Analysis Overview
SHA256
6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf
Threat Level: Known bad
The file 6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf was found to be: Known bad.
Malicious Activity Summary
Stealc
Amadey
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Reads data files stored by FTP clients
Unsecured Credentials: Credentials In Files
Checks BIOS information in registry
Identifies Wine through registry keys
Checks installed software on the system
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Suspicious use of SetThreadContext
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-15 14:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-15 14:37
Reported
2024-08-15 14:39
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\d3d2958541.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\b86952c565.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\a8675ae254.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d3d2958541.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000036001\\d3d2958541.exe" | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Checks installed software on the system
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3228 set thread context of 1248 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\d3d2958541.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 4204 set thread context of 1492 | N/A | C:\Users\Admin\1000037002\b86952c565.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\d3d2958541.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\b86952c565.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\a8675ae254.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe
"C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\d3d2958541.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\d3d2958541.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\1000037002\b86952c565.exe
"C:\Users\Admin\1000037002\b86952c565.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\a8675ae254.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\a8675ae254.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c74cd3a-5ec7-4967-ab26-512405cb266a} 60 "\\.\pipe\gecko-crash-server-pipe.60" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78ed8fed-bc81-4f27-ae34-8c08214f4f3b} 60 "\\.\pipe\gecko-crash-server-pipe.60" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3284 -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 3292 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3007a0-c066-4567-8c60-44ffa6625dee} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 2944 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7a78360-5a3d-4781-a5ff-cc6d73d81ec2} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4516 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4528 -prefMapHandle 4536 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c7907c8-3c5d-46c3-9a29-bbd1399cdb9f} 60 "\\.\pipe\gecko-crash-server-pipe.60" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5308 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02c991ea-751d-4815-8a5e-20db1306b2c1} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5480 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dcfe548-4342-4961-adbe-56f2d9d35fc3} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 5 -isForBrowser -prefsHandle 5340 -prefMapHandle 5444 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17c6d41b-bb08-4d01-ba4c-9b13f0dcdeca} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6204 -childID 6 -isForBrowser -prefsHandle 6212 -prefMapHandle 6256 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1220 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e150296e-6491-4fff-9451-abd25eef4787} 60 "\\.\pipe\gecko-crash-server-pipe.60" tab
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| US | 8.8.8.8:53 | 19.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| US | 8.8.8.8:53 | 100.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:54558 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 108.177.127.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 108.177.127.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| NL | 108.177.127.84:443 | accounts.google.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 84.127.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.42.82.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| FR | 216.58.214.174:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.214.174:443 | www3.l.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| FR | 142.250.201.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:54576 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 23.200.87.12:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 12.87.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.201:443 | r4---sn-5hnednss.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.132.217.172.in-addr.arpa | udp |
| NL | 172.217.132.201:443 | r4.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| FR | 142.250.201.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 108.177.127.84:443 | accounts.google.com | udp |
| NL | 108.177.127.84:443 | accounts.google.com | tcp |
| NL | 108.177.127.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/688-0-0x0000000000B30000-0x0000000000FDC000-memory.dmp
memory/688-1-0x0000000077DF4000-0x0000000077DF6000-memory.dmp
memory/688-2-0x0000000000B31000-0x0000000000B5F000-memory.dmp
memory/688-3-0x0000000000B30000-0x0000000000FDC000-memory.dmp
memory/688-4-0x0000000000B30000-0x0000000000FDC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | 6d0f73b4a2b84bef406470efcd79a990 |
| SHA1 | 3e76cd04a8655c14330a7392bbeedb2e17f2e015 |
| SHA256 | 6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf |
| SHA512 | 54ba08bb0194c37dbbcf0f017ba9f7a87f370b9378e6191c6f4654c479c89de398e4b467d7506dc93f580d4cb773563eaa3c4da97c46e0b10feda0a82a9a627d |
memory/688-17-0x0000000000B30000-0x0000000000FDC000-memory.dmp
memory/1376-16-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-19-0x00000000004C1000-0x00000000004EF000-memory.dmp
memory/1376-20-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-21-0x00000000004C0000-0x000000000096C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\d3d2958541.exe
| MD5 | d1be0f6f034c55fc17558f2ae445f1b2 |
| SHA1 | 6b7f7599af54f730451f8344906acc7d0a206af7 |
| SHA256 | 21a8a20a3cf2e59afeea5b810da2fd7b132780a8167ab28b0bf8da4d7061478e |
| SHA512 | 3e96bbee8cb19b3dc7c45d302f5321122722562f2ad41ce9d61bb34d2fdd65c7eaf133bdb097445df327629b2fea78caa22041ca122884a9ec1758da0288f465 |
memory/3228-40-0x0000000073A0E000-0x0000000073A0F000-memory.dmp
memory/3228-41-0x0000000000EF0000-0x0000000001020000-memory.dmp
memory/1248-44-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1248-49-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1248-47-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\1000037002\b86952c565.exe
| MD5 | c98386f4432190c0c37be9ebc2e19eda |
| SHA1 | fad3e282c5987117de21508674eb3f0f28f958c7 |
| SHA256 | 6d47e2a31348815e467a4e421edc44abbc0080393e0a9c32608e74757f038bab |
| SHA512 | 262864defaf0bc2f8b1e20967725e741fad90b288ea640b33f77305bc69357cf85648264902b03f581f4de95bc7b06ffabf897410efe4abf0b28201f6e1fbca7 |
memory/4204-68-0x0000000000490000-0x00000000004C8000-memory.dmp
memory/1492-71-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1492-74-0x0000000000400000-0x0000000000643000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\a8675ae254.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/536-90-0x0000000000430000-0x0000000000673000-memory.dmp
memory/1492-91-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/1376-107-0x00000000004C0000-0x000000000096C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\50b86f08-cb29-4a59-b12c-830fa84a61a5
| MD5 | dffb80849f79fa8ecefaa76e1af68a12 |
| SHA1 | 40bf4bc8d2df4b5e626a00e4cde979917978eaf8 |
| SHA256 | 8545ede8f04310c36ac7ee9bd5862a55ee2f05e8cd8aa7f4b126269c79bad9be |
| SHA512 | 71655c106092ead0d1ba2049035514138e329a33c183e876024dfbb273447380cfc7a48d29362b7015d97c52a53e46b9f3b00ede0cf06f901df08cb4f0d9b16d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\61902ff6-73b0-40b0-98d7-67154fc88ed1
| MD5 | eaafb0e11d3a034198c54ec6aec08ed1 |
| SHA1 | d3bcf74dbbb9a1e9696e0a8e38c20b7ee1e419f3 |
| SHA256 | fd9611418ba41ceb60b6eedd3a29920078b9150e77ba6ee28ef5fc7243d6b902 |
| SHA512 | 36c5bc6cd5bb9acd70fef1df857f73a4eb170af91c1b8760db849fc9a22fe9366a990c451e9c8cab115efae626a6298e4be905cfab6e3fa78a6dc053b8f1d5e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\f0ba6f94-5938-4762-9348-d4d8de486448
| MD5 | 7de4e2f62081e6d3e512501032a55fff |
| SHA1 | 64ab0898eea0578ab50b25eee63f2fd866e359f1 |
| SHA256 | 8502fe7c48cf974e198e5750febfa5834b92e5f5feec887a0cecdb32b50a7491 |
| SHA512 | c1377c77081a51a01628864915cd3497d6361f3881d549363b10be17e4cc8f8bb72c0f5cc30ab6d3811fe8ab42a256ab699286729e778f32f5d967e0b4f3c0be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8d42565ac748e36f3c7a078f0d1bf66d |
| SHA1 | 8d739ff61776645ef10701da6f2ffc946f526be3 |
| SHA256 | 638b0b61388b633a323f416364b9fe2362712405818490b2b5be23610ccb90d0 |
| SHA512 | 9f4be9d5fbc49dc05b4566f6d28cc1f937fcca6bd425f98a4ce0b6bf8b1d821761e9e5110bc6c9eea8f31fe431b71cc9dfb2bfee994c3919fc1b670362f60451 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin
| MD5 | 0f623a5b728f095949dbc8a40b3c4d08 |
| SHA1 | aa51013c0bdbf57166bf0efc17ccaa3242354b5b |
| SHA256 | b765c8713f91405b22325b99e8111291515ddac5fd84f77f52e9a1a479202861 |
| SHA512 | b8bc3700b1650f7c3855de0f005946e8b0af7c3ea94ac360d533f413b72f0319acda99d05fad91f1c48661ecc6a0706f93168c99d2529247b4618b9ab9dc74f3 |
memory/1376-377-0x00000000004C0000-0x000000000096C000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json
| MD5 | 2ba9f79c5533f2e3767ead19a86e1bdb |
| SHA1 | 1bf5cbf9906fbca74ed482be3a00cbc23e298a37 |
| SHA256 | 3b7dbb777cf1e4cc9813482d1f83b89fef5c239e1fc1158ec533e62a606c3888 |
| SHA512 | 4eb40c8b847c1e811294581726e045a671c1ff27d029f5007c685c7107acc77b281be73abad03549b1445f4d6dba34056ecd2e6eaf6fba768f059a4c37ad33f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin
| MD5 | 762196716223ee84b67e1a30e6c8ef0e |
| SHA1 | d12477eb3b917202701375d3ed4bcd2a66043307 |
| SHA256 | 242c1f829963a8d5081eed418cb9a1661e3bc76e22659df6c7aa0cef00ba9773 |
| SHA512 | c96b1da3a86b4548270f32fce746c04850559f95dd918afde6a2e900894f7ff658f4171ddffbc27e298ca59f4fe65160b483ca1615fa891db88bf324c89b84a8 |
memory/1376-428-0x00000000004C0000-0x000000000096C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin
| MD5 | d66de4cc0284075c24d2c010bab96a79 |
| SHA1 | 32e90af7d0a2eb7911cb659a195286b4335b8af5 |
| SHA256 | b2d26626ab0d00d72651f2193e79b64fcfdb4429a992a919d9b3f93073ed2088 |
| SHA512 | a8abfc1f49d75426115f9a921187ecf4577d4cc8cac278b57d00078fc5ec4b9622d30fd2d2a8a993e2321a3370a82b19df17701d02bb6cfd0078786a68d78314 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
| MD5 | 6aada7538bf03468ce8ae6e1799b664b |
| SHA1 | 402254037115bcddeca953a7537b35e84609f31d |
| SHA256 | c60b1217a83526d71574c52abb680d36fe1fc13dbe9988732ec4fcfe5ddab58c |
| SHA512 | 53370952c1b439f0191b645c7135a761ab9a7685e3cc9e4cf84e9f75bcfd6c771c4997fd26b363948c1840678beb374bd6fc09295b639a7beb5ab101c3e1e62b |
memory/1376-468-0x00000000004C0000-0x000000000096C000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\cookies.sqlite-wal
| MD5 | e16479165509ba9909027a952fdf3692 |
| SHA1 | 6cdb221e098499a5d74d09b0287cbc005ce9bf52 |
| SHA256 | 6d1e2e27c78e5bfd2dcb268efd2cbbebffe658bdaeaf3df171377e9bb589a68a |
| SHA512 | 11e1074b58f2203a333b2ab08d7308df4acec6318377bd290727f3d229e969748f83d4316a0bb20191c576de74b89d27b66dedc78ab2c8cf86ea7907958e1cf0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\cookies.sqlite
| MD5 | 21d0f942482c98b32ba7a00921528928 |
| SHA1 | 514193ac1aee5c6152d5c708618cb81a23c6524c |
| SHA256 | 19eb2497cc68436a2cf772b77299d2a3dc0dd517a2a9bdaa68134258361bf89c |
| SHA512 | 85e771497634d3f18c4492971f99d1cccb21bdaa1c8c47747ae9276d2023d35393ec9c5a858a94ad6275c4040f5ccb948e486d2a37f8a9ed34a3eb457ca47f72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\formhistory.sqlite
| MD5 | 97c1441748d6cc3e5a7030cda7543975 |
| SHA1 | f5598a45b101a5404126cd27fbb7f4b70861ee32 |
| SHA256 | 2015b584b844b091d6a6280d45e9a589ea0feacf5f4b19bdd4cc21c60dbaaf91 |
| SHA512 | 29d358ec7725038c6648251d8b9c32f3a40458e9c97926e0000ab42f0369b96d1ba5216eeb7c35800c740633dfd3b1e6e6aa73859644bdb9cdccaf2a3516bcb9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\places.sqlite-wal
| MD5 | 6732445c44182a5d1623a6ccd7e46ea0 |
| SHA1 | 1578bf1f49a1de7f6636ec3f739d58bbfadf19cd |
| SHA256 | d1a5fc2cf7592eca9072de5d50552177b25b4f4cb2879b18550bb8ac576ba624 |
| SHA512 | f3c492a6518a6151e9fac0e857a466b81c23729a1cc78935ec6001d65a73940979707b117c8be67bfb737a9be05e40576fbf059f2ed4618f2890a5a01ac1cf76 |
memory/1376-526-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/536-527-0x0000000000430000-0x0000000000673000-memory.dmp
memory/1376-532-0x00000000004C0000-0x000000000096C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f82dc331995330562cbe733a69dc7721 |
| SHA1 | 518abb0a69d13832f7ee908352109d1ee905924b |
| SHA256 | ed5009c008f7ef1e8ec5b569bdc63f4edf6c1d41a0ffd617fdab00eef82def2c |
| SHA512 | cf1ce2fe577b2f866cb2fd93aad08871606e8e71e65102996559e53449ec3dc268ee12b67840d71c7a5b4dba65c7680095992e1ffcee1edaea17c331e4590f4e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
| MD5 | 52c435efd42abcfaa574e46bf24fb141 |
| SHA1 | 7c208c1876c8583d8aa6cc53be1ec74392814424 |
| SHA256 | 8c42335a3fb585ee25616ba8fab1184ec390174a2848fc82e6e10b016ac854a0 |
| SHA512 | 443feb7b17506b26ebbfc93ea4ccf0cb6278cf077648ae6dee96832b4d5ca63129e9814127ee1823be924df4623294ebd98b255d2f3958ced7d176c654921fba |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | ecc9c2c647906a798f5ca79055b9a1db |
| SHA1 | 6235bb2c6f91aeb6c0a92778e5749042559ff409 |
| SHA256 | 2cbe52ccbe125bccc0c1c9bc445f73a7d6daaa1d81e1b32582f6cd54ce62bbe0 |
| SHA512 | 41cca4cd7989603fcf9858cc802b55139b4ec5c31c92afcd8de88d4ea3ca8ebf33ed24e00b4fc62591f8fb9d23f2463cf1dd80201b9008f4f4b906c8deef2f26 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
| MD5 | 8d60d7a6915ef5dff96ecfa616177dfa |
| SHA1 | 8353eaaf7e66eb7fd7fa1c9943dce0daeb9983e1 |
| SHA256 | f9a713b9ae49af2c488d5936b46d25023f0b0ef834ba24272e9491367c95fe7c |
| SHA512 | 141326ae42e7994439ab8262a2db3f0013bbaa110460e3d6ba84280ceadb48317f641a775f54750a6101dca941119b08395a09491e785cff4faa8d55e67922bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2218cc1f1f0f40ba5bf85b22474374bf |
| SHA1 | 59c5461e44c84d33143ac9b7b7160271c455df25 |
| SHA256 | 2daf4f3c10158af1352a2f1877ed79c3ed46f170b8e685abf1e401b2a9fc8499 |
| SHA512 | 7105da7ccd5435e0c2eba545ec314e870dc3b0fa063cfc697d328400c443e6fb2cc37e32e316af82e4096f4f11038aaab31859148c1bdeaac7bf1aeaa5d99fa3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 88d94d8201f571e140038e192e669710 |
| SHA1 | 703d3b16f0b4f0d681ed8377d5275eed22616223 |
| SHA256 | cb73f3985b99510dbd73138734194e72b82ecd4d47599c1e1d184c39a6ba136f |
| SHA512 | 20fb68eb1e7d05edf73b664695ce905eb101dfe283d55ebcbb4d92cbfa1363555a5b472f4084c00f23a792ce5e70603754c8ccceeb8500e2014b7eca5c5da3b6 |
memory/1376-708-0x00000000004C0000-0x000000000096C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
| MD5 | f2ecbe8d9091bdeda09c978f102f2c08 |
| SHA1 | 6c6bb0e7a23e101d7dc676835b13af25b02acfec |
| SHA256 | fb2240334dd7280b44e24a73a229315656f571daa58b5e1c32d47265b5ca2779 |
| SHA512 | 771ea4db28c62dc4c11f595bc9450597f2335f4bda0adc589386a5422e05c68e1e8bc40a654ac72ebcfcda55429c8ac7b4f00fb98359d1f702960a3e7d0b575d |
memory/4484-735-0x00000000004C0000-0x000000000096C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | df831737dbacf99f9638f3e24b8eb58c |
| SHA1 | f91e5f1d9924fcd1275fd3051211b74dad20ede5 |
| SHA256 | 602b0745eee44c281a30adcbda92c7e1c9a9f2ae6f40b9b2abccfaee007504d9 |
| SHA512 | 17252a5e854bc057445f5e5b2b18115b3fc737f6af710b7eab1e4b8cc1c1ef8ae6c701a487c6bda01603d5a61514539c76e5ea9f5aa52c76799e2471dc2e8cfb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | bae059a1950026a0219d6d124f563908 |
| SHA1 | c4121c040cbf2bece6a2aecd5ede9ff6ee8b0654 |
| SHA256 | b8fa8d31021418d5f5411fd8a30f526fba884be4894d8ed7f33fc01da10444be |
| SHA512 | 62d495132c14c36eaf5de5c3ea263d4797b2c401426e557ad4efb5c7b0b1158e0c16f82ba3e6a23d152ea90a7b58400889fcf26ee4919515aa5c1dcfdc755c56 |
memory/1376-1049-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-1466-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-1783-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-2114-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-2511-0x00000000004C0000-0x000000000096C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
memory/1376-2956-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/2440-2969-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-2973-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-2976-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-2982-0x00000000004C0000-0x000000000096C000-memory.dmp
memory/1376-2983-0x00000000004C0000-0x000000000096C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-15 14:37
Reported
2024-08-15 14:39
Platform
win11-20240802-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\b86952c565.exe | N/A |
| N/A | N/A | C:\Users\Admin\1000037002\a8675ae254.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000038001\46065650d9.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1300 set thread context of 3100 | N/A | C:\Users\Admin\1000037002\a8675ae254.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 5068 set thread context of 1000 | N/A | C:\Users\Admin\AppData\Local\Temp\1000036001\b86952c565.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\explorti.job | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000038001\46065650d9.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000036001\b86952c565.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\1000037002\a8675ae254.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe
"C:\Users\Admin\AppData\Local\Temp\6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf.exe"
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
C:\Users\Admin\AppData\Local\Temp\1000036001\b86952c565.exe
"C:\Users\Admin\AppData\Local\Temp\1000036001\b86952c565.exe"
C:\Users\Admin\1000037002\a8675ae254.exe
"C:\Users\Admin\1000037002\a8675ae254.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000038001\46065650d9.exe
"C:\Users\Admin\AppData\Local\Temp\1000038001\46065650d9.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec721dba-2944-4c63-8c0b-5a7dc29fe52a} 428 "\\.\pipe\gecko-crash-server-pipe.428" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2272 -prefMapHandle 2252 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ca3f127-1c4a-4a23-b8ea-17ae5c79737f} 428 "\\.\pipe\gecko-crash-server-pipe.428" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3192 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2769cd0e-09c2-4adb-ae9e-402997b45b04} 428 "\\.\pipe\gecko-crash-server-pipe.428" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4008 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5ab2480-1832-4ead-9df1-067b6e0f6a46} 428 "\\.\pipe\gecko-crash-server-pipe.428" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4716 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4860 -prefMapHandle 4820 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51b40630-59ba-4e35-9e03-6b0ecde01670} 428 "\\.\pipe\gecko-crash-server-pipe.428" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 3 -isForBrowser -prefsHandle 4984 -prefMapHandle 5356 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2b00365-8e74-48c2-a7e4-5df03ee0b4c7} 428 "\\.\pipe\gecko-crash-server-pipe.428" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5564 -prefMapHandle 5568 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {555567e1-ba81-49e6-8921-145f185e9edd} 428 "\\.\pipe\gecko-crash-server-pipe.428" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5756 -prefMapHandle 5776 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c21c849e-7cc6-4b61-b1bc-921f05684c16} 428 "\\.\pipe\gecko-crash-server-pipe.428" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -childID 6 -isForBrowser -prefsHandle 6092 -prefMapHandle 6088 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5af2d903-afa5-4a25-84e6-17ec16adff2d} 428 "\\.\pipe\gecko-crash-server-pipe.428" tab
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 185.215.113.19:80 | 185.215.113.19 | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| RU | 185.215.113.100:80 | 185.215.113.100 | tcp |
| NL | 108.177.127.84:443 | accounts.google.com | tcp |
| NL | 108.177.127.84:443 | accounts.google.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| NL | 108.177.127.84:443 | accounts.google.com | udp |
| FR | 216.58.214.174:443 | accounts.youtube.com | tcp |
| FR | 216.58.214.174:443 | accounts.youtube.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| FR | 142.250.201.174:443 | play.google.com | udp |
| N/A | 127.0.0.1:49894 | tcp | |
| N/A | 127.0.0.1:49902 | tcp | |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 23.200.86.251:80 | a19.dscg10.akamai.net | tcp |
| FR | 23.200.86.251:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | 251.86.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.201:443 | r4.sn-5hnednss.gvt1.com | tcp |
| NL | 172.217.132.201:443 | r4.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.132.217.172.in-addr.arpa | udp |
| FR | 142.250.201.174:443 | play.google.com | udp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| NL | 108.177.127.84:443 | accounts.google.com | udp |
Files
memory/3604-0-0x0000000000350000-0x00000000007FC000-memory.dmp
memory/3604-1-0x0000000077336000-0x0000000077338000-memory.dmp
memory/3604-2-0x0000000000351000-0x000000000037F000-memory.dmp
memory/3604-3-0x0000000000350000-0x00000000007FC000-memory.dmp
memory/3604-4-0x0000000000350000-0x00000000007FC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
| MD5 | 6d0f73b4a2b84bef406470efcd79a990 |
| SHA1 | 3e76cd04a8655c14330a7392bbeedb2e17f2e015 |
| SHA256 | 6dc00b02c91a51431b4d9bafbf70bf204de2152ae1391a4e374205939f81c5bf |
| SHA512 | 54ba08bb0194c37dbbcf0f017ba9f7a87f370b9378e6191c6f4654c479c89de398e4b467d7506dc93f580d4cb773563eaa3c4da97c46e0b10feda0a82a9a627d |
memory/484-16-0x0000000000160000-0x000000000060C000-memory.dmp
memory/3604-18-0x0000000000350000-0x00000000007FC000-memory.dmp
memory/484-19-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-20-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-21-0x0000000000160000-0x000000000060C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000036001\b86952c565.exe
| MD5 | d1be0f6f034c55fc17558f2ae445f1b2 |
| SHA1 | 6b7f7599af54f730451f8344906acc7d0a206af7 |
| SHA256 | 21a8a20a3cf2e59afeea5b810da2fd7b132780a8167ab28b0bf8da4d7061478e |
| SHA512 | 3e96bbee8cb19b3dc7c45d302f5321122722562f2ad41ce9d61bb34d2fdd65c7eaf133bdb097445df327629b2fea78caa22041ca122884a9ec1758da0288f465 |
C:\Users\Admin\1000037002\a8675ae254.exe
| MD5 | c98386f4432190c0c37be9ebc2e19eda |
| SHA1 | fad3e282c5987117de21508674eb3f0f28f958c7 |
| SHA256 | 6d47e2a31348815e467a4e421edc44abbc0080393e0a9c32608e74757f038bab |
| SHA512 | 262864defaf0bc2f8b1e20967725e741fad90b288ea640b33f77305bc69357cf85648264902b03f581f4de95bc7b06ffabf897410efe4abf0b28201f6e1fbca7 |
memory/5068-59-0x00000000001D0000-0x0000000000300000-memory.dmp
memory/1300-58-0x00000000009B0000-0x00000000009E8000-memory.dmp
memory/3100-64-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1000-71-0x0000000000400000-0x000000000052D000-memory.dmp
memory/1000-69-0x0000000000400000-0x000000000052D000-memory.dmp
memory/3100-68-0x0000000000400000-0x0000000000643000-memory.dmp
memory/1000-66-0x0000000000400000-0x000000000052D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000038001\46065650d9.exe
| MD5 | 278ee1426274818874556aa18fd02e3a |
| SHA1 | 185a2761330024dec52134df2c8388c461451acb |
| SHA256 | 37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb |
| SHA512 | 07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0 |
memory/2976-89-0x0000000000720000-0x0000000000963000-memory.dmp
memory/2976-90-0x0000000000720000-0x0000000000963000-memory.dmp
memory/484-97-0x0000000000160000-0x000000000060C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\194c8863-0b2a-4c77-a259-56e6315dfd33
| MD5 | 77b3791d443aebd5560a79ec9d0d94d3 |
| SHA1 | 4013dd6948c1bac769b04c7b13c383aeb96bbcaf |
| SHA256 | 261c53b05ff57b7b6b94460c7a26ace2530e1f39ce7e744e4db1326bd86ad0cb |
| SHA512 | 9964719ca41fac92109c9d574eaea8ab82bda0329abb0ea0f93c34e62cbb2c5950cfb8d87548f074a9914d4d46641319e0280d31edc77a0ab6e3f509caaf5d5b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin
| MD5 | f220805f09a46813f9df53c4966d72d2 |
| SHA1 | 0da9338ca74414f96df10d87f83417d04e341151 |
| SHA256 | 87483bb807191c5904205210363d657ea89561360e274b3d5c70839a6b2ddcb4 |
| SHA512 | d239fd957b301bc5835da6d7f25f0e5ac5907bbd5679022724b853c0a028ca9ba765d81fef337469a6d9ef87bfdd89e7432f2ae9a63f4a1d730d6a34d52b1d02 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\2e1928e2-e2e8-4934-8df5-6d30bba168f1
| MD5 | 231d06b8b8f23b1bad1ce90a0d47b3ac |
| SHA1 | 8ce4624eecb46220acf15129f012f56bb28fb439 |
| SHA256 | 8bddf656254b2335fd766b0e84a2b43bd7cc343297641d1d887dc7ec3bb3ab50 |
| SHA512 | f720df527ede6ac66f3079acdbf1e4f67bf7f0da9ac3c98109088ff819d88079a538ab0cb8448fac843c13a6cb0c37d978dafbed0b0847859cb493d688b92951 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\05900276-573e-4e61-b838-b8a59bc97b1f
| MD5 | 2822dffedd003f6daa9a3f3347f1f050 |
| SHA1 | 0f434d9f601a95135a48012230e6edca39651a0b |
| SHA256 | f0953ee40e4af8ac6b4ac81b3ac1a1682253a48d3ec8ecb020ceb513c6c2fca6 |
| SHA512 | b3bad12bd76b069621147e6f85459601ac01eb43b6f57de0faea31107a25a4930d6a542d88f8db73c6096761538257bfb3b52a7559e605075ce1bda1a45f1aaf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | dc6db0bd2f7dc80e8945c44c67fa1f85 |
| SHA1 | 44d9a2d4c1c07a71aeb5a45daa1b1b85b2816d3b |
| SHA256 | a158e13c3e7bac7d250de5c8087037166b39c4927c0b03e9f4a6f85f4d6449b8 |
| SHA512 | 425578ccd38dedd1c0c45810452eedc68a9222732b5fa89b972592f0592f7ac784aec7cbd1221596043b707838587e7b488dbe83f24af701a62badccb708292d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin
| MD5 | a8f2ae8c583a53050f3abadd96e2f566 |
| SHA1 | 313e82fb5ce3de208db5aa93cfb062e25fadcecf |
| SHA256 | 913a5f2c8fb3fd8d3f011cc0b5800245f5abdbaad01ccb22fc5d8e60b30a20d4 |
| SHA512 | 30cc6a4c6281261d29edcceb8f97950e727e1ba721a5c77e3db65d99a4271cd150d36fde399fc7dcf45c8bc7f95f0c869a4616394cf64c970ee7ca6d145a0550 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs.js
| MD5 | bd97ec8b118e79872d9c474bed28eb01 |
| SHA1 | de6b05edec04441ce954826158b0bb0d1b6f13d1 |
| SHA256 | efbc6ade041eeff4cb05a850146b7bca66cf9d8ab52fe4c36c1fd3ca7a585c36 |
| SHA512 | de657938621ae80af3c30695e773ce597468ea79d3542008c94249a7f46daa0a3d5738e6882396275ed26fee2d6bb7a699c589a8c975f74b5bbaf8ac6a5f427c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0cb59d2bfad9323dd3d6213964ea9e68 |
| SHA1 | caa2134cd5b050303dd5df7c2417ab0169a76f8f |
| SHA256 | dcf902ad556ab014b28b99d0665bc3273ac0a3ead3482a760af03a1bc6c2a501 |
| SHA512 | 50406ec16ca9b59e396c05b4ba667b1024b9420d278b7c50dcdaf04d96d470f4db933e7782ef3994ae10062428a9f5874ecddebc8f4f24451d98cf59bf32f0db |
memory/484-421-0x0000000000160000-0x000000000060C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js
| MD5 | dd791456cc408182fa8fc50e91acae54 |
| SHA1 | 6cdd7d8aeab6be96d5ac1db01ed42e84684f93fc |
| SHA256 | 82c0c3b2dce6bcf34112f879c7eb7eb935abc58c4125809b1d5a94a00757bafe |
| SHA512 | 45cb06687a1eb8cae364321087d9c51702b4a87990edfe900e0e72bd254132ab2bd1348416d9098545dd819a1e5a6336713b836833cdc991ba6d8e02a170ab8e |
memory/484-459-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-464-0x0000000000160000-0x000000000060C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 735ede49c8ea9f0711a06aadab896f54 |
| SHA1 | 46eadf4be604052a9e808838f9c43626f420090a |
| SHA256 | bcbdc885549ae98243fa8443c551350ce589e7f51ef08277322f79b4eca27a8a |
| SHA512 | c7ff265467ec5845fac0626d878653caf2c46be1a69707fe9a11a193e6e54b9e29011241d062774a195f02c7a19ffc9cc53ab5d2cd062086ff96143a452cd54c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js
| MD5 | 9fe5a8372f763158fdf082d7d43caa53 |
| SHA1 | efe329338967a9dc165171b0525945f4237da755 |
| SHA256 | 3256d498036df81cca7940793b9ffe49fae7ef71387cd7a4bbb6d1abf4ce4606 |
| SHA512 | 768af1a8cd44ea06eed9b26b53f22b15e223d991020d32d0ac2ddd5459059483bda646cd2b4f4ced44ed0e9c3b902abee3211783b3b8387a21e2b590bcdfc88f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | e7c20e75674352217687e1394f71d7f7 |
| SHA1 | ff09141876ac071352decfde5e355ffbb5652178 |
| SHA256 | 76ae014498f99d024efcab893e6b2886f66f33d8be302a9de504a17dbfa9d536 |
| SHA512 | 362bdc079d7bc446491582f3505e9d2f9600a043748f2e68c9225806076fc6c071631153d225994c12e58c60415da36e102e3b7f25e09b40d5fa711795f247b4 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs.js
| MD5 | dabbc195f9fea4bd4c49c1da0c02920f |
| SHA1 | c0562568635a23dbc262485e73c625c8f1a8effe |
| SHA256 | 25c732de29967912e0c340e1982e6817f1b9c16364a443404ff2888df8cccba9 |
| SHA512 | 4d8f490aa3ad40b270381a5b99ea28b095019bc4e7ee374ad8f763eae28ef42ad41198d1138078fe771df6fab231c7a8206cbf8cda6e3443b48a52f7789ce46a |
memory/2360-627-0x0000000000160000-0x000000000060C000-memory.dmp
memory/2360-639-0x0000000000160000-0x000000000060C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | b988cf93a180a7790a7b9d81581f6f51 |
| SHA1 | 5bc4b2553e1b30c7adbfa4690d6cf1f7e75d4fe8 |
| SHA256 | ff6a72f81253c6cd8bf7ce5c9937fa5f9bb10fc717459f00e5eb5c049c000969 |
| SHA512 | ef3247fbf30aea83acfc0146884d6fa5746c2b3081726ba03f73d661bf0ca7bf3a8c17ba63e5e5ffa150dc4212d32dffa3c07bb56ae51f7f44358d0cf7431934 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin
| MD5 | 94e8cc503e0ebeac948deb6ed42f44b2 |
| SHA1 | c79a3426e3892cf5c29b923c75b5bf11b24f909a |
| SHA256 | e465f5574464fe1aa8f0f8a9aa34f1417faf11e03a9d2d03de88d184442fd4b8 |
| SHA512 | 5520468c3647b054d1406c34aa50f2a400d3b39314a8a859fc604c4572907dce0d8f693e8a1bbba780d85d53cfb55a086de3757466fa1cc37b96cf50edb22586 |
memory/484-692-0x0000000000160000-0x000000000060C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 435f9e6d9d2e5dc13c902cfc02dc09ba |
| SHA1 | db251630da7375400b30ac1e8dc925f4dae500f9 |
| SHA256 | 5540adb52e99dbf455ca6d08312294f2326a179041ca1a3a0c7b56049fca276a |
| SHA512 | c4f7bfa633cd9722279952cf1892b8b9d64d31e4bc29fa6ff8d8d741c3bcbeb4c1c1ea0b4a2425a691a6082921e157a4eb6e4ccb1a0fc54b652a364b21e542a7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
memory/484-841-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-1771-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-2656-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-3187-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-3191-0x0000000000160000-0x000000000060C000-memory.dmp
memory/5924-3195-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-3196-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-3197-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-3198-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-3204-0x0000000000160000-0x000000000060C000-memory.dmp
memory/484-3205-0x0000000000160000-0x000000000060C000-memory.dmp