Analysis Overview
SHA256
ab9af0639c182ec3720b0574ace5b13cad7318b6cba86eb79864d2888cebe59a
Threat Level: Known bad
The file W4LL3NG - Neo Games.rar was found to be: Known bad.
Malicious Activity Summary
Lumma family
Unsigned PE
Enumerates physical storage devices
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Checks processor information in registry
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-05-01 03:20
Signatures
Lumma family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-05-01 03:18
Reported
2023-05-01 03:32
Platform
win7-20230220-en
Max time kernel
57s
Max time network
99s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\W4LL3NG - Neo Games.rar"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\W4LL3NG - Neo Games.rar
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7109758,0x7fef7109768,0x7fef7109778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1472 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3684 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2472 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4020 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4052 --field-trial-handle=1248,i,10733520736920142869,3637041902989535902,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_1748_XRVZNATWHGFVDXFL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\580ae5c0-90e2-45df-b872-ff7d8468251c.tmp
| MD5 | 05040ef5c03bb7f0230cbfaacfdf61bd |
| SHA1 | dcf3f403f9fd8592e45322da2bf855a0480b94b0 |
| SHA256 | 342686554418659155d7ee218dbe8df1ddb66dbc8ec7938c355731bb8163fe4a |
| SHA512 | 52b4b7ea0ed6c5fd27fe163549613dfff42c30db4b728a716ee5690588a03a7e87021c3e6554dd9f93fab0179fc7ce5b3c41c331de1e08c595fdf24500c335b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36d7f6fe0734d9f7c967dcd94db0d9b1 |
| SHA1 | a3d7fdd72b537737e759ec6c292464da0325a957 |
| SHA256 | 45fa21f30aac014f95af377ce99bc9cc9ce02ee382a33b3e16cde5939fd391c1 |
| SHA512 | 02737fb91ec17d7d52f140336d0305cb6b4572c9af12c64d920e02c5a12b6bf37fe26c8a624d2badf588b12c1106043756273ab29943351b67367754b0bf6d51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f4b65a77135a7395e04493b603b1585e |
| SHA1 | d684e1471f5aec34569104a47c2be9a58114f8b8 |
| SHA256 | 76e07641620c2e7aa1b6a47d3ac18d463e5bf6c93de09239d6a2e65b42a8258e |
| SHA512 | d37865c44a90d49022edbbbc8e57830b85fdf5235a9389309019907123b300344f93fc70831a6fd974cbb6c588da5dbb4a5735c457a249c6a8421a0d93efeb52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d138a189-e1e5-44b2-822a-d790398669f8.tmp
| MD5 | c1fbc4f5416fd9bf4b0be71c2547b036 |
| SHA1 | 0fcaacf6f63501e8f10843ac9705df68a335b10a |
| SHA256 | b05e0e06e18fe6acd9cf38adb0d16c4484239a56d49ed23dc36b76f75eb08da5 |
| SHA512 | 3d0c60aa19dd33152dcaaa1f19909133fc94d6f542af8f506a0efcae7a753b374d21b516a39118e8c01cf771539959e04636876a532d298607f2888a95797c73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4269027b6e85ead54ceebf06c2516058 |
| SHA1 | 9d4e2d24ccb391355ad34ed36ae8827344a4caa1 |
| SHA256 | d96b86d582ee33769cd2531db26bd915ed4938cede5308d7d22ab5e3a1e20795 |
| SHA512 | 0cc9f59965853f97767edf3465afc50a4c8372b15fb1bccf3777bb45a40a8d3085f0157d1ec253d38155146de0800c9b85b6ea970d0eff36eaf0a5f641faa965 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6d7ea3.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-05-01 03:18
Reported
2023-05-01 03:32
Platform
win10v2004-20230220-en
Max time kernel
83s
Max time network
172s
Command Line
Signatures
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\.rar\ = "rar_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\rar_auto_file\shell\Read | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\rar_auto_file\shell\Read\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\.rar | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\rar_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\rar_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\rar_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\W4LL3NG - Neo Games.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\W4LL3NG - Neo Games.rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.0.1650326685\79113616" -parentBuildID 20221007134813 -prefsHandle 1812 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc8d939e-a628-494d-bf83-e902da6f5ce0} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 1932 1c317dece58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.1.1210432800\1029477723" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {957f9286-0833-45d3-9333-8ead40626429} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 2332 1c30ae71f58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.2.859440627\1259007722" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3144 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e681a34-2207-4db1-8b88-575473e55e37} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 3112 1c31b9f2b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.3.209428393\1520786065" -childID 2 -isForBrowser -prefsHandle 3432 -prefMapHandle 1136 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f75fd3a5-3cf4-4cc6-9b8a-0c1534f66ec5} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 1092 1c30ae65658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.4.61101957\961433198" -childID 3 -isForBrowser -prefsHandle 4172 -prefMapHandle 4168 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2a0f3a6-7d2a-4842-9393-57e2341c3710} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 4184 1c30ae5e558 tab
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.5.1512955805\1085645441" -childID 4 -isForBrowser -prefsHandle 3988 -prefMapHandle 4892 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c3d80fd-6351-4a41-9e0f-31c6a4a78ee9} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5040 1c31c99a658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.7.202131136\966109529" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5060 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7e6a02c-f1d2-4e81-90a2-321931a384cf} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5248 1c31e379858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.6.28654518\1034446093" -childID 5 -isForBrowser -prefsHandle 5048 -prefMapHandle 4924 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d461424a-7613-4385-b8bf-e16d7a6d6ea0} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 1652 1c31e37a758 tab
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F882B54E32E3BED6F36A3B953CE293ED --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F882B54E32E3BED6F36A3B953CE293ED --renderer-client-id=2 --mojo-platform-channel-handle=1680 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=40AFD539211B5AE49409FDB165EF2043 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.8.752083896\615301939" -childID 7 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68650ff3-41b2-48b3-88a1-1f92a8a73b9c} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5712 1c31955a458 tab
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B2152F22B5D0C5DCCDCE341972CE007E --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=27312E854C0714AC060DB6A765175FD0 --mojo-platform-channel-handle=2028 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=016196BBED9349846447EDDDF2DFF649 --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5B2F5563F86FC18193461A5330697A85 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5B2F5563F86FC18193461A5330697A85 --renderer-client-id=8 --mojo-platform-channel-handle=2388 --allow-no-sandbox-job /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.9.835155111\1781412236" -childID 8 -isForBrowser -prefsHandle 2776 -prefMapHandle 4876 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f7e8f31-0e95-4f39-a8c0-0b47edb67f31} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 4632 1c31a8b6558 tab
C:\Users\Admin\Downloads\winrar-x64-621.exe
"C:\Users\Admin\Downloads\winrar-x64-621.exe"
C:\Program Files\WinRAR\uninstall.exe
"C:\Program Files\WinRAR\uninstall.exe" /setup
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 151.101.1.229:443 | tcp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 20.189.173.5:443 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 40.125.122.176:443 | tcp | |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 40.125.122.176:443 | tcp | |
| NL | 8.238.177.126:80 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 40.125.122.176:443 | tcp | |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 54.149.234.21:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.237.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.9.241.35.in-addr.arpa | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.234.149.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.117.34.in-addr.arpa | udp |
| US | 35.241.9.150:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.112.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.238.32.23.in-addr.arpa | udp |
| US | 40.125.122.176:443 | tcp | |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| N/A | 127.0.0.1:49746 | tcp | |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:49753 | tcp | |
| US | 40.125.122.176:443 | tcp | |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | part-0040.t-0009.fdv2-t-msedge.net | udp |
| US | 8.8.8.8:53 | part-0040.t-0009.fdv2-t-msedge.net | udp |
| US | 13.107.237.68:443 | part-0040.t-0009.fdv2-t-msedge.net | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| HK | 20.205.115.81:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 8.8.8.8:53 | s.clarity.ms | udp |
| US | 8.8.8.8:53 | 68.237.107.13.in-addr.arpa | udp |
| US | 23.96.124.68:443 | s.clarity.ms | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 81.115.205.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.124.96.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | s.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com | udp |
| US | 40.125.122.176:443 | tcp | |
| US | 8.8.8.8:53 | s.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | s.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-c-sc.eastus.cloudapp.azure.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js
| MD5 | f73e52d124620d05267ba934f3b312d3 |
| SHA1 | 34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30 |
| SHA256 | fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7 |
| SHA512 | 4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | a6bb6fe314273a0ad8d75a5eb2547e00 |
| SHA1 | e7811e23349db8fd593ebc9b6deb7dcdc8c00cac |
| SHA256 | a6c541c69f4795beb533fd03829ba38b4ad0e75d2ef910cb730dfa6916c2f92e |
| SHA512 | b936bedb68f7801210e37aca93c405a14b29f1571d4fa66f73ca5d7f5367db32232e6e98ef018b07f3ef6b232fd968e953fcade6824015947166fa477e2c1491 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | 955ba81718cbe7280245ee9bd5b623d5 |
| SHA1 | c4b1ef81b2c09a080823e545da8f14e9e891d708 |
| SHA256 | 413028b462b8f3af578d4ee6db3baf6c6bee1fd306c2500dee83adeb24f89d2d |
| SHA512 | d4a9e78178b81b8302d9a5aba28b43cb4026d92819aac5805dbd898d93b25008099df7a73ab7676da99897826b5dcea6c45c0fa0adedc058d7c877ec0a5d1927 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | 6c88332781e383760ab779016cdb2be7 |
| SHA1 | 714fab3d898d6477d826cd876e6cb7e279a71c32 |
| SHA256 | 27fee15bca2568e83fcf656821cdcd8352a39b7b42860c7a836db79a00048ee4 |
| SHA512 | 97223d2a882848c4fa5d4e503918724158ad024876f8ee5e507c193332c66530b7536fbb54090fbccc4780d10c667944720da79ba464e3dba10a2d2b491861c1 |
memory/1252-240-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
memory/1252-246-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
memory/1252-247-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
memory/1252-264-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
memory/1252-265-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
memory/1252-271-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
memory/1252-270-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
memory/1252-269-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
memory/1252-266-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
memory/1252-263-0x0000020EB9270000-0x0000020EB9271000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3c10527a50d47998c87e6667cbbb8d68 |
| SHA1 | 5339539f3dd3f54d6d9f2dffef19b79969eac2b6 |
| SHA256 | a7d7f4c0c1fc0e4bcefa841fbb009e074d92813e1135deecc3a611401553eb79 |
| SHA512 | 737c66c602ab8c183e0291ae5414122c5e139aa62defed2c26f0351494af3fc1d22b023a280c5e074692d6ab186b70669568c65b4723465a3cfe6c3b9d571e85 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | bf606426e5b9b70fcfecb113b974e796 |
| SHA1 | d291af7b777e116dc9af7157f4af182d1b11205c |
| SHA256 | 7402ce1370d614436e13b44dc2a5b2096bb32a3beed76311105162f4c5277157 |
| SHA512 | 30dc64b7662ba610f3cbc25c796f599c641678af229e7ded0006c9f35039fbf70682cdf395636580fdf5444ba17ba0bc058caebc9572d45404c850bcbc8e1571 |
memory/1252-347-0x0000020EB1C70000-0x0000020EB1E1E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | b30d3becc8731792523d599d949e63f5 |
| SHA1 | 19350257e42d7aee17fb3bf139a9d3adb330fad4 |
| SHA256 | b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3 |
| SHA512 | 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | 752a1f26b18748311b691c7d8fc20633 |
| SHA1 | c1f8e83eebc1cc1e9b88c773338eb09ff82ab862 |
| SHA256 | 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131 |
| SHA512 | a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5 |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | cb590963d70debcf6243f2ec740b3fe9 |
| SHA1 | 72bafecfa71f8f0937c5ecd584a7ebe845bfb9ba |
| SHA256 | 9df8f8e7b62d54bd6d82ccce7a67b1ad757fdb64d2ac3a9676c24052d8a63f71 |
| SHA512 | d1ecafbbed7fc066be7ad5faa01ce48d29f5de369b07dd5395b42fa65ad073b252a981cb8968caa1638849267e7d91ff3e3bfc4e2a5f00d12834d0172b6b35f7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\A9D6D5BA392CDD19ADAD45FA50F5B7FE9C0472F6
| MD5 | fe759d82fd1ba93137a47cfafa12e3ed |
| SHA1 | d2ee62a27d6c93785ef096840bf5177f57c7dff1 |
| SHA256 | 867a4fa7accdc2d57c321e5246b0bde87432d0545818019021e5594140d6b478 |
| SHA512 | 81361d4e1960e681cf62db63e8c92aaab2c52a5cc9d4e2f08e509bb832ef3ec3bce9c83bff1010eb1897d69a38530c580c1cc3031cc085532bb3af71bd0d0f2f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\21673
| MD5 | 7870e935a853053fc35f07566408eb72 |
| SHA1 | d1457d076a7404b7bbe16600b1adf2d6e3ea6c73 |
| SHA256 | bcf3c27c7754c601ebe657f33e7f766c6b469450c376215f142f4e934f73d16e |
| SHA512 | c2951096b2de957c407061ff5fec0cecf22fd7e27294de80b834c999a7c94d38d866211158da96b902c7be96e26927d510199e18a348ff5eeec34df415ebdc37 |
memory/1312-638-0x000000000A7B0000-0x000000000AA5B000-memory.dmp
memory/1312-639-0x000000000A7B0000-0x000000000A8FD000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9e89c93e4eac4b22720e8c74996f1889 |
| SHA1 | 94463d86ee1263875634d28b730082ae80736788 |
| SHA256 | 97d9f614d5cc59030f1faeacaa8c5dd93aa070e44c55059adadf2b07fc1f3c17 |
| SHA512 | 20b8054db9cdf37afbcaf260f6d4829d51b9bbfdfd0ec721a22a19caffa62189cd201ade8307bd347d99aedc845baa0e7e95de63b55bd6e2280a38d6aa537f89 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\10375
| MD5 | f4aa9ce445854444b20dfa01859d885a |
| SHA1 | 54f9e9968ef2db2307a1d5f41719ab6ce200aaef |
| SHA256 | 90bdae7cd55b186dab67e53203900271ed6cf21e023ab6ab2a4f7754b0103707 |
| SHA512 | ea1baf8397f335f5803c90b5f22d5c4866032945bd4c4b66f3fa203794522e61fee80d32b6551db93a30a7b100ba21356105bc608b34382fc78dc6d05fc9facd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | 7796def92485289d20fbf43d78c8e3d8 |
| SHA1 | c73ed9f8e8ac57772be4190b2ecc035f77341cf4 |
| SHA256 | c8b3b837b49c2ec626386f86d1063260a13a6f62daa8172870d7531a8f0c8a98 |
| SHA512 | 79db5fcb34cf2c1a991112ea000f5c01122f62a2a2b34491297f152ea88c5724eda79b77aae5200dfa6b9505d9e5bf4c28a3bfd3323ab6d17af9f928a5088316 |
memory/1252-731-0x0000020EB1C70000-0x0000020EB1E1E000-memory.dmp
memory/1252-818-0x0000020EB1C70000-0x0000020EB1E1E000-memory.dmp
C:\Users\Admin\Downloads\winrar-x64-621.LMZvy9MY.exe.part
| MD5 | 766ac70b840c029689d3c065712cf46e |
| SHA1 | e54f4628076d81b36de97b01c098a2e7ba123663 |
| SHA256 | 06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219 |
| SHA512 | 49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | f130e8222b71bc0fb3b0137203706633 |
| SHA1 | 6adb51f5ebd8a316fd5e1a5243004c53d38ccae5 |
| SHA256 | 69f95433c33cf7085d09752b014422c051d6b9ea70e1eb3686cbde2f1b7c4a66 |
| SHA512 | 91ee20e6ab3732bb91a2554aa5cc6a8e5f775e2ee275ad450018fdc3188734326bbf18ae285ed38dcb9d0fe21928f6c0e92a6c1ed2258d4f2a3c51ecbd3bfcc9 |
C:\Users\Admin\Downloads\winrar-x64-621.exe
| MD5 | 766ac70b840c029689d3c065712cf46e |
| SHA1 | e54f4628076d81b36de97b01c098a2e7ba123663 |
| SHA256 | 06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219 |
| SHA512 | 49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608 |
C:\Users\Admin\Downloads\winrar-x64-621.exe
| MD5 | 766ac70b840c029689d3c065712cf46e |
| SHA1 | e54f4628076d81b36de97b01c098a2e7ba123663 |
| SHA256 | 06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219 |
| SHA512 | 49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608 |
C:\Program Files\WinRAR\Uninstall.exe
| MD5 | cac9723066062383778f37e9d64fd94e |
| SHA1 | 1cd78fc041d733f7eacdd447371c9dec25c7ef2c |
| SHA256 | e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad |
| SHA512 | 2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59 |
C:\Program Files\WinRAR\Uninstall.exe
| MD5 | cac9723066062383778f37e9d64fd94e |
| SHA1 | 1cd78fc041d733f7eacdd447371c9dec25c7ef2c |
| SHA256 | e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad |
| SHA512 | 2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59 |
C:\Program Files\WinRAR\uninstall.exe
| MD5 | cac9723066062383778f37e9d64fd94e |
| SHA1 | 1cd78fc041d733f7eacdd447371c9dec25c7ef2c |
| SHA256 | e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad |
| SHA512 | 2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59 |
C:\Program Files\WinRAR\WinRAR.exe
| MD5 | 46d15a70619d5e68415c8f22d5c81555 |
| SHA1 | 12ec96e89b0fd38c469546042e30452b070e337f |
| SHA256 | 2e503ad5a9c800f2dac2fed2b3e8698d96d25b219ed86ed1a54896232cbe4781 |
| SHA512 | 09446dc9d0c768844213f7f71ba65ee4e86b61d7a61610b63892d1b142952bdd346d14d27d878c026362e012e22fcb49c6746912d5e02db6b40223cafa6d01fb |
C:\Program Files\WinRAR\WhatsNew.txt
| MD5 | 4c88a040b31c4d144b44b0dc68fb2cc8 |
| SHA1 | bf473f5a5d3d8be6e5870a398212450580f8b37b |
| SHA256 | 6f1a005a0e5c765fcc68fe15f7ccd18667a6e583980e001ba7181aaaeed442b8 |
| SHA512 | e7f224a21d7c111b83775c778e6d9fa447e53809e0efd4f3ba99c7d6206036aa3dde9484248b244fb26789467559a40516c8e163d379e84dcf31ac84b4c5d2a8 |
C:\Program Files\WinRAR\Rar.txt
| MD5 | e51d9ff73c65b76ccd7cd09aeea99c3c |
| SHA1 | d4789310e9b7a4628154f21af9803e88e89e9b1b |
| SHA256 | 7456f489100ec876062d68d152081167ac00d45194b17af4a8dd53680acfc9bd |
| SHA512 | 57ab82d4a95d3b5d181c0ec1a1a1de56a4d6c83af5644032ff3af71e9bd8e13051ae274609bda8b336d70a99f2fba17331773694d7e98d4a7635f7b59651b77c |
C:\Program Files\WinRAR\WinRAR.chm
| MD5 | 381eae01a2241b8a4738b3c64649fbc0 |
| SHA1 | cc5944fde68ed622ebee2da9412534e5a44a7c9a |
| SHA256 | ad58f39f5d429b5a3726c4a8ee5ccada86d24273eebf2f6072ad1fb61ea82d6e |
| SHA512 | f7a8903ea38f2b62d6fa2cc755e0d972a14d00a2e1047e6e983902eff1d3a6bca98327c2b8ed47e46435d1156816e4b0d494726fce87b6cbe7722f5249889b88 |