Analysis Overview
SHA256
a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08
Threat Level: Known bad
The file a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08 was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks BIOS information in registry
Executes dropped EXE
Loads dropped DLL
Identifies Wine through registry keys
Adds Run key to start application
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-12 05:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 05:06
Reported
2024-08-12 05:11
Platform
win7-20240705-en
Max time kernel
299s
Max time network
298s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\ee319cb5d0.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\3463c39ad0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\a9bed322ab.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Windows\CurrentVersion\Run\ee319cb5d0.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\ee319cb5d0.exe" | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2380 set thread context of 2900 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\ee319cb5d0.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3044 set thread context of 1056 | N/A | C:\Users\Admin\1000037002\3463c39ad0.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\a9bed322ab.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\ee319cb5d0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\3463c39ad0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe
"C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\ee319cb5d0.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\ee319cb5d0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\1000037002\3463c39ad0.exe
"C:\Users\Admin\1000037002\3463c39ad0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\a9bed322ab.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\a9bed322ab.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.0.117122171\562446046" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31ac260c-9ada-4353-a54b-fb893ba6a442} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 1292 115e1858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.1.692474941\369092715" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18c873f3-dabf-4f59-8c0d-ff78e809033f} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 1504 f73358 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.2.893094459\764723427" -childID 1 -isForBrowser -prefsHandle 1876 -prefMapHandle 1988 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4621c236-ac80-4513-a1e8-db56d72ae867} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 1836 11560758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.3.48218789\1436933025" -childID 2 -isForBrowser -prefsHandle 608 -prefMapHandle 572 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {448d7d3a-b4b3-4a24-9a8a-acb542360164} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 2388 f73058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.4.1985243906\764023589" -childID 3 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b702f4cf-96af-4ba0-bd39-5613517a9559} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 3824 1de0e558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.5.1244208476\101597115" -childID 4 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9788436f-9da9-4269-a2fc-e38f92fafccc} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 3920 2119e858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.6.1879564007\1835320592" -childID 5 -isForBrowser -prefsHandle 4112 -prefMapHandle 4116 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17b622cd-8896-487d-aca9-d7e44b413914} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4100 21f0e958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2348.7.609352567\1719480921" -childID 6 -isForBrowser -prefsHandle 4364 -prefMapHandle 4368 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {642f01a8-76b9-4044-8cb0-fdc36ecc602f} 2348 "\\.\pipe\gecko-crash-server-pipe.2348" 4380 1b4c8958 tab
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| N/A | 127.0.0.1:49313 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49319 | tcp | |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.174:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5---sn-4g5lzney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
Files
memory/860-0-0x0000000000B10000-0x0000000000FAF000-memory.dmp
memory/860-1-0x0000000077790000-0x0000000077792000-memory.dmp
memory/860-2-0x0000000000B11000-0x0000000000B3F000-memory.dmp
memory/860-3-0x0000000000B10000-0x0000000000FAF000-memory.dmp
memory/860-5-0x0000000000B10000-0x0000000000FAF000-memory.dmp
memory/860-10-0x0000000000B10000-0x0000000000FAF000-memory.dmp
\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | f19c5b8c97857169bbfc5aea1e12d2fa |
| SHA1 | 6895c85c50e0214bb4b144067edd829a70cc5dcd |
| SHA256 | a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08 |
| SHA512 | e33440c55909fe053745c71220701663897eae4f4e57c1d80d02168cd93e15934643fba20cdd5455702c57f4c3474def52b72a13c65f51addb3a680deb21b0cb |
memory/2656-17-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/860-18-0x0000000000B10000-0x0000000000FAF000-memory.dmp
memory/860-13-0x0000000006BD0000-0x000000000706F000-memory.dmp
memory/2656-19-0x0000000000BC1000-0x0000000000BEF000-memory.dmp
memory/2656-20-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-22-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-23-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-24-0x0000000000BC0000-0x000000000105F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\ee319cb5d0.exe
| MD5 | db946418424011c782182c76ab8c179f |
| SHA1 | d640d54d341cf6341bd434c9015d23d22156612a |
| SHA256 | bfdffea79fd6126c2256fab3f3b0421ec9b3a77a618fc406cd0f2e7d4a38f04e |
| SHA512 | a73c645fe96ff6e49207326af35635998af343d2aa5ddd5e8b2bbd2bcded52869d588bb8c69eb220593d3152be99812e3462b1b09deea80adcac30bed9ed8956 |
memory/2380-39-0x0000000001130000-0x0000000001260000-memory.dmp
memory/2900-41-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2900-47-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2900-45-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2900-43-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2900-49-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2900-57-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2900-55-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2900-54-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2900-53-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2900-51-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\1000037002\3463c39ad0.exe
| MD5 | 62c81eb8cd78dbcf5767f84caad6972e |
| SHA1 | 9a508e8724c1431394717ebd3c6dee2f9f21d082 |
| SHA256 | 166a8fac98b553a4e3647cefc034fe826b753958c0be902d9483148edb001250 |
| SHA512 | 2feaa6cb070e548790b01601fe13846cd7eb005e2f1b8441092f4f92a1e4cfea6c1bc84314f78ea023e10bec8e3d5712ca43336c090eed0073c7ed99ebbf5af5 |
memory/3044-72-0x0000000000050000-0x0000000000088000-memory.dmp
memory/3044-73-0x00000000021F0000-0x00000000041F0000-memory.dmp
memory/1056-74-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1056-88-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1056-86-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1056-85-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1056-84-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/1056-82-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1056-80-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1056-78-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1056-76-0x0000000000400000-0x0000000000643000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\a9bed322ab.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/1052-107-0x0000000000E00000-0x0000000001043000-memory.dmp
memory/2656-106-0x00000000063A0000-0x00000000065E3000-memory.dmp
memory/2656-105-0x00000000063A0000-0x00000000065E3000-memory.dmp
memory/1052-108-0x0000000000E00000-0x0000000001043000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 445d8376bcbb7960d48c64fb6b4b1391 |
| SHA1 | 6ee907c84c41dc3493420220ed22d86daddc6f09 |
| SHA256 | 42378b9534cae033c921c3a06c413fd280e68bdb8fe6068d5f78e313638f17d6 |
| SHA512 | c085f4022b5a0cf8c1ce0ad6bba13108a10e975197798a80361fef81d642da79bb3074e849fe0e0518f7ce1b662d7849816b9ed6b5b80046bb9d88c7c4b6b2ce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\pending_pings\9507cce1-d512-4475-ad67-c75704db05ba
| MD5 | 7e7130fb3edd2875cdbd9660eff7e15e |
| SHA1 | 3c443b27793d1452e1feefababc4c9fc458649f3 |
| SHA256 | f66ecf87fd0bd86ef91b8ae3ab01a70332fad46b7cdf2c270cf5f10c241a7df1 |
| SHA512 | 73f9f0c63261adfa10851e41de751c2b6dbf50f67fbd2f869c064be0a590613ff06a8e0824a7385c82da2475935818547e52d34ad3229afbf1659f210d37bf15 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\pending_pings\2e24c821-2d17-4445-8671-b4c7186cf18b
| MD5 | 5e0152985062651095139db02b46789f |
| SHA1 | ac81394bd6ba7e55931270d59d02c624100e8441 |
| SHA256 | 56a641bbdcd488a415d505b4752dc72234590b913e7dfb312d72f953034a025d |
| SHA512 | a39505ed8a5382c93a2eea60ff7864f26425c98c74b2acfb3df422ff0c9e4beea8da3db65956a47b8be6900589042c167b8d17f052eab376757b5b5cc89ca357 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | d2733b4fbeb4e439049cc5be9c8e2441 |
| SHA1 | d785fea6f76422ab46f2c4d690c55f66f8ac2d4c |
| SHA256 | 540fcec1bebb679cfa2430462d03751d62efa79800744e3e5006756713823918 |
| SHA512 | f2de8de63e5524e6f397d28f5d0db4d8d66cef8ca29db373fb68fe4a36f6490e0440ea37f5e5defc5f6b8440e4c374b7e61279397d5f6c25e62b940b62b3302a |
memory/2656-197-0x0000000000BC0000-0x000000000105F000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 4cfc61b3c74023c65ce45cf7b4be13e6 |
| SHA1 | d074ebf92f816dd3b00b7bf0a78fb436e0c3bc11 |
| SHA256 | 002e5fd1f4ef567363fb381448ee09f3ebc1cd6289e92289f60d070b1eeca786 |
| SHA512 | 64b35d5627090eb4db04f81cdb8f4007302fd200d36fae6abd7c3de8bad9669d58fb66ec33289ae9af4d876db079ded0237330499fa028509fe2350c4141aeda |
memory/2656-237-0x0000000000BC0000-0x000000000105F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
| MD5 | 703b8e4e677f45857bf0496493b1e719 |
| SHA1 | c27b36be80776cf719039b72d7e1a45cfdecdeec |
| SHA256 | 842add14bf40c0bedc9859fe97c38e6efea85b442d139ce01a21152935b1b456 |
| SHA512 | d0dcf297a3a21f1a9237bd6cbc71ede652104baceb23074a44ec28835db868e4e3bb8b7caab56f492f372bd35695bb2147a733698ea4e9592e7d8027719d5a6f |
memory/2656-254-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-255-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-256-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-267-0x0000000000BC0000-0x000000000105F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 72777279e2f5690f149508ea19f29886 |
| SHA1 | beb9c0f1068a20c3a5e545360885558af3cc4332 |
| SHA256 | c2b758bb47bd5e6871501cdd1e904549b4097e36873c2a701136038d78f7924f |
| SHA512 | 8f8c20b17c880e9e725554c91ab22f322ee0473ab584a075fcd2ccc993f1cc562ea94da1fa4895ce4684642125fbe9d5ebd19ad5c80d53635322f3f132478ba4 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
memory/2656-299-0x0000000000BC0000-0x000000000105F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
| MD5 | 5ee4bdfdfc61ce154be6829e79c850e1 |
| SHA1 | 4a1f30eeea731875521ec69c1007e9d07053dcc5 |
| SHA256 | 1bef99d75ed687a8a3bea4951cbf0a1f3faba5778e91e0893ac1d6f22ae45e5d |
| SHA512 | c1c84db7de3262c2b45aa2ef5524e3a77bb6af3efd65307bfa6fb1029fbdfc88d5e5dc778b03af4dba4aeba041048bbd333ef4737a1a347e57baf2bf3dd2d79d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
| MD5 | d493dd71b0b867f909f10e782c06821e |
| SHA1 | f58ee631625c9bee7a28a216393df67062c84ed9 |
| SHA256 | 1c4017ba2afb650e9fb30627fe1f79f5c66e43e578fe071bc0fea09cf49abc0b |
| SHA512 | 7becbe5f40ae658669fd5bdae1cd96361166d0eb536c0ad29ecad026055d1d52ba030996f8440b8ebce1f5a0a2684d1abf40bed11a5618bf995afaea47b34c8a |
memory/2656-354-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-356-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-358-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-370-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-372-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-373-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-374-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-375-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-376-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-382-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-383-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-384-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-389-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-390-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-391-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-393-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-395-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-396-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-397-0x0000000000BC0000-0x000000000105F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
| MD5 | b73304ceb98de8aed2906377733ec46f |
| SHA1 | 8b7125bc4fee961fccec00c8db104e23eae905be |
| SHA256 | a81c41d500172be77b03a80b7bea79b5aeec7c3ed8f9c96c8b7eeb2b80188e90 |
| SHA512 | ee7cff16a41df5ec80d727ec3523dfc0805af96e89ddffd9f15182f528da1a7646ccf81843d666b0641187fa81abd848e9ac24f8bb90f4650c1674ef026c2df2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 7323a679f2823662a1f66ae6f4122fb9 |
| SHA1 | cfd2571abd5d7c21a8a3dd4ec97ffeecb34e6bd4 |
| SHA256 | 2b252816c77cec54d576141447dd937f2450dc35126f05777e8493a2b0b1d160 |
| SHA512 | befca88a634fde603a7f045aa0c384619393cea069b0c2e8cd4748b2af4ddfa1ca99631a4bed9e2d86fe25c10db86f863a4763cf17e9fb294c0caf9a90ff36b5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | f42edf712252dc4197986aeb13772b59 |
| SHA1 | b240d8043390ba02704dc178694f0fca554a5bff |
| SHA256 | 5ab6ad54d86c3974acbed5730a1900f3ef266ae93e29c6c8e8feb5f0ef9b0292 |
| SHA512 | 2b07b44f698b519fd7ea7aa1abe7a1ed9cd7645ebc3874a4dfabf449eab917685ecac07e21cadc7fa44de666f82ae367be9572dbd67f6a3d23c6e98e30fc4c7a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
| MD5 | 021344f3aaee97b8c4297566cb148eee |
| SHA1 | 277eeb1ada38c46d20f6152a9959092329b077ec |
| SHA256 | bc154ef4ec5f44089e467f56c6ae95b05379e304edcc137ad9493b0b32c109ac |
| SHA512 | 18422ba43265c81e07097bd4b57d12a221b8a8fe0a63188ad139a0617fa1fb463ad1d421debd4d90869c9e631e25188765aa76fe3a6b1ddd2e97826f57d6525f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085
| MD5 | 281b72ee3ead4a01b019a47f81352466 |
| SHA1 | ff0cbfb06c23fac42a2e3dac6d152e7003511e4e |
| SHA256 | 0eb504cc05ca3123f1e440ea3a321801267251a6eff6acc68c43bac54625e954 |
| SHA512 | 5c54ef3b8259399eb5926a91afe2ebec42afb37205b27e913f3a4dfa9641c4e1e8aa2b5ff90eff9d051c30cdb48fe9e43d686bcb44e1beb37dac8541c46d6b15 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2
| MD5 | 537f20568e8d56901f42517220660ba9 |
| SHA1 | 10c08141f76289b5b2ed1271496a6e29623b4104 |
| SHA256 | 0f125acb50c474b4d07769cdb7e2a1900c305f2f3d0b6a224b7e9f41781fe508 |
| SHA512 | 1274a43614e6020651bda8140f38c4fb38ef156c453afe6615ca32d8aefe8a04503371441c676e3b322175e1f3533b9694ce5a2eb10afe8d33a00a0d52d2b2f0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 711c4cc6d8051fe21c47d194eb43f6d3 |
| SHA1 | 1e1ece970a901824dd725ff9d1d1d0fe7b286cea |
| SHA256 | 479e986b1f447cf8f1e60b9f6f8f8970db35482ed9862ee168f6cc5dab122709 |
| SHA512 | 91032e8fd052caffc94d6a9d37103bca0a43578d46eef632d1404141a87f7b6870368c99c035df7bf4ee8b1fab9830045037e91ccbf6e4fd169ff8b5851109bc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\entries\AA7662676C412E5EC4DEEE18BFDF4261862A08C8
| MD5 | a78413d162c89cbb4bafc78e366f68d9 |
| SHA1 | e5cf224ff2b19095f120d177a5b9c3587be993f7 |
| SHA256 | 23cf9aab050422eebbf01dcadda219b125858c59dc8f36423777242652293434 |
| SHA512 | 876b1cdf3cee6232a521f5d3873417f61a189ae92cd268b2942368bc76f2470f550923a2f1f815c1b6097054e37deb14425229da44b4a4e71d7e9e66d105ffc3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | 109781a51e23cfa1bbe82fcc4ea235a0 |
| SHA1 | 929689bfe7c4414f367b96afc3990c979b03da07 |
| SHA256 | bb4a13c444e1dffa2e78517616d51c5bb5f41d04df337689bd1f2fcaec6eeb2c |
| SHA512 | 28f70349f4a7f9be6f44f24652ea3f83b71c8fa79fd664f6c1ffdd3b55cff84f2e08cd509fde4cbd04b87c9b67d28989a6ab55e7662acc70fbc7644a23616ff9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\targeting.snapshot.json
| MD5 | fa263fcfe04d8f760ce3cc07534b4831 |
| SHA1 | bb6e5e6a206d744c012c98b2e165b83065d2ba3e |
| SHA256 | 366a419f8a83e8cd068055df9bd8ba84f581dfd78c1257b4c2e1c0e01c84b99c |
| SHA512 | 880022cd85b63e1ffef131abdedcee0fe19eb8229390bbb4bbe74c223ed0b43b3906079e1d20a9a4d2c0d4a8efd8a518815be051a9be7a985678e62672e192ff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\addonStartup.json.lz4
| MD5 | 35860b7440797fdf92b6b343858fae39 |
| SHA1 | 62c24f43eedf6e71b226f0159dbbfeecc152f47f |
| SHA256 | fa8d0fffa1b53a2ef40a65da9e28fe04dd91f053f4784f542714e60b4290f498 |
| SHA512 | 5ae3d1a8279ae0fdf7954c3cf2279ea9c525e36547c4ed92049f741be6bd46bfef82b40763c7d01e0620dcf356fc9fc45b12be4dce319d4d9b354f6fa15d1a69 |
memory/2656-465-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-470-0x0000000000BC0000-0x000000000105F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | cb1b75b915b683074a0ff9a3de3e3331 |
| SHA1 | 69250d39e214cd1deba64352cab1d15435f88766 |
| SHA256 | 750c36a8f222a4e33410b4da91e9d1aaea11dc4041769e17cd6a97ee0782eb14 |
| SHA512 | 2c7b4fc682590780fca4e93233d5ab162cf016280f79804c3a2947ad9e8b40edde7694973a7cecce317e1166a966ab5e80052667abd2cf1cea0cc5cae6633184 |
memory/2656-479-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-480-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-481-0x0000000000BC0000-0x000000000105F000-memory.dmp
memory/2656-486-0x0000000000BC0000-0x000000000105F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\bookmarkbackups\bookmarks-2024-08-12_11_L2sLur954nYBdQ3s4g+3lg==.jsonlz4
| MD5 | ecd71170c37ebb24f04d6d8ba720b793 |
| SHA1 | 5d0d3c42d121d7d5aa06f6b6c16a8f158ea29972 |
| SHA256 | 293e5875f539e4982d26fa3729c0d68477bd41f1b25ce8ede3c5149f6cac6d21 |
| SHA512 | 564c63c165bd972bc9f5dbce1ba0c6ffd163e6a18c284c0388ac5addc86b935ed05a7ce1c5e01bc0ea55d0fa33fbb9420cb13c9f409601e09b0cd2befecfe6f9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-12 05:06
Reported
2024-08-12 05:11
Platform
win10-20240404-en
Max time kernel
299s
Max time network
300s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\0647b321d4.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\d196e303dc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\0c3354ba85.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\0647b321d4.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\0647b321d4.exe" | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4592 set thread context of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\0647b321d4.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 712 set thread context of 4440 | N/A | C:\Users\Admin\1000037002\d196e303dc.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\d196e303dc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\0c3354ba85.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\0647b321d4.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe
"C:\Users\Admin\AppData\Local\Temp\a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\0647b321d4.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\0647b321d4.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\1000037002\d196e303dc.exe
"C:\Users\Admin\1000037002\d196e303dc.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\0c3354ba85.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\0c3354ba85.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.0.274293778\1692522620" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ad34339-c9a1-43b9-8a7e-626ab5aed5c9} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 1824 2ad242fcf58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.1.1484808966\2062191419" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9932ce18-28f1-4c0e-a8f3-7ec0c72430af} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 2200 2ad241ee558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.2.1977859984\1048470301" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2928 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46bd7f40-1d1b-471b-9730-4b54eeccc72d} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3036 2ad24257b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.3.2144126492\2091524018" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a802fdff-5ef4-4b8d-b50e-055a9260e09c} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3568 2ad19370e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.4.2103145056\1612165216" -childID 3 -isForBrowser -prefsHandle 4876 -prefMapHandle 4832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81cea882-d1be-4bc6-9cb5-ea4b9f9fcc62} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 4888 2ad29f3e358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.5.1876106620\1876906991" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5052 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ef0562e-bd6d-46cb-876c-183f504b97c0} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 4932 2ad2b6c6258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.6.1069174573\87113525" -childID 5 -isForBrowser -prefsHandle 5248 -prefMapHandle 5252 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2703623a-5d17-4f4d-82fa-dc63c4c30c28} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 5240 2ad2b6c9258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.7.1996055712\1048342376" -childID 6 -isForBrowser -prefsHandle 5488 -prefMapHandle 3188 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a310e41-a4b0-4eb0-a727-9655cee65946} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 5072 2ad19941b58 tab
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 19.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 100.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49828 | tcp | |
| N/A | 127.0.0.1:49835 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.99.165.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| NL | 142.250.179.174:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5---sn-4g5lzney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.163.125.74.in-addr.arpa | udp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
Files
memory/4588-0-0x0000000001010000-0x00000000014AF000-memory.dmp
memory/4588-1-0x00000000777B4000-0x00000000777B5000-memory.dmp
memory/4588-2-0x0000000001011000-0x000000000103F000-memory.dmp
memory/4588-3-0x0000000001010000-0x00000000014AF000-memory.dmp
memory/4588-4-0x0000000001010000-0x00000000014AF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | f19c5b8c97857169bbfc5aea1e12d2fa |
| SHA1 | 6895c85c50e0214bb4b144067edd829a70cc5dcd |
| SHA256 | a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08 |
| SHA512 | e33440c55909fe053745c71220701663897eae4f4e57c1d80d02168cd93e15934643fba20cdd5455702c57f4c3474def52b72a13c65f51addb3a680deb21b0cb |
memory/4588-13-0x0000000001010000-0x00000000014AF000-memory.dmp
memory/3496-14-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-15-0x0000000000AB1000-0x0000000000ADF000-memory.dmp
memory/3496-16-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-17-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\0647b321d4.exe
| MD5 | db946418424011c782182c76ab8c179f |
| SHA1 | d640d54d341cf6341bd434c9015d23d22156612a |
| SHA256 | bfdffea79fd6126c2256fab3f3b0421ec9b3a77a618fc406cd0f2e7d4a38f04e |
| SHA512 | a73c645fe96ff6e49207326af35635998af343d2aa5ddd5e8b2bbd2bcded52869d588bb8c69eb220593d3152be99812e3462b1b09deea80adcac30bed9ed8956 |
memory/4592-30-0x0000000000680000-0x00000000007B0000-memory.dmp
memory/2744-32-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2744-34-0x0000000000400000-0x000000000052D000-memory.dmp
memory/2744-36-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\1000037002\d196e303dc.exe
| MD5 | 62c81eb8cd78dbcf5767f84caad6972e |
| SHA1 | 9a508e8724c1431394717ebd3c6dee2f9f21d082 |
| SHA256 | 166a8fac98b553a4e3647cefc034fe826b753958c0be902d9483148edb001250 |
| SHA512 | 2feaa6cb070e548790b01601fe13846cd7eb005e2f1b8441092f4f92a1e4cfea6c1bc84314f78ea023e10bec8e3d5712ca43336c090eed0073c7ed99ebbf5af5 |
memory/712-49-0x00000000001D0000-0x0000000000208000-memory.dmp
memory/4440-51-0x0000000000400000-0x0000000000643000-memory.dmp
memory/4440-53-0x0000000000400000-0x0000000000643000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\0c3354ba85.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/2616-66-0x00000000010E0000-0x0000000001323000-memory.dmp
memory/2616-67-0x00000000010E0000-0x0000000001323000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\d3fe9c32-c113-4f48-a644-2be37c79872b
| MD5 | f130737059d3ebf435f35bf739f6879a |
| SHA1 | f2d9ac75c9e4db04c9825c4d96ab0002d3a2cc4d |
| SHA256 | 1ea9112104bd2f01ef4434dccf6c410e99fa2f2dacec376abee80dde413dcb38 |
| SHA512 | 8cb551401022cca9ec07b36002778d57833600ddf7a7319844489fff5b9c2fe57e9714ce2201d4a86e96018d0601275af1060ad593b1209436cddbe058969239 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\45da6d76-6e53-45d0-aa47-4641d2ab975d
| MD5 | f37969ba041536486405d18417e595e3 |
| SHA1 | e5cecea5d3ca051232f4a47d31fb1ca496ba4573 |
| SHA256 | 209552e50a726e9453d073316876ed24c0ff8a04f47ab8ca368829541d20025a |
| SHA512 | 683dbe7dde97e24c479d1a0ef60311ab884a56ced3dd8e075a93fa5d0c9ba207e208f870f7018acc131766b9a6ccbd0e05aa31ece69e055075eb7b1e3448ac22 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 9c73288cf6eef4c8ec8ba15e073f73e2 |
| SHA1 | a614bfc509d200abc6b67846f1e76fc251ba1c99 |
| SHA256 | 5b9c8937a3fc3341e9fff1c502a2fd0279d278e46fca1368f91983bf27dd3c64 |
| SHA512 | 7740566aeb33487faa550f074ee0451675ab1ddb641e297b04464aadbb1848ece2db6ad2f1ddd2341975bffbda53e5a20572d95972168a39b71fd08208e4d918 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 69cc4ce68ce55e681c368d219f32a10d |
| SHA1 | 28afdfa7d331fbb72dd993ecefea313f2799b446 |
| SHA256 | d4e13af44e4664821cf15715fbb0038aa5d3f03e3b7a15a7efd4745d77a4b8d2 |
| SHA512 | 4b1a2f353f0d8e1efbd9f1deafc551fdde86bed7d32662d025640b67c3a9e71e0c635a3fdab10196eb32ef5870fb58a6973c8920c7f42adbbd537ffb18c399df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | c26a2a8dca0de173ade1fa04557f113e |
| SHA1 | 8f1565b204c47e424bb96df09f4646f231e996ac |
| SHA256 | 37b1ed81a0459e069107d0c06a4fac33755788f0766a3af1ea6549abd2f9a68d |
| SHA512 | 24302c0c1e5660de45f96c2f85b8788a7ae663bb33366a107a2609896c18a065d6ee666f42323108558eafee9ce6c45ca72388efc5922ccd11c3e1013ff1bfb8 |
memory/3496-189-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-194-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-197-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-208-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 73dd6c923f924fcd7f5a33352de0c554 |
| SHA1 | 2cf50cd56819cae6b1d42138bf8c869739d30ee2 |
| SHA256 | f6168f3a9110dc9942c5e6c130d3cb718a6f6e3804137a880b6a75b1dd454daa |
| SHA512 | 202f9de9eeca9b809f89eb217f103b28a651d3290669144d77d7b661b78ba0ef8894f3873e6ec3b492e35d87873af34b3997a047eaf7696e3a2d3b476b68b4d0 |
memory/3496-214-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | f5cea2b4cd90c2711e47b3523bfad3e2 |
| SHA1 | 0218e72ed8a2e644fc0436b6942933e54b16ad95 |
| SHA256 | b382d952047d2363845bbba5639b98da8c02be0abb3ece6f37adfdc8324ef805 |
| SHA512 | bcbf50c074cb6c24ddd0b45b81c33d11915f4ebba0c28c02f65b275153747854d8471f3cb5e1502428f27ef4061506dd7b47ecaa708a2987d1330b608ccc6128 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | 31fd4ea298ef2d5e63e1aaa620eaa398 |
| SHA1 | 48a52a665bb69c000f197930cae98c5abdee835a |
| SHA256 | b56159ff50b87269fbf1e226473a5e39447e7746f935837c8e390945ebb734cb |
| SHA512 | ac8c8a5c45fe85d4e090caa1125c6756288dec67eedca12c2ecca5299a2da0b6f0b460d4111bf42a18ddb3d42b1330266b6a516b3ab566089c07252f44024ade |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1b6634af03eaf3c51c01ead40132ce98 |
| SHA1 | 99383e9263ca513ac687c6d58baedfb66aa97675 |
| SHA256 | f8ffc16c62f777b7355f7885184f9997e4c41c809d41fa9c1308095d12a2635e |
| SHA512 | 5d35abed9962e3880884c89e9f542384716371e5a6bc9d060bbf6c7affb1cc084826a2211b15b3f516ce66cc997994d427675d20b66b4635d75d9e3a582a799b |
memory/3496-305-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3808-307-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3808-309-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-310-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-312-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-317-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-318-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-319-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-321-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3516-322-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3516-324-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-325-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-326-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-332-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-334-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-335-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-341-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/4128-342-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/4128-343-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-344-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-345-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-347-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-348-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-349-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3908-352-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-351-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3908-353-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 3a3edd99c544c77cbc69aed1190697dc |
| SHA1 | 0d02866063543e94ac38ddb009c29b599c1f003f |
| SHA256 | 2d08db5fff328e78b5d5cb6c94a7f0fe1c87faa2548e4f249569a04f022507f0 |
| SHA512 | 180f07c2b1195e6572b25ac20118e6c1c1bd707f681fcbfacbb8e3d6a172e9a3f5d41a155959c885b4f57989ad4ccad7a5f0f51276fe7bf16e5a95fd2d04ff62 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
| MD5 | 5dc16a1a193f3b0a360fc42a94bfbbfb |
| SHA1 | 1e35501c660f7b46f30f4ebf8a8af5ae1b384fc0 |
| SHA256 | e436ebfa7beed3185e773ee78ae3548cece0a14c42ee191f8d35beda43799cc9 |
| SHA512 | f46f66b0474b776dd6d014ddc1345235e9a061930ea03614d4e914645b3905662d9e367170a30ae6ca5dc3f877440ab86bba53db0e7d73cf1c01f9d1071876bd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | 0d07344bb72477b3eda49156f7e2340f |
| SHA1 | f93bfa66be77315f99e72c0fa34a1371fe2f93a6 |
| SHA256 | 22b2efb6e486cedebe9ad2ed9a1e6d0676b8ff9fdde9ed1dee02038ed8cf5e5b |
| SHA512 | c158defb6ca89b30aa59d971f26f981ea489de22ead2f66eb4815d645d98e418f72f1c4b9201bb6c081f75bfdd26fc6c32079fc6f7e8255b9a0c5ee8372d83da |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
| MD5 | cbb9077d7df5ed6ec7809a5f95aff763 |
| SHA1 | 886d7b50a03f4d39a37d3554243cff8d9102bae6 |
| SHA256 | e01adfb997cccc7e3b298837a8953ece35191f0542f1c03168e7c25a21a699e7 |
| SHA512 | a63e780c56be4e8f5c52bb280a5226ed8badc44f977a97a05200828063eae8a224990b481710dba91980b3000160ee8b61950d09f4860a7bb6a9b4df230b9dc8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085
| MD5 | 022d820419bd24f738d93ec867ee9698 |
| SHA1 | 570c6ab8ef26064da104be92533006ff0436f111 |
| SHA256 | 0559db012ea3cde2eba4f98f6092e4a3c3f6cfd1f1f387f505e035f987030747 |
| SHA512 | 9c758244ffe347f660e4a1192bad096d6408d405ce2898ddd2c045e091234ff4504f0f019728cc7340d4d309df79a0de550d599cdd7e015da3c768d465d49731 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 9bf768d6483f2703e0f98067db6fd293 |
| SHA1 | 1672d456507b925668820bcfd387923ae538497a |
| SHA256 | ab12c6b3b8508a7d269c8f463274e138a2d42ad6c7b9296e0e44932e5289fd79 |
| SHA512 | 36ca07802cbf469198a8f08bd74f137870045b43bc47d39067796cb3d5f7392ba6d9a25c46afcf0013c734d9f79cf3c5558c2e7ef544036b40f919d549aec62c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | ee033682a9209215424fe759a6fd2ff3 |
| SHA1 | 7d359bb8eca0816e815aeef8bdc17ef5e0422eb5 |
| SHA256 | 2012c9151bc889cc1d3cff6f0a6b080f939107da858190f6a0449aee4453c662 |
| SHA512 | 702c209483dc5c1872ca6612abfdf9fbc728351bbf55a61f0dee767f39f1ff703db5ca5328b08f74494678452d1cdef5067f54c8b894825bed1ee07cf094f0b5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\targeting.snapshot.json
| MD5 | 432745bc7f52fd0abdfa516ac8b78c39 |
| SHA1 | 86c82719777b50269b2052a641d21e2ff8f105c1 |
| SHA256 | 3ecdb30146865539ee3215e95315363c93b63b5d02c90c915a4c841079f6b2d6 |
| SHA512 | e1cc7711c83be9433a529e3f9aefdd836305062201367f9e24e94d2dc207ded5c04b5fa8c14ce656d03cd0d1056b867f09e2ea03b2ec4c0446b44a50eae66e67 |
memory/3496-405-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-406-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 88ef70fae4eab74a3127819240f2a88f |
| SHA1 | d8fb7bb05dd247d83706c68977c3a1ed8ad75a7a |
| SHA256 | 7873f1400a82fc84ae717bf687d5b3a770caee003b0fbe589dce0fb594cd2f71 |
| SHA512 | 2f68c7a2e268ea57a7639912183d050cb12f4995643fe2cb8efebff96addbcf31dcb5fb16ed136711cedd4b603982b9d2be77577fdba46b8968ca6aa332a1024 |
memory/3496-417-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-418-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-419-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3496-425-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3860-426-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
memory/3860-427-0x0000000000AB0000-0x0000000000F4F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\bookmarkbackups\bookmarks-2024-08-12_11_MaaMR8mhAQTbCgvsLumwIQ==.jsonlz4
| MD5 | 838d93fe7f64f4f752cc6aa88379ef54 |
| SHA1 | 55f0a2bd40fd96e3a319f886a58891fd9d416c0b |
| SHA256 | 1b13e0ebb1dab164edd26588e55ea99c9909f18c56c9a3478937d96719d9a54d |
| SHA512 | 8a4fddabc8792bc2fdc4868e1873f415614c3dc08bbb50272b64fbab124b4516ab0e3be04f31cfb8e02e7b653bff231053208d1638dcf0372439dcec71d33f00 |
memory/3496-435-0x0000000000AB0000-0x0000000000F4F000-memory.dmp