Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 6, 2024, 9:17 a.m. | Aug. 6, 2024, 9:40 a.m. |
-
-
-
-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
2800-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
2868-
crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\feb1d719-5d37-4d6f-814f-ef095b02b421.dmp"
2060-
minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\feb1d719-5d37-4d6f-814f-ef095b02b421.dmp"
2104 -
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password"
2500-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
2600-
crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\714ebb42-5311-4f11-93fe-3625f15d0edd.dmp"
2288-
minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\minidumps\714ebb42-5311-4f11-93fe-3625f15d0edd.dmp"
2564
-
-
-
-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password"
2932-
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
1712-
crashreporter.exe "C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\test22\AppData\Local\Temp\\854944f6-c863-4df9-957c-e39bb5ed1152.dmp"
2076-
minidump-analyzer.exe "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\test22\AppData\Local\Temp\\854944f6-c863-4df9-957c-e39bb5ed1152.dmp"
2948
-
-
-
-
-
-
-
-
8bc9ea3c13.exe "C:\Users\test22\1000037002\8bc9ea3c13.exe"
2976 -
356feeff4e.exe "C:\Users\test22\AppData\Local\Temp\1000038001\356feeff4e.exe"
3048
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
crash-reports.mozilla.com | 34.49.45.138 |
Suricata Alerts
Suricata TLS
No Suricata TLS
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
file | C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
registry | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe |
section | \x00 |
section | .idata |
section | |
section | empipoju |
section | ojixoypn |
section | .taggant |
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://185.215.113.19/Vi9leo/index.php | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.16/well/random.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.16/steam/random.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.16/num/random.exe | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.24/ | ||||||
suspicious_features | POST method with no referer header, POST method with no useragent header, Connection to IP address | suspicious_request | POST http://185.215.113.24/e2b1563c6670f193.php | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.24/0d60be0de163924d/sqlite3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.24/0d60be0de163924d/freebl3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.24/0d60be0de163924d/mozglue.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.24/0d60be0de163924d/msvcp140.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.24/0d60be0de163924d/nss3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.24/0d60be0de163924d/softokn3.dll | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://185.215.113.24/0d60be0de163924d/vcruntime140.dll |
request | POST http://185.215.113.19/Vi9leo/index.php |
request | GET http://185.215.113.16/well/random.exe |
request | GET http://185.215.113.16/steam/random.exe |
request | GET http://185.215.113.16/num/random.exe |
request | GET http://185.215.113.24/ |
request | POST http://185.215.113.24/e2b1563c6670f193.php |
request | GET http://185.215.113.24/0d60be0de163924d/sqlite3.dll |
request | GET http://185.215.113.24/0d60be0de163924d/freebl3.dll |
request | GET http://185.215.113.24/0d60be0de163924d/mozglue.dll |
request | GET http://185.215.113.24/0d60be0de163924d/msvcp140.dll |
request | GET http://185.215.113.24/0d60be0de163924d/nss3.dll |
request | GET http://185.215.113.24/0d60be0de163924d/softokn3.dll |
request | GET http://185.215.113.24/0d60be0de163924d/vcruntime140.dll |
request | POST http://185.215.113.19/Vi9leo/index.php |
request | POST http://185.215.113.24/e2b1563c6670f193.php |
description | 6e18515bc8.exe tried to sleep 278 seconds, actually delayed analysis time by 278 seconds | |||
description | explorti.exe tried to sleep 1097 seconds, actually delayed analysis time by 1097 seconds |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjmkndjhnagcfbpiemnkdpomccnjblmj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Local Extension Settings\djclckkglechooblngghdinmeemkbgci\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\apenkfbbpmhihehmihndmmcdanacolnh\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Local Extension Settings\aodkkagnadcbobfpggfnjeongemjbjca\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Local Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Local Extension Settings\ciojocpkclfflombbcfigcijjcbkmhaf\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opfgelmcmbiajamepnmloijbpoleiama\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales\sv\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\fiikommddbeccaoicoejoniammnalkfa\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Local Extension Settings\oboonakemofpalcgghocfoadofidjkkk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal\Local Extension Settings\fooolghllnmhmmndgjiamiiodkpenpbb\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOCK\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\fa\messages.json\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\bfogiafebfohielmmehodmfbbebbbpei\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000001\Network\Cookies |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Local Extension Settings\naepdomgkenhinolocfifgehidddafch\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omaabbefbmiijedngplfjmnooppbclkk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\bmikpgodpkclnkgmnpphehdgcimmided\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Local Extension Settings\fdjamakpfbbddfjaooikfcpapjohcfmg\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobl\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba\CURRENT |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Channel IDs\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch\CURRENT |
file | C:\ProgramData\freebl3.dll |
file | C:\ProgramData\msvcp140.dll |
file | C:\Users\test22\1000037002\8bc9ea3c13.exe |
file | C:\ProgramData\nss3.dll |
file | C:\Users\test22\AppData\Local\Temp\1000036001\6e18515bc8.exe |
file | C:\Users\test22\AppData\Local\Temp\1000038001\356feeff4e.exe |
file | C:\ProgramData\vcruntime140.dll |
file | C:\ProgramData\mozglue.dll |
file | C:\ProgramData\softokn3.dll |
file | C:\Users\test22\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
file | C:\Users\test22\AppData\Local\Temp\1000036001\6e18515bc8.exe |
file | C:\Users\test22\1000037002\8bc9ea3c13.exe |
file | C:\Users\test22\AppData\Local\Temp\1000038001\356feeff4e.exe |
file | C:\Users\test22\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
file | C:\Users\test22\AppData\Local\Temp\1000038001\356feeff4e.exe |
file | C:\Users\test22\AppData\Local\Temp\1000036001\6e18515bc8.exe |