22e01bc66b6af2a06f93a191a0f97e7e18aa20ed68f7d4af7cf8c166ca |
memory/2728-490-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-491-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-492-0x00000000012E0000-0x00000000017BD000-memory.dmp
memory/2728-497-0x00000000012E0000-0x00000000017BD000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\bookmarkbackups\bookmarks-2024-08-12_11_kKcgUJaYx4JrsBzZ+MJTpg==.jsonlz4
| MD5 | adb0c9d188e29cb167b20a20edfa5227 |
| SHA1 | 25a28f4422242beb7bbee504261a0090b94a4d4a |
| SHA256 | d010c1fc01ede7e4423330f5951a99b6d3255921b1ff18325bf2dbc2d3437324 |
| SHA512 | 6570fbee222d92f53f8eaab1fe9d5435a196081f0d4d8a5279c6735cc5c94e754f803b5080f34bee389fcd67a4873392dd80ac86ff9b84a5f0283ba7a4afd67f |
memory/2728-505-0x00000000012E0000-0x00000000017BD000-memory.dmp