Malware Analysis Report

2024-09-11 01:28

Sample ID 230407-sxfdxshe95
Target https://bazaar.abuse.ch/
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://bazaar.abuse.ch/ was found to be: Shows suspicious behavior.

Malicious Activity Summary


Legitimate hosting services abused for malware hosting/C2

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

MITRE ATT&CK Matrix V6

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040

Analysis: static1

Detonation Overview

Reported

2023-04-07 15:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-07 15:30

Reported

2023-04-07 15:33

Platform

win10v2004-20230220-en

Max time kernel

210s

Max time network

211s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://bazaar.abuse.ch/

Signatures

Legitimate hosting services abused for malware hosting/C2

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2884447041" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31025526" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d000000000200000000001066000000010000200000007724b262a071138b067dc94543f49b52aa6014d79d545b9d9d04f1e2bb81582e000000000e800000000200002000000057d5381125e6b7e0f91d7007c59c984e0e9f0c55b28a1803766b2d4160b010ac20000000797e0b89375e616c51ecceb4ce4f1209b60b07ee0b565fbb1386651ce7d6d82d40000000f5111dd71dc2ca7ab3bc46e3070b68f84f3827040331fa4e4fa9023ed8cd509eab1576716e2e4c71fc4227da07a2383f16d15829b44a35fd991d49d055dc88c1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D6B24D89-D569-11ED-B7D7-D660CAC54930} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2884447041" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "387653582" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2893543982" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 605595ae7669d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d4a3ae7669d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d000000000200000000001066000000010000200000007794ab6eb20d50880cd4595fd4623c7a953ea4707187281841ce51d3d15c394b000000000e800000000200002000000066df458ff3d724ec0a69d7c5f52ee7b6cd8dfba1eed7e7c91fbee29340214cef20000000f02b5f143ed22d44b41407331440f2e1c1fc6dcee1eab3ec16ee2a754d621b3240000000fda5ae591b205c5aa8a995945d57f4552608398feb74b0684868fd38833ed3b70dcc282d1cd05ebc0642cf499fa898d80c36c4c56f4690f44e648a5fdd2557b1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31025526" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31025526" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1112 wrote to memory of 2224 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1112 wrote to memory of 2224 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1112 wrote to memory of 2224 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 3472 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 1388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 1388 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3472 wrote to memory of 2684 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://bazaar.abuse.ch/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1112 CREDAT:17410 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.0.1952247014\1338319372" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec0cc7aa-8a1d-46c2-81fb-a5fc89c5e937} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 1900 144a63a6158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.1.760919991\2042553902" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc488c73-2d01-4372-936d-601b2bc7b472} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 2300 14498371f58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.2.2034339995\1692120597" -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3136 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {123f301e-e236-4295-a544-9f9c36642cf2} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 2916 144a538e458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.3.747071797\862928840" -childID 2 -isForBrowser -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5560b129-45d9-4c30-a575-c0a702884c2d} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3528 14498371058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.4.1217919487\1646156593" -childID 3 -isForBrowser -prefsHandle 4200 -prefMapHandle 4196 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cc29845-09db-4c85-8632-26ff1dede123} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 4212 144aa1b4558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.5.750494664\733138487" -childID 4 -isForBrowser -prefsHandle 4948 -prefMapHandle 4956 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ffac67a-b27a-471f-99f5-cbd4fd2f071f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 4932 1449832de58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.7.1184502894\264429410" -childID 6 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {014ee992-df4d-4272-829d-feae62cb33f4} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5276 144ab553e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.6.683149345\1988877225" -childID 5 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c922935-18fd-47ce-88df-e8b2be56c3a7} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 4916 144ab396758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.8.1194316773\1809063726" -childID 7 -isForBrowser -prefsHandle 5732 -prefMapHandle 5744 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58d0f075-9870-4b63-ab5e-d2df0a25d9a9} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5724 144a9b4da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.9.1359755393\1387275209" -childID 8 -isForBrowser -prefsHandle 6060 -prefMapHandle 3524 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca9daa90-9aaf-469e-bf63-12999ea497bc} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5948 144a9b3ef58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.10.440379830\655941854" -childID 9 -isForBrowser -prefsHandle 6212 -prefMapHandle 6216 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a3da3b9-63cd-4906-9cdf-b43d298e47ba} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6204 144ad74d258 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c 0x30c

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.11.1440148510\1307596514" -childID 10 -isForBrowser -prefsHandle 4792 -prefMapHandle 4784 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1510bb7d-157f-4a3c-9442-d14561b89c63} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3532 144a9b97a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.12.592192114\1906377644" -childID 11 -isForBrowser -prefsHandle 6524 -prefMapHandle 2796 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9913fe1-452a-4f95-9987-07731ad0e8be} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6244 144acd46e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.13.1203238277\828638768" -childID 12 -isForBrowser -prefsHandle 4784 -prefMapHandle 4792 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82b0565a-84b5-4d28-b0e7-4e6e87a082a1} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6476 144acd45058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.14.1747696879\1618462074" -childID 13 -isForBrowser -prefsHandle 5204 -prefMapHandle 5220 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ba640b-2552-4f36-b00b-d249234bedc9} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5192 144ab7ab458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.15.749220788\114146741" -childID 14 -isForBrowser -prefsHandle 6088 -prefMapHandle 5220 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ac8a332-3643-461a-9c22-48319dd8db1b} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5192 144abadc058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.16.1221723873\2059252646" -childID 15 -isForBrowser -prefsHandle 4400 -prefMapHandle 6248 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46a8fa34-0235-48bd-8882-946afa933cef} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3500 144ae7cab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.17.299423176\1274212634" -childID 16 -isForBrowser -prefsHandle 6460 -prefMapHandle 6516 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee5684b-8913-4366-82fe-5c51f2cce1b3} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 3640 144a9b3d758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.18.1415192274\22236528" -childID 17 -isForBrowser -prefsHandle 4360 -prefMapHandle 6300 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74d5f21f-0a05-48f5-b1a7-08083f99bacf} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6296 144a9b99258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.19.1562314887\511532723" -childID 18 -isForBrowser -prefsHandle 3636 -prefMapHandle 6384 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f819bbe5-81ae-4a90-88c9-7a4e30d24a31} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6392 144ad7e3858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.20.90446595\2090704365" -childID 19 -isForBrowser -prefsHandle 6168 -prefMapHandle 6164 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5466d7cd-1f10-41e9-876a-3bdeb27d7f0b} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6184 1449832de58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.21.253227721\1379646095" -childID 20 -isForBrowser -prefsHandle 6088 -prefMapHandle 6176 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad6363a4-c806-4437-919c-920904b74812} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6884 144a9b4ef58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.22.813392910\217896903" -childID 21 -isForBrowser -prefsHandle 7036 -prefMapHandle 7040 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49f41af0-0a08-4785-b2d4-e2c831cb0390} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5748 144a9b3e658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.23.697338387\1210115520" -childID 22 -isForBrowser -prefsHandle 5988 -prefMapHandle 5812 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9188278d-188b-41fd-8f52-f96756e27b05} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6092 144a9b3e358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.24.1670642952\1000885569" -childID 23 -isForBrowser -prefsHandle 1432 -prefMapHandle 1356 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4211616e-ce6a-48d4-b6a2-6e944d98273f} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 5852 1449835d058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.25.191083533\300650889" -childID 24 -isForBrowser -prefsHandle 1332 -prefMapHandle 6928 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12cfd153-b284-46a5-a207-0ad348bdfe27} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6624 144a9bed758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.26.1621044571\1925930788" -childID 25 -isForBrowser -prefsHandle 6972 -prefMapHandle 5080 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70a4bf79-7a8a-47ff-b4a8-a01c95a19e41} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6948 144ab398858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.27.1821848557\1146491124" -childID 26 -isForBrowser -prefsHandle 2332 -prefMapHandle 6808 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e2b3c28-f2d6-4471-8b80-bec9253abca2} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 6196 144acd3c858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.28.664109558\1217203553" -childID 27 -isForBrowser -prefsHandle 10680 -prefMapHandle 10676 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7f23264-6176-47d5-8233-71e6040cbecd} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 10696 144ad775058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3472.29.1440148953\1611388660" -childID 28 -isForBrowser -prefsHandle 6212 -prefMapHandle 7076 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38930126-8a78-4553-b9c4-fe8b536b61da} 3472 "\\.\pipe\gecko-crash-server-pipe.3472" 7072 144a4fd1058 tab

Network

Country Destination Domain Proto
US 209.197.3.8:80 tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 209.197.3.8:80 tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
N/A 127.0.0.1:49802 tcp
N/A 127.0.0.1:49808 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 44.236.158.174:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 35.241.9.150:443 firefox.settings.services.mozilla.com tcp
US 44.235.86.161:443 push.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 150.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 174.158.236.44.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 161.86.235.44.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.130:443 assets.msn.com tcp
US 8.8.8.8:53 130.143.101.95.in-addr.arpa udp
US 40.77.2.164:443 tcp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 200.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 123.108.74.40.in-addr.arpa udp
US 13.89.179.9:443 tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
NL 172.217.168.206:443 plus.l.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 zonefiles.io udp
US 104.21.61.174:443 zonefiles.io tcp
US 8.8.8.8:53 zonefiles.io udp
US 8.8.8.8:53 zonefiles.io udp
US 8.8.8.8:53 174.61.21.104.in-addr.arpa udp
US 104.21.61.174:443 zonefiles.io udp
US 8.8.8.8:53 call.chatra.io udp
US 104.22.2.142:443 call.chatra.io tcp
US 8.8.8.8:53 call.chatra.io udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 call.chatra.io udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.22.2.142:443 call.chatra.io udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
NL 173.223.113.164:443 tcp
US 8.8.8.8:53 chat.chatra.io udp
US 104.22.2.142:443 chat.chatra.io tcp
US 8.8.8.8:53 chat.chatra.io udp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 104.22.2.142:443 chat.chatra.io udp
US 8.8.8.8:53 chat.chatra.io udp
US 8.8.8.8:53 static.chatra.io udp
US 104.22.3.142:443 static.chatra.io tcp
US 104.22.3.142:443 static.chatra.io tcp
US 8.8.8.8:53 static.chatra.io udp
US 8.8.8.8:53 static.chatra.io udp
US 8.8.8.8:53 142.2.22.104.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 104.22.3.142:443 static.chatra.io udp
US 104.22.2.142:443 static.chatra.io tcp
US 8.8.8.8:53 142.3.22.104.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 172.67.13.227:443 static.chatra.io tcp
US 8.8.8.8:53 227.13.67.172.in-addr.arpa udp
US 172.67.13.227:443 static.chatra.io tcp
US 172.67.13.227:443 static.chatra.io tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
NL 172.217.168.206:443 plus.l.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 github.com udp
IN 20.207.73.82:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 82.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
IN 20.207.73.85:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 85.73.207.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 privacy-tools-for-you-103.xyz udp
US 8.8.8.8:53 www.privacy-tools-for-you-103.xyz udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 demospeed.org udp
NL 45.81.39.148:80 demospeed.org tcp
NL 45.81.39.148:80 demospeed.org tcp
US 8.8.8.8:53 demospeed.org udp
US 8.8.8.8:53 demospeed.org udp
NL 45.81.39.148:80 demospeed.org tcp
NL 45.81.39.148:80 demospeed.org tcp
NL 45.81.39.148:80 demospeed.org tcp
NL 45.81.39.148:80 demospeed.org tcp
NL 45.81.39.148:80 demospeed.org tcp
NL 45.81.39.148:80 demospeed.org tcp
US 8.8.8.8:53 148.39.81.45.in-addr.arpa udp
NL 45.81.39.148:80 demospeed.org tcp
US 8.8.8.8:53 letsencryp.at udp
NL 45.81.39.148:80 letsencryp.at tcp
NL 45.81.39.148:80 letsencryp.at tcp
US 8.8.8.8:53 letsencryp.at udp
US 8.8.8.8:53 letsencryp.at udp
NL 45.81.39.148:80 letsencryp.at tcp
NL 45.81.39.148:80 letsencryp.at tcp
NL 45.81.39.148:80 letsencryp.at tcp
NL 45.81.39.148:80 letsencryp.at tcp
NL 45.81.39.148:80 letsencryp.at tcp
NL 45.81.39.148:80 letsencryp.at tcp
NL 45.81.39.148:80 letsencryp.at tcp
US 8.8.8.8:53 secure-accountau.com udp
US 8.8.8.8:53 www.secure-accountau.com udp
US 8.8.8.8:53 cheapb.link udp
US 99.83.154.118:80 cheapb.link tcp
US 99.83.154.118:80 cheapb.link tcp
US 8.8.8.8:53 cheapb.link udp
US 8.8.8.8:53 cheapb.link udp
NL 142.251.39.100:80 www.google.com tcp
US 8.8.8.8:53 d1lxhc4jvstzrp.cloudfront.net udp
NL 18.65.40.161:443 d1lxhc4jvstzrp.cloudfront.net tcp
US 8.8.8.8:53 d1lxhc4jvstzrp.cloudfront.net udp
US 8.8.8.8:53 d1lxhc4jvstzrp.cloudfront.net udp
US 8.8.8.8:53 d38psrni17bvxu.cloudfront.net udp
NL 18.65.40.227:80 d38psrni17bvxu.cloudfront.net tcp
US 8.8.8.8:53 d38psrni17bvxu.cloudfront.net udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 d38psrni17bvxu.cloudfront.net udp
US 8.8.8.8:53 partner46.googleadservices.com udp
US 8.8.8.8:53 partner46.googleadservices.com udp
NL 142.250.179.194:443 partner46.googleadservices.com tcp
NL 142.250.179.194:443 partner46.googleadservices.com udp
US 8.8.8.8:53 afs.googleusercontent.com udp
NL 142.250.179.193:443 afs.googleusercontent.com tcp
NL 142.250.179.193:443 afs.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 118.154.83.99.in-addr.arpa udp
US 8.8.8.8:53 161.40.65.18.in-addr.arpa udp
US 8.8.8.8:53 227.40.65.18.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
NL 142.250.179.193:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 www.namecheap.com udp
US 8.8.8.8:53 www.namecheap.com.cdn.cloudflare.net udp
US 8.8.8.8:53 www.namecheap.com.cdn.cloudflare.net udp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 nominally.ru udp
US 8.8.8.8:53 www.nominally.ru udp
US 8.8.8.8:53 rygwuh44.top udp
US 8.8.8.8:53 www.rygwuh44.top udp
US 8.8.8.8:53 hotelage.link udp
US 72.14.185.43:80 hotelage.link tcp
US 72.14.185.43:80 hotelage.link tcp
US 8.8.8.8:53 hotelage.link udp
US 8.8.8.8:53 hotelage.link udp
US 8.8.8.8:53 43.185.14.72.in-addr.arpa udp
US 8.8.8.8:53 www1.hotelage.link udp
US 13.248.148.254:80 www1.hotelage.link tcp
US 8.8.8.8:53 380076.parkingcrew.net udp
US 8.8.8.8:53 380076.parkingcrew.net udp
NL 142.251.39.100:80 www.google.com tcp
NL 18.65.40.227:80 d38psrni17bvxu.cloudfront.net tcp
NL 142.250.179.194:443 partner46.googleadservices.com tcp
US 13.248.148.254:80 380076.parkingcrew.net tcp
NL 142.250.179.194:443 partner46.googleadservices.com udp
US 8.8.8.8:53 254.148.248.13.in-addr.arpa udp
NL 142.250.179.193:443 googlehosted.l.googleusercontent.com tcp
NL 142.250.179.193:443 googlehosted.l.googleusercontent.com tcp
NL 142.250.179.193:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 parking-crew.com udp
DE 185.53.179.30:443 parking-crew.com tcp
US 8.8.8.8:53 parking-crew.com udp
US 8.8.8.8:53 parking-crew.com udp
US 8.8.8.8:53 30.179.53.185.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.uber.com udp
US 34.98.127.226:443 www.uber.com tcp
US 8.8.8.8:53 cn-ecg.cfe.uber.com udp
US 8.8.8.8:53 cn-ecg.cfe.uber.com udp
US 34.98.127.226:443 cn-ecg.cfe.uber.com udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.127.98.34.in-addr.arpa udp
US 8.8.8.8:53 d3i4yxtzktqr9n.cloudfront.net udp
NL 18.65.40.207:443 d3i4yxtzktqr9n.cloudfront.net tcp
NL 18.65.40.207:443 d3i4yxtzktqr9n.cloudfront.net tcp
NL 18.65.40.207:443 d3i4yxtzktqr9n.cloudfront.net tcp
NL 18.65.40.207:443 d3i4yxtzktqr9n.cloudfront.net tcp
US 8.8.8.8:53 d3i4yxtzktqr9n.cloudfront.net udp
US 8.8.8.8:53 d3i4yxtzktqr9n.cloudfront.net udp
NL 18.65.40.207:443 d3i4yxtzktqr9n.cloudfront.net tcp
NL 18.65.40.207:443 d3i4yxtzktqr9n.cloudfront.net tcp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 d1a3f4spazzrp4.cloudfront.net udp
US 18.65.39.88:443 tags.tiqcdn.com tcp
US 8.8.8.8:53 dzfq4ouujrxm8.cloudfront.net udp
NL 52.222.137.62:443 d1a3f4spazzrp4.cloudfront.net tcp
US 8.8.8.8:53 d1a3f4spazzrp4.cloudfront.net udp
US 8.8.8.8:53 dzfq4ouujrxm8.cloudfront.net udp
NL 52.222.137.62:443 d1a3f4spazzrp4.cloudfront.net tcp
NL 52.222.137.62:443 d1a3f4spazzrp4.cloudfront.net tcp
NL 52.222.137.62:443 d1a3f4spazzrp4.cloudfront.net tcp
NL 52.222.137.62:443 d1a3f4spazzrp4.cloudfront.net tcp
US 8.8.8.8:53 d1a3f4spazzrp4.cloudfront.net udp
NL 52.222.137.62:443 d1a3f4spazzrp4.cloudfront.net tcp
US 8.8.8.8:53 207.40.65.18.in-addr.arpa udp
US 8.8.8.8:53 88.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 62.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
NL 157.240.201.15:443 connect.facebook.net tcp
US 8.8.8.8:53 analytics.twitter.com udp
NL 157.240.201.15:443 connect.facebook.net udp
US 8.8.8.8:53 s.twitter.com udp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 15.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 107.178.240.159:443 api-js.mixpanel.com tcp
US 8.8.8.8:53 api-js.mixpanel.com udp
NL 95.101.74.162:443 analytics.tiktok.com tcp
US 8.8.8.8:53 e35058.api12.akamaiedge.net udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 8.8.8.8:53 e35058.api12.akamaiedge.net udp
US 104.244.42.67:443 analytics.twitter.com tcp
US 104.244.42.67:443 analytics.twitter.com tcp
NL 216.58.214.2:443 googleads.g.doubleclick.net tcp
NL 216.58.214.2:443 googleads.g.doubleclick.net tcp
NL 52.222.136.109:443 d1ykf07e75w7ss.cloudfront.net tcp
NL 216.58.214.2:443 googleads.g.doubleclick.net tcp
NL 216.58.214.2:443 googleads.g.doubleclick.net tcp
NL 216.58.214.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 162.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 159.240.178.107.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 2.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 109.136.222.52.in-addr.arpa udp
US 8.8.8.8:53 67.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 157.240.247.35:443 www.facebook.com udp
US 8.8.8.8:53 www.uber-assets.com udp
US 8.8.8.8:53 s3-cloudinary-pin.map.fastly.net udp
US 151.101.2.104:443 s3-cloudinary-pin.map.fastly.net tcp
US 8.8.8.8:53 s3-cloudinary-pin.map.fastly.net udp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 zn_d0bfdqlqg9ciloh-uber.siteintercept.qualtrics.com udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
NL 142.250.102.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 104.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net udp
US 104.17.208.240:443 prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net tcp
US 8.8.8.8:53 prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.208.17.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\favicon[1].ico

MD5 e1c76d0b0ea7335e0e0106e5ac1125f5
SHA1 e45003897b26137bd1e9ba88a237f5c5669eb92a
SHA256 e4805c69184ae414aa88a6c478abee36e27b7e72e045365d81e6c44246808ec8
SHA512 15bf7c9e0a1d7ee6897b5e024f043eb07f75af1d9010e7bf1209d0440c2edc5fd1c4fd16c5e340c9a767ad2dd729e5a931d7979d163d83f0b59ea2541d83e013

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat

MD5 2d825e4c4c06fc56abc4f606797b3570
SHA1 ebb47a0b748a2441b5ffd1ccfdd9a20c1ee26933
SHA256 0672c60e13a76d98c95cf7d72fe657fdb26f8f50e15a2ef3568bcfdde72fcd4a
SHA512 77b09fb65feee503e68072221371ee2f0b11a0bca5df89f7e9b78c28911d5ffd810e41ac7b880b7c6cc5ca6e247b065e8cb9b74a69268e9331875bf92513d031

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

MD5 108b97b1ff7efbdb1aecce96d55ff2e5
SHA1 bb72b2e0c3d859fe5e821632307a32df331b55e1
SHA256 c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e
SHA512 e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

MD5 4769d2619a226768584676b367f312aa
SHA1 6ce55976ace175e52a94a24c4bbdc677761649e8
SHA256 072903537565e103bba852331e7de21ec3b0d5145014a1d28b2f8c8076d0ed44
SHA512 e6a74a6f958d29e2f381967813222e17e90c8aaa40868ffd82ebd2e6ae6980af94bcd4890621a8220941161192749007e20f7eca27e542da5e47795492fcb066

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 4391ed95f0a9b03d47a682c7829a886b
SHA1 df888670a7b396cc3621f5e32ea63cddfa8690e4
SHA256 063bea38714084f58fd26fbbc1ad271392147325daa3628f833c4d7c6302cee7
SHA512 73195423bf75e05f9c635612ae4d4105a0c96ba9524efb698abf9c1e75ead34545dfdd0287cb7f4aa36a9755d291e95615e33be028df66eb8f93da68718d0b8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 ad32aa47616da408c11598c338c55c28
SHA1 fa8d673203cd0f60297e8d79d3c0e8fbdd7bf5f7
SHA256 df8c7c79de024eda85d6154d61dd305c6a7ff5c9736c32e5ebee9a8aecff3cf2
SHA512 f01c954f1c42edf6c74e9f71bfa2baf4cc79d1ce9bce50425667f565734dc79632436821de49e3cf40e4551733a1332b54d0110b9a930de8926c94b244148353

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 cd2cf9e55cb00fe927cd220e071b5e8e
SHA1 5a02db4b600a6727770786e5e63201f410cce605
SHA256 bd360e0ae9a40d3f241d7f0bfd4d29e0de1af170815deb3cc90aa496606cff6e
SHA512 836714bafaa3e3f7f4abc9c7394c7d120836368d1a8a711481744dde27af0072fda2824759a5b82eaa43db4102652e1e3f5e09144628bd221550df9fb0557848

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6d80488c5dd6ea498504359376dcb232
SHA1 5f3840f3b9b4241cfa20e761bb6f7d92255ca9ff
SHA256 daf0edbfcee7392ce5f385f993e6568a6c1a3448d26421e64ecc2725782f579c
SHA512 c730f63ede1f63b84b7fd4d09715fd55483ce23b7efc198c23d439c4344cdba7c60f85840150b570758abac4a3a9f492856047212df64a98006c31b2cad13c4d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 e6d6224e6fd81ebee4fd5da0d0ea621d
SHA1 1a0309a056687ecf221e74efe3e3b5182cbefe60
SHA256 03bf6b3730add0a9039d03c55e829243734ee8611b7e66afb86580a6c33bfda3
SHA512 2be0f7d35b75ae9cf5bb5d4987ed459c71782645c76013a7e82e19fde3b8b70450f1d6548e8cf7d6e11d23dc6f7b3e15279e2f6a4e1a5306d57a782401f9cd54

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 b3a3e997a1ee1e1d11803d50a30b0b13
SHA1 3b0b868868a48f3ee7052ebf3c1823d5179229ce
SHA256 3f8305a738eb6140991a9e48bd6b0117951d18924a2ed86e17822e25264b56dc
SHA512 bbf288cb0ec6017d4435617d18eeb966bcf98caf777260ccb31b9436571710ae4f0229538d36d5ab1993e02a096b29c7c530c9e86fc5f6cae1a61ebe7b80ff7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 18253d2fa901eab7a8a525caa0e249c1
SHA1 6822673b3783883512dd5d7146fe338a8d87e3e6
SHA256 0d8e60952d6e4277438ba915f8e13c4b8d0897bbefcecb24c5370ae45ddeb6de
SHA512 48ffb7690c354a0826c2b89dc5ebaa9f86fc91b381e9609d9effcc239ca080a4dcbb7d37f13fc82b17f76df8ee8c32f64f1402baabaf528c5aa436376c5bf916

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\25639

MD5 77b31982a9ff73b964fb97017d017255
SHA1 4ea76f7709d792248ce4f7f8cbf83a84c987c905
SHA256 f109a8be1d0ea0ec5121d24a6f3e3031ff29207b453839844a9847bcf66f90f2
SHA512 1b4c3014101e2e3ceaaf642c7c7810c13e6436a7f89f3bb6d3b0bc1851e226b8cf72b180a6312f5341f40bb22246cdb1169775bc52757af2d9561600842d4511

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\22261

MD5 c3081ef29fcece225281d012fa956555
SHA1 e47b29d1c833aa8a3102698a13ccdca7a588b1eb
SHA256 151a09379d45b214a7e884bfc54a8c6ff4025cceef9b4ec7d8f4e7b280bae9e5
SHA512 75b1787da0c380f0c12ad171d04f70513cc858557ff23e4dd1c1c102eb534fdae4c6ae76462daa03fe8ecc17084ef910a04a6ddadf5c198979d5324c9ae3a97a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\18771

MD5 411591cd8fcedf9151eb3d4da9a1a980
SHA1 cf2404d96269e4a807f8f91ada0a86fb0912accf
SHA256 1192c53904bab271fd4df6ebd6c6eecf543dabafb5df6df465702c11df3607d4
SHA512 977ac11ba72cba1f207db76cff0b2e2f29cc1b0fe58f6708eb682a30a896dc9dc4b8abaf5ce142b72329375e65837d56733c3474ed51b90f2155c6cc244cb53b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\22868

MD5 838791bbe7414662ebbc8524cc4d0e76
SHA1 cc877ad12d4eda1cec868c1df1df5c820f1b4b09
SHA256 dd6095e574492eba95fb2b19cd002956a2083ec3d645d6db50bd398bda37914b
SHA512 cb4c459dbd5ca40176a185c1537374756a6d54a109c66879499332d7735367bd4c20e8b130ff58dec2890343f87c373a7cfde2294fc6dbbc1c041c163c28da1a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\22644

MD5 61d3c0587ed5a0b3202af43fb4bf246c
SHA1 5ceffd9014361e491488d54fd2715b2b90740963
SHA256 b9911413235c818e1dd2c6311a01194f0295e06e4d79f35efed09c5cbc025d32
SHA512 11abde1cda0bc7f3cdd8e14b83e8a7a1407098cb966539bd11ad13abc10251cdf724d72b7d13fb3d26514c11992e70ee2c37e73b298a2d259e224aac7c2d0406

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\25461

MD5 145ee96d80e65fef06fb1588ba7691a5
SHA1 b433f315380f5afdb773c6befb439604598e1d1e
SHA256 bd497d3d3a4fb425928f2cd3ab4ebc3bea93daf35ca6af4084c865823001a1d3
SHA512 111ca14d9d3f65176c29820840128e0352b602317fde832f4d00cceaaa4e57b3cd66ba943c96987df6e56491c852a1a5f3845c9d39301b8a4eb1112ac511a40c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 a3d4009946ef1f24297e77c7aeb884c4
SHA1 9c46cbedaf4095c2cf07988d1bf41c7f7cc913df
SHA256 9ee492bb724e3f88a09234d9640ca45f5b1b85b80fb4a03b4548f35c9c7c6142
SHA512 4e4405104442a93506045639cc59b8ba0729cac6894ec97dffe11e44a563f8851d6b1bb2bcafc9ade86c80538bbb965dbf076d3e0c296acb028d9f4686a38b9b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\7859

MD5 623cbe182f841078e79af27f0e7a59e1
SHA1 92e4b9a095dfbbf873a923f904eae4cc035b28b8
SHA256 fe693d1cf66f207db0979d78cebcad5773dad5eafc4e0fbd24b2d53fa1f1c0e3
SHA512 95042cbe5bb8906eea6f7250a7a2e788fc9654d360135fb467f383d2c103b7c14bf114a0929a11d77953964768e85f0e6141d6c41a8ad39ea43523bc8ce3e9e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\2293

MD5 a22e75e02b597d8d236966b5113058ac
SHA1 5467a8b1ac25508528cfcc4510126af2fd35fa76
SHA256 99cbc39681d3ad411d22ef5621ccb9eaadb360d0ad0e1a2cd884ff5788af112c
SHA512 8603e0a909cd88bf670c7822cd78d3b94e7a050517d33dcf149571038a46f52ea5717ae09f87ee8d814a8baf94528f0f6cb9559eb108fb2c96ee484cab0c6fba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\37A3415C3CF8476BC3808906997D940DC6E0076F

MD5 3b4a81ada38b78f881b862098b2b9fe6
SHA1 9758085c8d28ab1b16312aba47620ede5cbdfd6b
SHA256 97006d765e4667c03c228099b25ff9fbb60e3c7df411c62da1ad7ee199ee691d
SHA512 9abe06100b4bde7f5fc770e3b621911cdc8c62f107cbf30203900fbc1b5cba9940fcb36c577814d84783b83700dffe723cb231029dde6f256e34988d84c063f9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\956B8BD5AB4E974F92AA2F21C324822810CD4784

MD5 7c7d1e1684713171a0b2aaefdee4ffde
SHA1 9f803e498d73a320b05164683d8a4c2ca4cb0067
SHA256 ed458c1b1dd174e37b639dbd7c66f83b73439e851396e962758798b2803000c2
SHA512 0de2b98cbba36a582bd76565cde1633584ebc80dc5d2b7c35f32fada1ff59f4584fdc888d5b4bc2e9c980a328c6c0166e85d43926e4380e700f8cd9b3075e785

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\150576808B492B788E14E1357E663A0C0E5B3D66

MD5 67e68a3b81f03a634910c347e34a33f2
SHA1 4832b16b4d3b3f7b1a76b738a7c629450d904d5d
SHA256 0dcd44cfaa87458e4d473caffc80adcf1c90f797ba0f4c5d35f46b76bb411db7
SHA512 8254495b01fb750434e162f2cd10a2595b65642213995fe502433ee46d2999bb41debebd0e315cc4c6e44caaa97432af873af0a4322b7b555289bccf1f923976

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\EBFC6BFC7E450C116A3A0054361D52CFE88CE4D9

MD5 1e7081e29a4f9cd5aa5780d67a29f4fe
SHA1 e2d39296004195e482e4dadbd6cc192b23f47deb
SHA256 186f9db2d302f2fc822ead54fafaf19a088a14458efc6b63c5fb7a63ad52af9c
SHA512 4086fec65849bd45f2d4727955d2dd951b647093b925740faa70778a9f1710041f6fa87c0c33f735d8b308676f863bffaa8184446194af91fc7cc06864331eea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\005F38451B2191B0DAAF9503189CBFC2A8EEFA6F

MD5 fa920f0cfca47a4b30a1ee548637b415
SHA1 bce561b814b977748076a8e1b86f56fac1f52da5
SHA256 22d1c8af4806c58fb1656aaa3d2a276052cce580cbfdc757db5702156fb9243d
SHA512 eeb2d8a89d785120b36e08d58c7eb4f535e0e09bf4a636fc943a40023fd2a53e4d971296d12d4e285c935ef30871baea211d0ac18ec91b6bcbf0ea45b980ef7e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\30169

MD5 e0590e03798727a2cab845aec0d17f97
SHA1 c3445611eb1a6853f54f498171ba5746614206a1
SHA256 71e2ea653eea5db80635d6c111ab5a1c0eeb86b2419daf526ebef5fda584d7e6
SHA512 ec49cfa9b2b802b2ac776a423d92998db8f7cc035f935a0a0cae5993ab23b2d5e51b71458e012ed453d68e42d64539157e3922ad6d26bef95614ebbc7b43d8e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\16546

MD5 b1e06ae7e0b1616a92d606fcfc282ddf
SHA1 b4372f51eed3bdc3fe885d91af57c6cf5fc502d1
SHA256 28aafb646361a06dab53052c98045397ffed6c8f0951e47669a1ed36765c5235
SHA512 f717cd867b81cbe39f9a38784acef770c9e7289c39bff839c7a7f3cff05d1569dfc368d50df0976cfbbb8b9e741fe55fa86b1587dc6caf51b37778d2d74a6006

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\3259

MD5 08fdc1b23163b81fd60ca88cd4f15f08
SHA1 d5042a9298044644921309e4648fafdc5fec4148
SHA256 02ddbb13e783594d623a6a4287723caf49f9d984bff9812916b98b5406805e1f
SHA512 0742e4dfd9b78283cbf2defa8d3a249822fc0f14d61e37f691ff240e4a7b6592056a80c49195c75914defc71fbeb8b8db6885cc79e506634ed27fdc3cad219f2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\9678

MD5 9ea0594dba2592e34e18d447a543ace9
SHA1 3dd7df4d48757437679226064bc10226f0fa358d
SHA256 788f6f0b6334b9c5db6d25874b613349b04d81aec16344dfe42b55b39692c1eb
SHA512 f40a83ed5ad58bbaba1e40739acbd5273e72b25c76f9132fb26dd0c6cbdd1ae558329f4faf60cc65c05409d7be91178acf32cbef896e24077d11298f6177cc2c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\9229

MD5 ac3a92e074a85ec2ff8e3fa2357a52c7
SHA1 5295b69da851a44f6768cbf69c4c79d21856aebc
SHA256 a0a47361bdd196210e41cceb2d7a86d0262917cf4c6b04ef44ac4ce68c4fa7ea
SHA512 03275be409b08a46f8596ff8798787b1d47fad18e503613f00e7aff89990e47870ced56561f916c78cc83d65d1621d6b729f709c4851ed2968958c67f3ccd0e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\14313

MD5 0b755408759800c0efc5b5d559e85ec5
SHA1 9cce64b4a50b3fa1205bfb5b2b724263cd0b3d85
SHA256 c72275eb895727ec30d1f2a6bec802d9135f5bfc7b167d8ee0b4da7d03b27922
SHA512 7ed496a7291329acb5baea5c0b821e2b2f190c47bb2bc06962ee2550ee5094f4e4e23a50b3029dc5721fc50712a27a0c6207c2670817054880792eaa580fa358

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

MD5 f7353b59fccbe973392cbe51a1c3e97f
SHA1 6c10a873cc7d9a2dcdc7da93ec4213b77fef0052
SHA256 1e4448beac156bd4ab2b588899059b5226e279dacb13f13f7365ec47a9abe9de
SHA512 dc789b91c5ea66854d4958c93fa3f1f91857402ba453892fa592d2ce990ffb26dd45beb16bcc85aa13715f3ccb356dc6ff928e065629fbc348844faa67ee57c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\31493

MD5 e741a087a3c0c3d98b649b5c5a147080
SHA1 b1fdd0753de125bcece83586901f52f0e81e2b66
SHA256 b1ba067eb84dbd09cdba560955e6ea02db68ff06343f03e65c65016d34e4a509
SHA512 0e18907d6bbc0bfe7a5d3281e039908fccc405ab6c7d978df0762ea28106d5df2fbf564d944da5a656689db752ad716bd4877f34ead239a7559d5efff534a8b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\7187

MD5 435b5937a8b16be7ffe79c20afd57537
SHA1 4e1ea03601f4ab7bbca63ddf37744f0678054570
SHA256 6ff940391015f6d89142040e707c7c674f72c3c5e18b17407828020bf6180d56
SHA512 83b372dd22eb05ae63434c4311e745e524d45cd1e70429aad86079de583fa44ab685726e6a0a6340ba0122c4d45929d09e93dbbfaa8de1fec31f5881f57197ce

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\598E074FCA4864E621FD008D8C3E63B61A4ECBF6

MD5 f31f23e4f275b58d7d731c3d85f870b6
SHA1 393932101ff621d53092e3d9f2bfbe2191e68c8e
SHA256 75909dfcf86e3e3e4f97a7dba99cc6476d7204141cde6e5ba39397e1745edad8
SHA512 78bfc6e725202961af8ae9806554892a7e627fc345a0f871e9dfb881ad105cab24775bb49547753e49b96b1dc840bd0443d238106f09c99270b1de9ca843ff71