Analysis Overview
SHA256
6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a
Threat Level: Known bad
The file 6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a was found to be: Known bad.
Malicious Activity Summary
Amadey
Stealc
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Credentials from Password Stores: Credentials from Web Browsers
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Reads data files stored by FTP clients
Checks BIOS information in registry
Identifies Wine through registry keys
Checks computer location settings
Unsecured Credentials: Credentials In Files
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
System Location Discovery: System Language Discovery
Command and Scripting Interpreter: PowerShell
Unsigned PE
Enumerates physical storage devices
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-11 01:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-11 01:26
Reported
2024-09-11 01:28
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4c2f9460dc.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\4c2f9460dc.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe
"C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe
"C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start msedge https://www.youtube.com/account
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start msedge https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7955a19-5f8b-4cf0-8f77-5a72486393c9} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2456 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2420 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b178f209-fe1f-455f-9ece-a578440aa13c} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" socket
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com/account
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b78c46f8,0x7ff9b78c4708,0x7ff9b78c4718
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3120 -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 3200 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c96cd218-31a6-4649-8b1d-398391169b11} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b78c46f8,0x7ff9b78c4708,0x7ff9b78c4718
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3572 -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3560 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e8b1946-58ef-4700-96fe-d98564d5fddd} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4204 -childID 3 -isForBrowser -prefsHandle 4216 -prefMapHandle 4212 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7735c82a-c08a-4731-a299-c31adc2fc272} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4956 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea7ecdbe-d311-4fed-b111-8a028621e9dc} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" utility
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17782991917194711110,8706140894671002483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5688 -childID 4 -isForBrowser -prefsHandle 5652 -prefMapHandle 5428 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f30a55af-c823-4e62-bd91-262cd8667057} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5856 -childID 5 -isForBrowser -prefsHandle 5860 -prefMapHandle 5864 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5cc8d04-dd3d-462b-b925-d1f3c6b4e400} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6060 -childID 6 -isForBrowser -prefsHandle 6068 -prefMapHandle 6072 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79b609e4-572d-4f10-9ee0-5181f6b956ba} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" tab
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8216428242050054159,5393037701557747116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6000 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 103.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| GB | 216.58.212.238:443 | youtube-ui.l.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.179.238:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 142.250.179.238:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.124.235.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| N/A | 127.0.0.1:52644 | tcp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:52663 | tcp | |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.238.56.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
Files
memory/904-0-0x0000000000DE0000-0x0000000001292000-memory.dmp
memory/904-1-0x0000000077CE4000-0x0000000077CE6000-memory.dmp
memory/904-2-0x0000000000DE1000-0x0000000000E0F000-memory.dmp
memory/904-3-0x0000000000DE0000-0x0000000001292000-memory.dmp
memory/904-4-0x0000000000DE0000-0x0000000001292000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 3bcdaf8aa8a6f0ca2f613c8c14bc5a6e |
| SHA1 | 14e7cff2628e339009821bdb95673a40299149d0 |
| SHA256 | 6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a |
| SHA512 | d4f38ebb5e8684ab8d267cbef2c2a227238636409cc41b03fa767e3ba83f324db47e93543dfdde302fa72847b728f4ba93aae10d58670efe0ada9ed051941579 |
memory/904-18-0x0000000000DE0000-0x0000000001292000-memory.dmp
memory/5080-17-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-19-0x0000000000421000-0x000000000044F000-memory.dmp
memory/5080-20-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-21-0x0000000000420000-0x00000000008D2000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\a5751c2930.exe
| MD5 | ce4bfa9c358165bde9bb408a2cb57b89 |
| SHA1 | e7d7c6e20a558cdbb8ca0a8614bf48a1bdb60396 |
| SHA256 | 8b715b6ede4282228d035a69684c3e67328cef609504a7353c5151aa8ffafef9 |
| SHA512 | 3ace12ec036ff30834223176f3b8f917e62e853afb7cf7735d426be5cb2d02cfc39b0ce2879a162dcfb7f32003f7f954a81ad527e247a2b424dcc1a11af5f6f3 |
memory/4632-37-0x0000000000F10000-0x000000000158F000-memory.dmp
memory/4632-47-0x0000000000F10000-0x000000000158F000-memory.dmp
memory/4632-46-0x0000000000F11000-0x0000000000F25000-memory.dmp
memory/5080-55-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/4504-56-0x00000000006F0000-0x0000000000D6F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1
| MD5 | e05e8f072b373beafe27cc11d85f947c |
| SHA1 | 1d6daeb98893e8122b8b69287ebd9d43f3c6138e |
| SHA256 | 717c09427fa5754ba92f92961545534048d0a76528c2e95c4d5ec6cef47c612f |
| SHA512 | b3e34162e5ee43bb01f289eebc45fd3ea3e07f30be40dcf6635606540f912fe5c84d301e9f78e97dfe3ffe53e72547e50f3bcd7d4ebe5ab8da451a1989c469a0 |
memory/1220-64-0x0000000002B60000-0x0000000002B96000-memory.dmp
memory/1220-65-0x0000000005680000-0x0000000005CA8000-memory.dmp
memory/5080-66-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/1220-67-0x0000000005590000-0x00000000055B2000-memory.dmp
memory/1220-68-0x0000000005CB0000-0x0000000005D16000-memory.dmp
memory/1220-69-0x0000000005DD0000-0x0000000005E36000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i1padox2.0fc.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1220-79-0x0000000005E40000-0x0000000006194000-memory.dmp
memory/1220-80-0x0000000006480000-0x000000000649E000-memory.dmp
memory/1220-81-0x00000000064A0000-0x00000000064EC000-memory.dmp
memory/5080-83-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/4632-84-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/1220-100-0x0000000007790000-0x0000000007826000-memory.dmp
memory/1220-101-0x0000000006A30000-0x0000000006A4A000-memory.dmp
memory/1220-102-0x0000000006A80000-0x0000000006AA2000-memory.dmp
memory/1220-103-0x0000000007DE0000-0x0000000008384000-memory.dmp
memory/5080-106-0x0000000000420000-0x00000000008D2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2dc1a9f2f3f8c3cfe51bb29b078166c5 |
| SHA1 | eaf3c3dad3c8dc6f18dc3e055b415da78b704402 |
| SHA256 | dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa |
| SHA512 | 682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\89a4cf8a-c957-4f68-8ee2-ce9d98c8d008
| MD5 | 1476141249de872a48652235e506bb85 |
| SHA1 | 2cc969916a4a9a67ae1226a815ce6aa31807dfa2 |
| SHA256 | eed1767dd9012d9795817a227f5db8d053da15c2d516e1fd0cc82755cde49897 |
| SHA512 | 590109e8f73f80cc6fdf426a70978348d96c1e0e30f2ffb004abccbca082f7c4cdc8c24f59f5197312763ac0c92aaeab3c71aed78fb5ee69fb9db0385dfb42c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | cbcd698d9b0f3eceb62e72cbe164e619 |
| SHA1 | 82db01993f6ee0dedf2a84c685fd6a728ff49d69 |
| SHA256 | 7acfad56a15bfb018897a2bcb7e092a6b6a8d6450554f276239ed9e2e2e4fd9d |
| SHA512 | b2cc208cc6e5568a988331a4e5ebda4751b69223ce19c620397a7fa04435abe9c4a7d8703e633df454cac26057f313e68936944d3b77d480442389b952fab90c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\33c55f45-1b14-4e23-b396-d8ed978bec7c
| MD5 | 2e6e28e3c46b133e2bb539f308de61b4 |
| SHA1 | 18813f5559995e04a2b5fd1f92104d5874cb72df |
| SHA256 | 0d4c0b30dd01033957dfd834f96536eb0fe43724b6ca54c4db0f41bf5f913c5e |
| SHA512 | cd31fad61282daa78ee8a31ad6e399bfbe4701af0ea34e5f20b94935a0f7de298412aa4aea72f7d1cf5c31be44d83b481ae9224a56c7443fd4d617e8b7cd1b3a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 82e27fa66a66a58a6c6d7069d62774ab |
| SHA1 | f48acd1de626975bff1ffec9b31543e162cc0fd2 |
| SHA256 | 0b159ab855bccc3ae50242c88e63c1337dad50c746647314d9adf5b76e3e822e |
| SHA512 | 5789fe854357606f77329862a00f72ca0dc7c37b874ce4ed71aa65944ec6096fd983f89f51788f002a87833a32233420221519930ff4865bb0298f78e3ab85c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin
| MD5 | 6cca828b8fa731da7731f983e9c9652c |
| SHA1 | 83da3ffc800bdbcb52479316178999c7cee6a340 |
| SHA256 | 36632989737dc020fba30fe3c79cdd4f8b577a2cffd62d8b242d17017b9cc1d6 |
| SHA512 | 5a6f6d0e118418e6d2edd47a8a1ac7a952e888bbfb250cc7416decb0512592b6095d794e922fdc7eeb59c36f9d1ad1bab8ddab077bd835a3073ffa668478220c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin
| MD5 | 84481e8ad9a8a51404edf3337d8734f9 |
| SHA1 | c11e8d0ab0088ac5ed2fb032adb996515a4865dc |
| SHA256 | f14e31364b6a27fe18da608f865da4a8c20ae8229376104c0e87d9a8b51b7f88 |
| SHA512 | 68256cd2672800c296fae2f12f742c4690bcf8a0865bb4b126917ec2c3305dbe0bf2e3531773848daac7981c9c5129caf46db1e2c7bb8989e7499fa03ab125f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0e0fb76cc9782b3fb260177712fc9a3f |
| SHA1 | e2b005bd7ee12d03381877645b178bab37330fff |
| SHA256 | ec6e6fd39e9e2503c2d8e84bea7df84ca079312596b9d4875c8cc7a011bca0c5 |
| SHA512 | 42e53de2120ccb6a97e01c5f094d4f353c6e6307b2b7ed36a9c96dcff207b4bdc17e7ac4d45c762fdc39abc0506e6330f51992a41813bd26b418957bfa9796e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 97e39a3bde05fdd6bd0194817342e49e |
| SHA1 | 75f63d9005f5ca6dd2ccbaed4003284b073b9497 |
| SHA256 | e8a7fb3c47a05f71f63d027f626df3bb597c7dc1bf96ec246ee5847b82b1f1d4 |
| SHA512 | 4e634a745322274a29ed14f7176de1aef6d913b37c9f1ebf71e673c219b9572717d196a3c75bd485d458d8005c4e8d74eb61afe4d4efeed4947fc7073d546055 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e4f80e7950cbd3bb11257d2000cb885e |
| SHA1 | 10ac643904d539042d8f7aa4a312b13ec2106035 |
| SHA256 | 1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124 |
| SHA512 | 2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin
| MD5 | 04517bf5eb491afca256d6be3598c7af |
| SHA1 | 51c65a20bb429769e4eefe59b073a039e81d8730 |
| SHA256 | 72fb84b541b8ceab3bed25d65421981b6f4a7cd208dc47d42e79296d4c680421 |
| SHA512 | c20a532b1c140b9c2fbd1bd1cd3de08e13899f7bb49925a253ca0db59f24e862c1452a6209d7565412af18c9db746389a9c7bd4e33b52a7059ce0f4d0e45d5a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd8615bd047186d20d26bfbcdd5455bf |
| SHA1 | c843e849085e6bf1f3362282cfaf77b9f111e165 |
| SHA256 | d3fa3aabac4e1d8c94e0ee8f1a3e1aa4dca461a2af8d09f6e374bb72912d83ac |
| SHA512 | ba15847e9d818628edc8116af4fb05bedfd98853cd697efc6ff97717222e1da4b2a17fae35b543c01f8db17a12163415814f4499c3cd290b0f4028f32912330c |
\??\pipe\LOCAL\crashpad_924_CJMSSXMATKBVBSNQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 28a5568c44818fdf595bc1e647de3ba9 |
| SHA1 | 14e52138ad7868b34cb2e3403902c39a0bebbc84 |
| SHA256 | 5b68f59a3394280dc68d3c17bfd58fa751bf7891b624e7a68a43f1d3239085cc |
| SHA512 | dc89208272275da3ac8fae48ac61ba5c643cc17410256d5084bbd18859da875382754e4739dc1511c7aa50ac670e1a0af9ec6c05c08c53d06ee605564635e7a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js
| MD5 | 7208f74d75109af5a875d216b7e9c985 |
| SHA1 | 7a7932951fd257599274d5150bc5a5e0e21ed189 |
| SHA256 | 9a6efeb13201c25ea5dee3d205731d87f218cf3b764ad3f25f03113277df01d7 |
| SHA512 | 2f300ea9e8c5cc611a89322916d68ae2bb75083741abfdbc4647dc81a9caa8300e4af4056e87e27ba8b1443fe2cbcfc5b0c1f7ef09a0adeb45fa018d9076e96d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin
| MD5 | c249259719a6ea9bdcfa1b76e799d1df |
| SHA1 | b0c34ed453d3af98c342e5509b7bfb5c5bef7519 |
| SHA256 | bfc7ca5d16a4a7c558afe492a0d5c673fd40c32d9855af10059043e276f57e91 |
| SHA512 | 82aa70d16427976b42af5c3701d3302ec270fad4b5fa00151dc6675de331a3dcc77275e8d6a9350d5db0288224a035cdd3f791a130a7b0811cc3d6a73ea25bae |
memory/4632-474-0x0000000000F10000-0x000000000158F000-memory.dmp
memory/5080-473-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/4632-550-0x0000000000F10000-0x000000000158F000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cookies.sqlite-wal
| MD5 | a33c39f34f0384bb33ec6de1c6f7c127 |
| SHA1 | cbf4f0ef3ace010dcb34b83942234b38fa41eaa1 |
| SHA256 | 78902dd8bf9cbf0a4717879a09ab7c19a46c7de87b8be1fbfa273eb96b5725c7 |
| SHA512 | 9ca348ad33ba6aba8deb8b077dc178049410eb37c8858a9fd782efd4322b8019a3f0618bca52d444f72af566101892a239027aa781347750d31d594be1d8e9b8 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/4632-623-0x0000000000F10000-0x000000000158F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\places.sqlite-wal
| MD5 | cefa5a93a087155d4c5375af64c764bf |
| SHA1 | 6132a42cac1083343c64388b4d9b88ce708d99e7 |
| SHA256 | 0d847b52ceda932c816e76c75afb69c05c732fe7012511549ea6d3f2508a575b |
| SHA512 | 91df295f2ef585b295d5457e45d7e92f402865eecb960219aa22e7049a5d438a08edb34be8312ea6b4fd373892c740386705af64cf4ddc4af82b02dd892bc6b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\places.sqlite
| MD5 | cda44dd6db7a03963f473fb083298d5c |
| SHA1 | 0ea5ebeb8fe50757c01230564f81c54ca4e9d3a9 |
| SHA256 | 7bf14c8c32ffde277670af381522ca217fe189ce84fc54f9ad862cea8274118a |
| SHA512 | b3c14ba0d9613d273d327f3739208d55cce10be0e6b885c32db4b54f74e2673f9c5300a196e3db7ced0a028957d69eefa72924254df01441e9542fb42291fb58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js
| MD5 | 642b928d2d7a8622ff4c23294f5f3431 |
| SHA1 | 9bd34953566221a3a5bfc43107934964f0010a58 |
| SHA256 | ad03a1324ed81c4f44723127cf869a1b2143198f125c32d3d15dc7d2d4971ea9 |
| SHA512 | b4a101a81147c27fa9c5ba27508e8cb57f0c895af869fe04c44a8007637d2a661e34b284f00903fb35e55ad3272c59f3eb752cc495821f205b07e293af96a4bb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fc07e7c3dcc348e6333a07204e8bfe3f |
| SHA1 | 6e207972158bc8c88984b2c6762dd84c8f45a5dd |
| SHA256 | 5d27a4881102b8e1707a47819441b6c0381b942013dfdbb3cf7c9d963e6d6c56 |
| SHA512 | 22c8eabb8d0f0c39db414a411ae188ea39d8f4a169faa3ca34ed16fb8ac42ab839eae3db18dc91069c80610b647f9cdcb5772c12e1133dd82d2a1d76329bd1c0 |
memory/4504-658-0x00000000006F0000-0x0000000000D6F000-memory.dmp
memory/4504-657-0x00000000006F0000-0x0000000000D6F000-memory.dmp
memory/4632-666-0x0000000000F10000-0x000000000158F000-memory.dmp
memory/4504-671-0x00000000006F0000-0x0000000000D6F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 362feae5490058feae5c3a415d42ee50 |
| SHA1 | 1c4da7f0a615cad4aeaca5305889c6dac405e9e7 |
| SHA256 | 78748034ec03d029f37ba9f913baa3e426842b54bbb58d87a876a1792555f6ca |
| SHA512 | 89b51f5989fdb25dfc475e7beb264293d7c60d98417010cc13aa531492f8c2f849c6d524a88aa9dc9a8cfb2ce7bd4b6a6b869e58d026d8bacc7e1c88ec82ad22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9fa4e3b015d73365fce8a3baecb60a96 |
| SHA1 | 90860c3f758fa98f83119ad63561963d731ae075 |
| SHA256 | f8562735eca366889e3b9fae8ab1e179c9b9e0f1ddae43c4cd47818cf9874ca2 |
| SHA512 | 92af323dcf698275e2ea9be5c807d9b30e922b9170ff21d655b40905178b0f8e47b141754c3b9345b23042771d17b2a934b3bcbd0259beabb12fa998d2a8009d |
memory/5080-700-0x0000000000420000-0x00000000008D2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 823a3986e8663ddffed1354322edec29 |
| SHA1 | 4de4c151eb066237724755e97768cf9663bcd1f0 |
| SHA256 | 5b60cde4468b0be16f49a5749d45ada3be6cc1f1fcdc5d62025e1f1988a67214 |
| SHA512 | 98bed3cfbd7ffbed3980f0b73ab87a86728ed94f3d6c0d5f5d2cdc0bff6aa3ee5e80b6ba3cddf9c221fa2f51aaacdaedb7f007e54f7ae4bd6881c216c4948668 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 867302073462877be6e6c861894b4ca1 |
| SHA1 | 6aef51dbad5891c6971de96fd2d74116a3cc6ebd |
| SHA256 | 8a9937e27016e20c8d884acc610186287624de2bcc490d2c1cd23cb346805eba |
| SHA512 | 3cc239e6ab2d94ba6624b00fe0349fb0c54d7363f2d8f4868cc9dfacd708611268df9b32b0fdbb0fa44ffce78914bc0a6a1a699aa92fa2eec4515e0f1a50c611 |
memory/5080-723-0x0000000000420000-0x00000000008D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | b16689eb426491acd98c0a578593f3de |
| SHA1 | 9a1a0abad8773ca362c50a45a45a93b909edfce7 |
| SHA256 | 01d3c597b1ecb2825a32121cb2a97cff869e6aa5fa2300e5aa1e0208ed8ce00b |
| SHA512 | 3fa88efdd11327ec3fd5c6014b614c78154cb6bbcc230be6ea75d8e68cc19dec87778d5297fbb7dbf0a9a99a1bd10471514389e4b4395c8de70a755e1d40c4c1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F
| MD5 | 685733a7bd2ea60d41daaa535f4e715f |
| SHA1 | 6b8c2a43518fb6d3ebffd1704adf2af4db3aae12 |
| SHA256 | 282e894391444495ed985c114af515439c1eeb7314abf383673fbfd54cddd619 |
| SHA512 | d67b682812e197e195655f6a5828099436249e161e086b8beac99f79ce0dbbd8eeacbde63d0c3dbc68469f4bd523f51a9b3ce57b1dcaded7516cf7302c7a7e2c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 960ed4d1ef786918d94476376aa03117 |
| SHA1 | 32d5e0079aa8ff4c208b77a765afad66f864c4ac |
| SHA256 | 3bbb82b09211d284b3ad6bd270d7d40b16d203cc3ebd062f2b8b2b5bd7605723 |
| SHA512 | 15e169b6fd86a174d1291308b72341e4c916e2d6cf1f1dd256bec959a8c8ebfca3b9a4e2962d56cbd2b80282ff86c1dfa3e2b33f549065039f3e5e71ef26c19c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 427e6d136716caa0baa6e7868d134a98 |
| SHA1 | 2b283967b1327b20c473d61b771f64fff5390f10 |
| SHA256 | 1d5ea8103ed9d7721cf69f2f1e6dc74552297f772a0ae448131b636b8eccf472 |
| SHA512 | 8ee566050a5a95402229471ade238c01b744fed896b3e24f0183d495edd90d695c883d5e13829f0a7245b9636dd7bc94bfd825e385c7a27393518706cf8e5185 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fc2bf3edd7f91f5fb1f9e5a52283f71f |
| SHA1 | 9a43fa994d01fce9cf393dee7e00c3e66c0f2d04 |
| SHA256 | 450310ec9922f2e1038f1626ef65904944dc5b0a40d7c56c462f10c19eb7768c |
| SHA512 | 0967356ebe8fa37287dfdcd94d53689c23ac0093215efe8651d329f99e209a9d45d6f576ffad266262ba6ab0899a23b9b60b33fcbad62ae7da30459bc9bb5f53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | 6dd916dbcde7dc9f4d869a172a37e1dc |
| SHA1 | a0c5384f48341b1040bcbd3a9a32f957123421cb |
| SHA256 | 1b8bd020ec661583b40fb882d54a5405d732dffe61e06e58f24cecefb689c798 |
| SHA512 | 3c329d43c34077d8f686d5d11cf5a3fb30dc7f6f63e4905186371cfa942489ef0bffbd9a52a5696b94d59040aba55a9f6deef372d7852ffd553c7a836d77400f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 431f1c24a779ecf3e26b4c67055e3eb7 |
| SHA1 | d1567d487df9c21134bcdfb951d083b05d074626 |
| SHA256 | 43abd99625652b73675a299c1cfb3742350c39debee698d43c9faf224aae89b1 |
| SHA512 | 915d4120adcf3b9503a6764d8b424e70efde93746bc9baa6b1b46aad74c6073975b491ab3250ba1f70392f2384c11a642e217b3f7cdb941d777834db272062c7 |
memory/5080-1605-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/4256-2444-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/4256-2486-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-2677-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-3005-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-3017-0x0000000000420000-0x00000000008D2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin
| MD5 | f363f0e64e4916448267c110eb09d3d3 |
| SHA1 | 04ef5124fede1394905b80363c7aaab4c10522ee |
| SHA256 | cd9d73a926a67fa89acc413b8d8477c3c6bfd77a3629845247ff3623d7f7a0c2 |
| SHA512 | 74f294ca62fc7b0dd2a22ef926a0b37770d2fa8ebd5b2ec5ba3624738c8ba25aa7d1c59e8e22983653a40917f9fe3de8acda1fdf38f429afd920abd85f57da4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e890ef6676045524117280c29f54d6e4 |
| SHA1 | 8868f4734ed809770c46e3b532d5642761d8f11c |
| SHA256 | e1d62df66867cf446bc0f179ec51ba1dd6ff94e6556e6bf802e89017299d2b4a |
| SHA512 | 8515fe5f7a75a0d6fee1c3c9714e65a7dadf4927e114f6c7f25508fbe9da865067ec34186be29d9f82b441dd05006e2a213827e1e86ba3224061b7613fe9abe3 |
memory/5080-3042-0x0000000000420000-0x00000000008D2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c791.TMP
| MD5 | 268fe28e263085527bf106f4e03a742a |
| SHA1 | fba3c5de76dceb1c25f536ee801e966217173698 |
| SHA256 | b1c129dd149da2a8e097bd5603cac1aef840c33be22ca91a92ee5880f4073eae |
| SHA512 | b242f529b520985dcac6fdea4c4e8e15a0775abdcf5109e284c066d0238407d5b768f89e6c9379a54b3e3a921142d5dd70c433a3253f93173320bfa2beb8faa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 89a7f9bcf439b7c9639bc0061e03afc9 |
| SHA1 | 366c91a70d80ea675110fec7a270068ae5d025f7 |
| SHA256 | c738b66362aed218632e688cf4e7d4b62e7bc4c4cb1890bb5b46295c10172c28 |
| SHA512 | 8425b1ae0e07accccdfe2e8deb774bae557b5bc56d95ac771c85892dd037e85376bf747deb9ad97a681b27c85a6267cabcf171bdda532cc4e934359d05e464dd |
memory/5080-3052-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-3053-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/2580-3055-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/2580-3056-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-3057-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-3058-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-3067-0x0000000000420000-0x00000000008D2000-memory.dmp
memory/5080-3074-0x0000000000420000-0x00000000008D2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f3d9cbfc939692afb17ad778bbcc893 |
| SHA1 | 86f2c8e0dabf0e44ec51e5635785845f7ab8e6fe |
| SHA256 | d106cd507ef74e5c145e134a25bb3c58fc5248948fe8e2dedace160d6b103267 |
| SHA512 | e2deb56d210d50358e4c9f1e677d425c8e9c9c44f7d7bd855a4817e148ab7ddcf135b24dc657227ed3d4e69d4601585e76566383ca595cab6f6432b9fdfd02d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4ad1a0e8a0eb792aaf7172461746cd8a |
| SHA1 | 8fa23b182713b57b706d9a0e39ee68eda80bbd29 |
| SHA256 | ff0a9101a922742c00fc0acfd02d02c90431d4896b465651369085d70777f375 |
| SHA512 | c027b783ab04c639867f29956e544cd1fcafcba58f504bd8d3107117e97a2b9fc76fc27b08696d3ef01197a3aacba954ecbfa7a5c07cdf583d9243c637f39eaf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-11 01:26
Reported
2024-09-11 01:28
Platform
win11-20240802-en
Max time kernel
142s
Max time network
150s
Command Line
Signatures
Amadey
Stealc
Credentials from Password Stores: Credentials from Web Browsers
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Wine | C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Run\4c2f9460dc.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000030001\\4c2f9460dc.exe" | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\svoutse.job | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe
"C:\Users\Admin\AppData\Local\Temp\6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a.exe"
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
"C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe"
C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe
"C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe"
C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe
"C:\Users\Admin\AppData\Local\Temp\1000030001\4c2f9460dc.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start msedge https://www.youtube.com/account
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start msedge https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1856 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1be2a389-01ce-4cde-813e-dd7013d81023} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c8a1311-2e3d-4bcd-aa58-a21b8ab917b4} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1572 -childID 1 -isForBrowser -prefsHandle 3456 -prefMapHandle 3356 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d623736-4001-42f1-a230-e3ec92ec2ed3} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 22693 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f3c4509-3ea7-42f7-8330-c5941022a208} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4272 -childID 3 -isForBrowser -prefsHandle 4264 -prefMapHandle 3204 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d231df13-1cc8-4660-a64a-9ec385da9dd7} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5044 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4908 -prefMapHandle 4988 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {137a2190-03dd-4a75-a0c7-d7ac66f26d8d} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -childID 4 -isForBrowser -prefsHandle 5792 -prefMapHandle 5824 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c419c312-11f1-4dbb-a635-c75727b53603} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6024 -childID 5 -isForBrowser -prefsHandle 6016 -prefMapHandle 6012 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2e01d23-e6ed-4f0a-9620-9decff81a330} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5928 -childID 6 -isForBrowser -prefsHandle 5920 -prefMapHandle 5916 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66f01f80-81e2-44b0-86b3-af21cefd32b6} 1968 "\\.\pipe\gecko-crash-server-pipe.1968" tab
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.244.10:80 | 31.41.244.10 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 8.8.8.8:53 | 10.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | tcp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| GB | 142.250.179.238:443 | consent.youtube.com | tcp |
| GB | 142.250.179.238:443 | consent.youtube.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.187.238:443 | www3.l.google.com | tcp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| RU | 185.215.113.103:80 | 185.215.113.103 | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| N/A | 127.0.0.1:49850 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| GB | 142.250.187.238:443 | www3.l.google.com | tcp |
| GB | 142.250.187.238:443 | www3.l.google.com | udp |
| NL | 172.217.132.38:443 | r1.sn-5hne6nsk.gvt1.com | tcp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | tcp |
| NL | 172.217.132.38:443 | r1.sn-5hne6nsk.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | consent.youtube.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
Files
memory/840-0-0x0000000000160000-0x0000000000612000-memory.dmp
memory/840-1-0x0000000077CC6000-0x0000000077CC8000-memory.dmp
memory/840-2-0x0000000000161000-0x000000000018F000-memory.dmp
memory/840-3-0x0000000000160000-0x0000000000612000-memory.dmp
memory/840-4-0x0000000000160000-0x0000000000612000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0e8d0864aa\svoutse.exe
| MD5 | 3bcdaf8aa8a6f0ca2f613c8c14bc5a6e |
| SHA1 | 14e7cff2628e339009821bdb95673a40299149d0 |
| SHA256 | 6eb59c4f674dca8834a2e617632dce7fd0be64ab01297e016b424d04b0b0054a |
| SHA512 | d4f38ebb5e8684ab8d267cbef2c2a227238636409cc41b03fa767e3ba83f324db47e93543dfdde302fa72847b728f4ba93aae10d58670efe0ada9ed051941579 |
memory/2340-18-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/840-17-0x0000000000160000-0x0000000000612000-memory.dmp
memory/2340-19-0x0000000000CB1000-0x0000000000CDF000-memory.dmp
memory/2340-20-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-21-0x0000000000CB0000-0x0000000001162000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000026000\d6c383d585.exe
| MD5 | ce4bfa9c358165bde9bb408a2cb57b89 |
| SHA1 | e7d7c6e20a558cdbb8ca0a8614bf48a1bdb60396 |
| SHA256 | 8b715b6ede4282228d035a69684c3e67328cef609504a7353c5151aa8ffafef9 |
| SHA512 | 3ace12ec036ff30834223176f3b8f917e62e853afb7cf7735d426be5cb2d02cfc39b0ce2879a162dcfb7f32003f7f954a81ad527e247a2b424dcc1a11af5f6f3 |
memory/1464-37-0x0000000000C80000-0x00000000012FF000-memory.dmp
memory/2340-46-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/1464-47-0x0000000000C80000-0x00000000012FF000-memory.dmp
memory/1464-53-0x0000000000C80000-0x00000000012FF000-memory.dmp
memory/652-56-0x0000000000680000-0x0000000000CFF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000039041\do.ps1
| MD5 | e05e8f072b373beafe27cc11d85f947c |
| SHA1 | 1d6daeb98893e8122b8b69287ebd9d43f3c6138e |
| SHA256 | 717c09427fa5754ba92f92961545534048d0a76528c2e95c4d5ec6cef47c612f |
| SHA512 | b3e34162e5ee43bb01f289eebc45fd3ea3e07f30be40dcf6635606540f912fe5c84d301e9f78e97dfe3ffe53e72547e50f3bcd7d4ebe5ab8da451a1989c469a0 |
memory/1464-64-0x0000000000C80000-0x00000000012FF000-memory.dmp
memory/3736-65-0x0000000002620000-0x0000000002656000-memory.dmp
memory/3736-66-0x00000000051D0000-0x00000000057FA000-memory.dmp
memory/3736-67-0x0000000004F80000-0x0000000004FA2000-memory.dmp
memory/3736-68-0x0000000005870000-0x00000000058D6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hlg4wtrq.lwl.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3736-69-0x00000000058E0000-0x0000000005946000-memory.dmp
memory/3736-78-0x0000000005950000-0x0000000005CA7000-memory.dmp
memory/3736-79-0x0000000005E00000-0x0000000005E1E000-memory.dmp
memory/3736-80-0x0000000005E40000-0x0000000005E8C000-memory.dmp
memory/2340-83-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-82-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/3736-86-0x0000000006DC0000-0x0000000006DE2000-memory.dmp
memory/3736-87-0x00000000074E0000-0x0000000007A86000-memory.dmp
memory/3736-85-0x0000000006370000-0x000000000638A000-memory.dmp
memory/3736-84-0x0000000006E60000-0x0000000006EF6000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin
| MD5 | f2661c5253e21a672b06c382959ce84f |
| SHA1 | ff3c7a572fc24339a13497076bcdbef87e75ea67 |
| SHA256 | 5853d172447e9bf5a6082603346c1bc508ee7ccdd3ae6b359b2ca229870a54b1 |
| SHA512 | 1a04fc19a23d142d6be05aa894802d347d5b702b7064dd3b7fca35f4f9c5b0de0513f69b622b034a71139da1228cdf35ba4aaf1f415ada3f46aacdf2442ac8f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin
| MD5 | 278b21bc12005e1b974d168549615e27 |
| SHA1 | ac346a6a056af44eeac2315c7b33a9f4bb22af7e |
| SHA256 | 950d46e6e6f4f8779b1e97bddcfca43e250844942f49ecbced60fbca172f2d32 |
| SHA512 | d32a48db4017fb36e2d6fc9305bdeaf4e15f3468f4e591d0882ec853dda1c93a326f031021b27c4192c177acf3a5c2efcb61bdf028984188ba144c3fd79dd626 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 0e1fb6d6893b822ae74a7499ef841326 |
| SHA1 | 94a60b863fee10065313a822a1307e9a12a1812f |
| SHA256 | de32cbc4eb8e234509de6b725892f3d9568ca3984858f88d0b365a9637637a73 |
| SHA512 | b36033dcd472868902b05c94f5e53f518381d49fcf93e8f114fcba043317794744b9a26bee24ec906590b9fd2df4a8dc6ec5cf7e032c137d8cb7811820a0f41c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\cc57f411-b2b4-422a-8869-d1d79d0b62d9
| MD5 | 4b382e37448e885aa299d69916ee19d7 |
| SHA1 | 2b473169b67b3f8f50cf403c3d565901b6f87abe |
| SHA256 | b4e013057e720a5cdaca35abd6c68779ca8158e81e028125fc24ca8451175359 |
| SHA512 | d75320e074451a668cfe52d715742a26887b3af8787c667e6b450c7cee76e17459e22a3053284135d06c0692c3fd98cd898f5adb78b7907bf2baedb634ed2d44 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\dfe68154-a62b-4dd5-b6c0-cea2286ee4ed
| MD5 | d0532e9d0eca481186b5d1c7723a88f3 |
| SHA1 | 573380008203806495f6a85bc2145a017fbfb8ca |
| SHA256 | b32a1ff758240486f87380f6dfde7f31d67090965e814fc27e16de07754c4a1c |
| SHA512 | 759cfae958c225d25107d52394140551c76b772baa56640799026a26d5dcd370fbaecc644dfa5ae6a530190eceb4d0708cd7ee81c046437b1ce182dd05ebfcae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\activity-stream.discovery_stream.json
| MD5 | f78ef1944027a9c36fbfa80a3f535076 |
| SHA1 | fb69ce2ac1ab7ab784d5c79c192abb74f5f54192 |
| SHA256 | ecaa0653dd19ff5a00d3924a0e77f80d43c39ef867f359de0a4a53060be182c6 |
| SHA512 | 2228ce5f7629d0c3ff32b66614446e0a694dc136a8a962f1eefb182c907e574bf2899ffa4b07aae6c10ea69f7c817ffcc130f774f1ea3e490a1b2992845fc080 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 338db648db6aa5339259a43ba9687e0f |
| SHA1 | 2a4dac4bd5b48f4e514d43241b4d4b72265fb90b |
| SHA256 | c8a7b08a17bfb7da09886bf6c0a094aaa2cb49f53629fac8e445f1b32556c68d |
| SHA512 | ff4b4ed9eee29a0382e2a05009bb74d43033476c8b5b737ff8b1d6330a5234bce07b9903bb28ad803edd68aa409af8d239360ee129fe64c9c868b5d8c2b5e39a |
memory/2340-357-0x0000000000CB0000-0x0000000001162000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin
| MD5 | 76cbdf57f5d735ba411dd898a0fbda94 |
| SHA1 | e855a4294f26d1fec882fa70cf8ebae69c82744f |
| SHA256 | 7bd4aa140f9d06c345480b624131046d7274a1001f8ff40ddd2369b1c17568cb |
| SHA512 | 736abf55f6d0fd49d77a299770d38c0144aef2b41e1c70d639f159c87825bf52c4d507c70898b3f86f593bbc393626285d6367cf2e5a601749c49166e0dba0d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs.js
| MD5 | d859b0d0178c9cddb8bd0fb18fc39c29 |
| SHA1 | 800202f1c546372f3392c368598560a9c118241c |
| SHA256 | 83597ced29a8c7eab843464ea1f320c8057e808f76a08127416d21ac982bdcf2 |
| SHA512 | c2cd3bf4de6b29b1883f7b9526073545570ca2756e50188861816c4442abc93f904f2b30de2e4974dcf368aff2c4ca96b048a7d6d23cfb28fdb0d97dc9f29e1d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 453ccfe1b9d80a610bd06b744683084a |
| SHA1 | a5d09a125cce2e152b4f57c608ed565ae944a20a |
| SHA256 | 6f0ee7023bf954018fa3b6ac39b7b4ed50d6814c082aad052fc048a7a5b373dc |
| SHA512 | b91fbd43ee8e1f7f8ee97276c2f879236e2d19ebe29e7862abb6ebf8a9e4b361f2d06a2defa3facade60deb2b333cf3401f2bcb25d644c61cf64d07e277bc576 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6c4ff4025194d841084c7e2b483b7723 |
| SHA1 | 48b84acd28fc95822dcc40b20b20dab4c45ee713 |
| SHA256 | 38748588ac6fa391c913e3ab7f8d333ea98a9ff1cecf0439bb040334dfe1e4b4 |
| SHA512 | 42262db7a94bae0d8048d0943d23428e001d3aaae0dc24a2f374f8efd6146fac2d1ce20b714b899fa2d0bc460d5a7c932b303db80f6b40885ad02e706ac069e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin
| MD5 | 8b94d64a22485271dc9c85e52b7db6ee |
| SHA1 | 2686cbfd75e097787008b5eabcfcd21e2d7f5b80 |
| SHA256 | cfd4e0398ce9e830569551318f0df81db6955332faf623eff36a4646d230b84b |
| SHA512 | ffa822174baa05e3c4edc29063b73bd9b3c460eef12b4d682ec8cbea70fb9c6033e4cbb68f7d43b7d22c7cd93a54efacec6fc84cdcdf1a264ab2ef147ad451c1 |
memory/2340-452-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/652-456-0x0000000000680000-0x0000000000CFF000-memory.dmp
memory/2340-491-0x0000000000CB0000-0x0000000001162000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7da0a609352773988e0a2144939842af |
| SHA1 | 0876926c34a5e3c73184323e1b089ab890be7c36 |
| SHA256 | fe420dcfcda92d0956eae2dbb6636c51a19b0c8df89d65abef28ae6e6c1bbe89 |
| SHA512 | 28f6b637fa552d523dae24b06d193efcbb6e171d6afcc90001e749dd576f7d8093dfaf12bce63b9da92187f4efadb7c3a7fe2627ef47337136d711412f93c884 |
memory/2340-500-0x0000000000CB0000-0x0000000001162000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c161d0d750d5d7f73083312e332ab2c8 |
| SHA1 | 027c31c43eff3db6a9d875bbeb8f832bbed1df99 |
| SHA256 | e39e2453e6c4f6dca7970eaa850553d72b71b9ff3762a4a21378a5f70f955489 |
| SHA512 | c3c2f72f7e0c963406944e8e51446af100b54026cd80b64494a7b5226744b353e8a3f68d68724a81d0036b41acbad631159fe526c0bd230d7ad8a43857ba2d27 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F
| MD5 | 053126903f986f4040329526718782c8 |
| SHA1 | 6829c8dcce54263173160217111bb35cf371996d |
| SHA256 | b781aae9e887cf9246efff20c4e903cbf9da77b268247095da903fdba559f96c |
| SHA512 | 963822dac385baec38fa47e827dbf7b3aa14a59a1d584970685f8154fdc806355d742889147943d7cb24eee2d308ee303b8af2277f657e4cbbf8b27431cce2ed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin
| MD5 | 3ddf6839dc10bf0b989db75a81282d75 |
| SHA1 | 6a70b3638ba7f60108821b9fc989c56eaa39294b |
| SHA256 | 4c79f2836b38ca67097c2354770ff0788c41e23fc2f4533325469b804ff90cf6 |
| SHA512 | 72c7215819ec218bee711f2dd696d82eccf5cb1959d3f2673b14df6ea8a2e49b06f84220f2f2d9eaa524fc5a6cac5417429f54c77a04571e1c43af75753f0f19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js
| MD5 | 742a5365ea6b32c2064d1a7aa867f8bd |
| SHA1 | 360d389bd5f2b0258649662baea7d21aa3ef49c5 |
| SHA256 | ea7b7c3f6995019d46dcd547f83fe537ab7eb3ba3ddefaf07f8e75daa9dd3aa3 |
| SHA512 | 4ecb04f7253e5cb1ec2771acb1355ee3a57ec47f535d0a72b3abb3c8a9986900307f744828f76503d484d8cd988bcc227b0352c0fa93dfb222a8e32f4ceed622 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 72cd9b72cdb056aa2208c557dca4b170 |
| SHA1 | ebe809613b1dac3aff449723646018277eb8895a |
| SHA256 | d0a4b316aa1159f87cfed25a7600c37232a2d060412b97faa12250ae3546b788 |
| SHA512 | c706861893f5e15a5f1f828b0ce2fb85dbcb63c5c7771721764bad9d6f1dd3fd2afd573b7394f4ac0085fd219847d00b9476c3615b2034d8fd1b62b0aaed9947 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | cba1db20a5b811a4bc23e21439e36dbe |
| SHA1 | 48648946c5806b9c7257dbe6911f1771ab40f653 |
| SHA256 | ea544cda49c0a5de46d7a6574766bbdecc4da8f0ba6d1c532514784dc56a8f79 |
| SHA512 | 80e1fca64a2112892c5b7c502cf68a0cc024c2155e3c890dfc209ac790d4a47860a3baae338f3e9a0daeca6fe9cf966a7ba466bd39e1ca0b202a76fc029ac827 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | a02ce5d91776840c982c9bf8cc4b9bde |
| SHA1 | 7e1a6240681d634e819f897c87808a6af7babe02 |
| SHA256 | 189749174905ce0c94de1f691b457d26d0b5b0e986a2b1dc6011a33d9bbf69c7 |
| SHA512 | 504ae854b00d6893743d0a1bf744eb07f4a1bf4a617a2e0d0677ef28d4e73c43122010f95622eae616918646c1d1fe35a07eb793b87ab949084562adfd58a5da |
memory/2340-721-0x0000000000CB0000-0x0000000001162000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | adba886a81996af21e20cd361bb61b09 |
| SHA1 | c341446c252798eeaed56de9acd2a4bdd54de391 |
| SHA256 | 14bcb8456ff7124b94f6b606e3d570a71286f468e2d2dd15d269cba396213759 |
| SHA512 | 5c858f2447e6bf0c41c4bbcd8793d2ee09b8de798e3f06f925d1173eac8d277709543806400d8dbb6c68a29df813d9a376aee2bbddd54b8bcba7e3c2232eb4a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
memory/5584-1675-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/5584-1736-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2228-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2677-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2684-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2687-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2688-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2689-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/5636-2691-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/5636-2693-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2694-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2695-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2702-0x0000000000CB0000-0x0000000001162000-memory.dmp
memory/2340-2707-0x0000000000CB0000-0x0000000001162000-memory.dmp