Analysis Overview
SHA256
a40d947d6a1d92c2789968ce0d2e6eb1734e248e2d30828c61a41f4ac840e8a0
Threat Level: Known bad
The file malware.zip was found to be: Known bad.
Malicious Activity Summary
XorDDoS payload
Blackmatter family
Xorddos family
XorDDoS
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Modifies registry class
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-05-13 04:32
Signatures
Blackmatter family
XorDDoS payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xorddos family
Analysis: behavioral1
Detonation Overview
Submitted
2023-05-13 04:32
Reported
2023-05-13 04:35
Platform
win10v2004-20230220-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
XorDDoS
XorDDoS payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.0.1880037598\1381793258" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {223faa83-7587-463d-a1ef-e26374faa4ba} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 1916 230e22cb958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.1.949113423\1228247246" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25ed5faa-d870-4fe7-9b68-91a9342ad4b8} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 2340 230d5375958 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.2.1908583248\809927801" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3156 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4afba61d-857b-42f8-8644-f8ddaa9fd525} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 2928 230e5fe0e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.3.1122406392\1778780589" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {106f5ee9-d4a7-497c-8826-91d51e2542dd} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 3524 230e65fbd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.4.1768971844\68559087" -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 4996 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ad45300-6378-4edf-bbe3-d6ae8fe21c5f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5008 230e65fb458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.5.295288550\1867290709" -childID 4 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cdd4eb6-f1ce-4c6b-b231-7c0d9174e580} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5024 230e8e27958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.6.1202086089\214591185" -childID 5 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16d874c9-3933-403c-a257-811dfd91771f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5316 230e8e28858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.7.1486551017\1602255354" -childID 6 -isForBrowser -prefsHandle 3144 -prefMapHandle 5796 -prefsLen 30339 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bb7d4d0-a78f-4338-8352-2b87732be438} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 3116 230ebee0758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.8.2118291094\1141982651" -parentBuildID 20221007134813 -prefsHandle 5872 -prefMapHandle 5908 -prefsLen 30339 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e12f8dcc-089b-4619-b810-cec274a7d6c2} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5932 230ed8f6d58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.9.449957220\1051787358" -childID 7 -isForBrowser -prefsHandle 6096 -prefMapHandle 6092 -prefsLen 30339 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dba6fb2d-03ab-478d-b8b6-95f6622e279e} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 6100 230ed553858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.11.2062470244\1509912449" -childID 9 -isForBrowser -prefsHandle 6968 -prefMapHandle 6964 -prefsLen 30339 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {005d3cc8-74b2-4293-8b51-e509bac1c8d4} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 6976 230ee8f3558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.10.207589613\622361803" -childID 8 -isForBrowser -prefsHandle 7020 -prefMapHandle 10348 -prefsLen 30339 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1602a674-87c9-4fc4-a021-f017051c228f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 7008 230ee4a8d58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.145.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:49744 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| N/A | 127.0.0.1:49750 | tcp | |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 239.237.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.100.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 54.212.210.58:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 55.65.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.210.212.54.in-addr.arpa | udp |
| US | 40.125.122.176:443 | tcp | |
| NL | 13.69.109.131:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 40.125.122.176:443 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.71:443 | r2---sn-5hneknee.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.71:443 | r2.sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.8.125.74.in-addr.arpa | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 40.125.122.176:443 | tcp | |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| DE | 172.217.23.206:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | anonfiles.com | udp |
| SE | 45.154.253.152:443 | anonfiles.com | tcp |
| US | 8.8.8.8:53 | anonfiles.com | udp |
| US | 8.8.8.8:53 | anonfiles.com | udp |
| US | 8.8.8.8:53 | vjs.zencdn.net | udp |
| US | 151.101.2.217:443 | vjs.zencdn.net | tcp |
| US | 8.8.8.8:53 | dualstack.osff.map.fastly.net | udp |
| US | 8.8.8.8:53 | dualstack.osff.map.fastly.net | udp |
| SE | 45.154.253.152:443 | anonfiles.com | tcp |
| SE | 45.154.253.152:443 | anonfiles.com | tcp |
| SE | 45.154.253.152:443 | anonfiles.com | tcp |
| SE | 45.154.253.152:443 | anonfiles.com | tcp |
| SE | 45.154.253.152:443 | anonfiles.com | tcp |
| US | 8.8.8.8:53 | djv99sxoqpv11.cloudfront.net | udp |
| NL | 13.227.211.177:443 | djv99sxoqpv11.cloudfront.net | tcp |
| US | 8.8.8.8:53 | djv99sxoqpv11.cloudfront.net | udp |
| US | 8.8.8.8:53 | djv99sxoqpv11.cloudfront.net | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.253.154.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.211.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | baconaces.pro | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | ketingefifortcaukt.info | udp |
| US | 8.8.8.8:53 | eallywasnothyca.info | udp |
| GB | 18.165.227.5:443 | ketingefifortcaukt.info | tcp |
| US | 172.64.198.35:443 | pogothere.xyz | tcp |
| US | 172.64.198.35:443 | pogothere.xyz | tcp |
| GB | 18.165.227.5:443 | ketingefifortcaukt.info | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 52.20.131.174:443 | baconaces.pro | tcp |
| US | 172.64.198.35:443 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | ketingefifortcaukt.info | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 172.67.167.7:443 | eallywasnothyca.info | tcp |
| US | 172.67.167.7:443 | eallywasnothyca.info | tcp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | ketingefifortcaukt.info | udp |
| US | 8.8.8.8:53 | baconaces.pro | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | eallywasnothyca.info | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | 35.198.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.131.20.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eallywasnothyca.info | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 172.67.167.7:443 | eallywasnothyca.info | udp |
| US | 8.8.8.8:53 | ntoftheusysianedt.info | udp |
| US | 8.8.8.8:53 | nowledconsideu.com | udp |
| NL | 52.222.139.62:443 | ntoftheusysianedt.info | tcp |
| US | 8.8.8.8:53 | ntoftheusysianedt.info | udp |
| US | 8.8.8.8:53 | nowledconsideu.com | udp |
| US | 54.162.51.18:443 | nowledconsideu.com | tcp |
| US | 8.8.8.8:53 | ntoftheusysianedt.info | udp |
| US | 8.8.8.8:53 | nowledconsideu.com | udp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 54.162.51.18:443 | nowledconsideu.com | tcp |
| NL | 157.240.201.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.167.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.51.162.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.201.240.157.in-addr.arpa | udp |
| US | 40.125.122.176:443 | tcp | |
| SE | 45.154.253.152:443 | anonfiles.com | tcp |
| US | 40.125.122.176:443 | tcp | |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| SE | 45.154.253.154:443 | api.anonfiles.com | tcp |
| SE | 45.154.253.154:443 | api.anonfiles.com | tcp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 8.8.8.8:53 | 154.253.154.45.in-addr.arpa | udp |
| US | 40.125.122.176:443 | tcp |
Files
C:\Users\Admin\Downloads\mJuihS22.elf.part
| MD5 | e7a3aa891e550834f9af4367a564e468 |
| SHA1 | 38962368d0b3ea97126372410b101a19c8130532 |
| SHA256 | 1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72 |
| SHA512 | 7f5257d7316a864f63ee2b8fed51f97d55ad1b5c1db458a93a57b0cfde0694ff186ef576f9e8c76c96721def61877a0072c51ca7bf5dc5b1dd0b097135c2e9da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js
| MD5 | f73e52d124620d05267ba934f3b312d3 |
| SHA1 | 34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30 |
| SHA256 | fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7 |
| SHA512 | 4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | fa03742b531d63ea9512a36e5cb41de0 |
| SHA1 | 6129d5f71f5fc21029614840a3b40a55b57f74a6 |
| SHA256 | c5b980ed2d6b41bdc65437697668482d390b33c5ba70808112ef6586b6b0db78 |
| SHA512 | cee43900629662b0a20ffbd2077c578d6f57fe5f5b5e20474f4e74117d2b27c45e87074ee1ad336e85b1ec922f906b52729fb2791be7d506617d76fc4a13f638 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | 220b99d53a9a97ecdf3aa32ce551a5d7 |
| SHA1 | 1f9c8350fab218c51982fedaa0346f6ed34a9885 |
| SHA256 | 1724abf0315b6c99cf133141e9c3a362f3f1c8be60e49a90948c3ee9ec144d32 |
| SHA512 | 77b3f9ba9fbd3617daae3a37b7c7196f4eecfee0388b227fcf583ba7fd7833692072a24c8f6803106e9647277a19bded8020a736117b8379e39aa5b739872125 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | 4a244d18e807cc0effbb550ac0f0737d |
| SHA1 | ee3dcaadd47488bb61d919f42da1b1a9c4322db4 |
| SHA256 | 0949d7971b6b914b0fd44a50728cdffc64a356839ebe7dc571ffc44d1b3e40ef |
| SHA512 | e6b2bf9d9f363242a8410c8aa4511f60e41ffcc145bda189d0d58b42f7292a0a2177cbc5f77fcfd5f1d5ea409021106a866c01006453f3c491370c9138c06cdf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f22c53f41e059d0e57df9fc5aab9d9fa |
| SHA1 | d36a467e07e8492097b905d2edc6cad6946fa25c |
| SHA256 | cef9d40baa61f27d992a4a0d22c886bc8cfe678992c567ace77c111fc740695b |
| SHA512 | 97397ec6e7eb2b4cd51f37c36852f69516ebf810aec17866f064daee6ec0646814df2692d794eec8a35af8a2df5daed1f49efc3afd645edc98c0169b6b76763a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | 81c177befb90e6e44731a27cb1b0bfa2 |
| SHA1 | 5ef9e2b6e8d0ef69d05ecf3cfd79bbae217cd394 |
| SHA256 | ae94b9c879c072950b94e8f07600013ba4d1848bdfc7302f2ead6730b0d5b226 |
| SHA512 | 7eb9121a2a59397dd1b5a44bd92f52e61e936538c7e5787315797d391c7dcc30f3dc30db91df347201b6c18d55b453a87d4e9b6c8d7aeb6d60478c90c184b678 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | b01fbe47a84e4b6fd80e775f8487a14d |
| SHA1 | e67e50c9021068ead82c1c10c2a9dd94181e8994 |
| SHA256 | 71042027975a2de4b90c521cb88b3690dc35f64e3ee03f061fedaf2a8e614b9d |
| SHA512 | 12872f8e7d0c16274692d2ac124ff38423fbac50e9af1f671b0c29893c7a940a5f767e8e1b6ba61008a08fb131d8bcd9ff1f1c58ff977268f276d2abaa89c562 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
| MD5 | 030bf5dfa33c434142f1504d01e04e52 |
| SHA1 | df0b68171d34722fa796c384b7b16c0c7239e7f8 |
| SHA256 | d90d014725e4aeca7bd2853a2818d5d2329ada4ec1c58eae0cc175db07c89a2c |
| SHA512 | f9c0d5145da0f1e08ac917b1adcf0aa2f3e0b062d03889dffbc242a9cf56b9d0b88a27f8c3da9013122b45a7d3de4afdd83abd84031d074dd7af571f382885e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
| MD5 | 25e99b004fe95e4664a11fbd866d931c |
| SHA1 | 8e74c1b78e0cb9f9a209556513c656c83420e1db |
| SHA256 | b98ffad2427a467b13b23e5d5ab9f41db853ed7b8135afcbdc57c264930bbe4e |
| SHA512 | 2a72bd353d410e40757c53056d2bab9ac621c56d05957d9ab12d1a7943c78a0f5638f9407869cc060b3e55d54f482fd800f70c12124d13477e29ba6b77cbadc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0fa0994fd56b97fd743108e7ab32e5ce |
| SHA1 | ed9073ad7dc81df2daab25bdcfec88712af38b0d |
| SHA256 | cb58be75bc8c80ee19b6cbabebe9c54d1ea575959c31c929614d4a28d303a11d |
| SHA512 | 40bee8dc82c2edca9461192a90d7e457fb7788b28818f89b97988719f023f914c91341a98a420a2eb6b2d6cc3e23da66c5ea6a921282c4f61d909de6af04964c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++anonfiles.com\cache\morgue\133\{e05c66f2-4bc5-470f-b27a-3682c06ab685}.final
| MD5 | 7509101d3b592c9336f130526a5dcc65 |
| SHA1 | b01f59b0e4326318c0c6d7b5c19e57093e11a31f |
| SHA256 | 7279a0d506c71496d08227fdaeef4d2503186298977186367cf631fa8e8eaa65 |
| SHA512 | 533f642b3a2e18bdd3f48d70cc134acb2b8d9881d24fc1f6dfd0cb9a68a3889ac232f36238be365a1144c27033a4f5a610dda4b15bef44a627cdb019bfe59e5a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\FC9BFF04A9FF358E96860503495881775379D2B3
| MD5 | 15102b0ece685526c14d2be1ad309d86 |
| SHA1 | 9c495c4b36cbeec1d8abf672c38e57e9190999a9 |
| SHA256 | 7349e9937d987fcb5b874388b48b81efca4ef9648704c423d9ab8ab839811c08 |
| SHA512 | 0ac4214ffe22b484e706681028a7f3fe38e88d18651067ec1f253a83af0becafc09ef9ea628a953f592dde2dace9df8e0f484288d6195a762419c921e327e82f |
Analysis: behavioral2
Detonation Overview
Submitted
2023-05-13 04:32
Reported
2023-05-13 04:35
Platform
win10v2004-20230220-en
Max time kernel
159s
Max time network
154s
Command Line
Signatures
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.0.1901702188\122195364" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46684a29-bde5-48f7-8d8e-7b0f71b176e0} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 1916 1de6a917758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.1.1682920787\652376600" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae4dae58-a951-4013-a40f-ea2f3ff00d9c} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 2340 1de5c976858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.2.143799209\1712176742" -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 3088 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {186278e0-9205-4560-a262-bbe30766e532} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3024 1de6d541d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.3.1987101318\1508845367" -childID 2 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a05c84dc-8c84-4e79-b2bf-3cf090d5f74e} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3836 1de6e868158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.4.1901121040\471220625" -childID 3 -isForBrowser -prefsHandle 4320 -prefMapHandle 4808 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {652cfefc-e36d-497d-944e-785b4d8390f5} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4820 1de7019a458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.6.269132464\2130403963" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {344b2986-d97d-4077-96dc-e9f632a3e27b} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5196 1de70837a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.5.1087314040\294354473" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e3d19ab-31fa-4385-86c5-3738b1372e70} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5044 1de701f8958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.7.380396309\832596087" -childID 6 -isForBrowser -prefsHandle 2992 -prefMapHandle 2740 -prefsLen 29055 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {110fe7cf-ae32-47d7-bd73-5d48873535ba} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4504 1de72d9e458 tab
Network
| Country | Destination | Domain | Proto |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| NL | 23.73.0.144:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 144.0.73.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:49741 | tcp | |
| N/A | 127.0.0.1:49747 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 239.237.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.226.253.107:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 209.100.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.253.226.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.117.34.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.73:443 | r4.sn-5hneknee.gvt1.com | tcp |
| NL | 74.125.8.73:443 | r4.sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | 73.8.125.74.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | anonfiles.com | udp |
| SE | 45.154.253.151:80 | anonfiles.com | tcp |
| SE | 45.154.253.151:80 | anonfiles.com | tcp |
| US | 8.8.8.8:53 | anonfiles.com | udp |
| US | 8.8.8.8:53 | anonfiles.com | udp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| US | 8.8.8.8:53 | 151.253.154.45.in-addr.arpa | udp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| SE | 45.154.253.151:443 | anonfiles.com | tcp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| SE | 45.154.253.154:443 | api.anonfiles.com | tcp |
| SE | 45.154.253.154:443 | api.anonfiles.com | tcp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 8.8.8.8:53 | 154.253.154.45.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | api.msn.com | tcp |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp |
Files
C:\Users\Admin\Downloads\9qcbGjdZ.elf.part
| MD5 | 3f9a28e8c057e7ea7ccf15a4db81f362 |
| SHA1 | 10d6d3c957facf06098771bf409b9593eea58c75 |
| SHA256 | 6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502 |
| SHA512 | 58a71aeac247d206f023ee29aff81026881e41d3fbd268f7513e3bcd951701a68502361dd717befa79a094eb9fc0caaa9f8770ba83f5c94a8acb9ae0986ee386 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 0e2edf0ad853c4a3d18a9d6595c90b63 |
| SHA1 | 36751e50326f4161e9f6429ac73eb1e0a4969c27 |
| SHA256 | 2eaf05f7db8f8fbf70af58228fd819dfba5ec3c5973b66c36dec59741a796ae8 |
| SHA512 | b1d0406ca9848d8c9f40ac0a78116ed368669e48c9a4cd169462c098d5b91e9328accd6c3faa50b60a9502e932e852338b9f14b0a653fe47c41ca8f2f10d7240 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
| MD5 | 207077fed406e49d74fa19116d2712aa |
| SHA1 | 3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee |
| SHA256 | b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58 |
| SHA512 | 0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
| MD5 | 74e0127ebf0e8194b5beed8bb68484b1 |
| SHA1 | b2f6797a2e610aa925075f14f9c1ecb03ed61951 |
| SHA256 | 91a34c43c56cdc2d40744fbaa86dc22bc0f9c4eb77aafec44010cd42e0c723ca |
| SHA512 | 7f10b2f5fcd3e3df9102c6e40754fe61daa153d8a9b8e2c38fc63606d145f48b810f46f61b362df21a7a911f31ad079c8c9acca2a63920aafb78b6e7b543c694 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
| MD5 | 16b226427e49e27ade9cf6fa073c946b |
| SHA1 | 137f1bd64e03b973adf3c990d180697b0a221315 |
| SHA256 | 7ef29973bc2cfa3c1e73f043aa6d04d550c2f36f334e5268cbf98be206217d27 |
| SHA512 | f3b47313c8c11838deb2a7a2a0303a72ee9380355d8982932f25d1249794639c0f0fb141ec2f769f457c268f3e99a3b95f2f0a79346389d429a4d4aab07a2ca6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 89937a7f83641d49fee457171b707988 |
| SHA1 | 3a2d186119333587cbd4f097895ad264645acfb2 |
| SHA256 | b3f721fe224b31b6df57d7ba236f88ce36e9feb7d97c664f94efcc6c6564d36d |
| SHA512 | 7795ba3ab1a95618cc524be2183dd94da7930d7e4e1b0c9312b8b111880195073fa2be43f8a91af21d8601115329a7b2b389cee834ce1e170905734bead0e2be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
| MD5 | 3c5d40ce73034644b6b6954e02860059 |
| SHA1 | 17f85a300a99d01c6690205244e864289cdea6ee |
| SHA256 | a0da87452df439100d4e6ecd29b0916034bef49f0651078ebbffc0665cf38d7f |
| SHA512 | 2fb09ad9d3a4212fe674bc4a281f5aea98bc2e3bbca1527c50a3b47f8fc70d9f46ab664f6b6351efb39ddfd5e7190ade9cda3ff4097122e5dcb003c95ce5013c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
| MD5 | beab5873383840f1a2c12aff4f8e49c3 |
| SHA1 | fa8fb9da6de4b669028590cde827cc0bf38fb78f |
| SHA256 | 1c27e7aed6fb6324b63d4db45443a7f2e6d7e14d558e1c84b281bf004c1c95e2 |
| SHA512 | 9283cb393db5a67cb3445dfdeb1fcbf1f7577b154c3370a96251beb4f5cf6fa1b885e951810b81c5d935b03386e3ae574bf016a21007bea6427117ada0774d5c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
| MD5 | 02b8d98345c40efcb9b0decfbbd8d495 |
| SHA1 | 2a2156f9921fb81e94299b58c943d64bf0a82822 |
| SHA256 | 9f674129679dcb5dabf3dcf0efc0dfc84acb3521cf9cc27a18b27fa81043212f |
| SHA512 | 380de5a210e69516715551fa5ca701b06f24f792af9b48b410ba90afa00506552c6dc0465b589589553ad91a26a912287ef29ac401e3640800a5493c59d79885 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
| MD5 | 415dd4105aaf2b813a315fe48a316330 |
| SHA1 | 89ce8a5dbd7a4eee36b38eaed05b53ae1d0f2b46 |
| SHA256 | a66a01bc5bed0e81fbd11b7f8b4feebb3b2f954e06c8584bbc2cbac7794ecc86 |
| SHA512 | 05fcc55be8f23336cecc67d6148b0b25b3b7d22b560b101804369fee2839c1aa5450e4576bfc4665f8b1f3db93664d25bdcf08254a6959c3f9cc8a9d52417641 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e74c1794e203bd509e916d8885b008e0 |
| SHA1 | 535865c4fc437054c85664418feac5340f7e24c7 |
| SHA256 | 5496505eccb0ff97b07f8282cd4acd0538111f72dca9b3f3743c489f37457731 |
| SHA512 | 0bf659adad0044469c45fe14f02d6e456fb59efcf08f8994a4b5599b25ae82c82bcdf0c377f270f2e1deefb3ae4b35288efbdb5ade770d9fad176f341b12cbf1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
| MD5 | b5f625f7d5879017c6d03c5c87c16fe4 |
| SHA1 | 23a2d2dac56bcfb0902b55adfd0ed855b8781a9c |
| SHA256 | d5207a335b12bb9d511cabb1ddfd9de2ed5bcb5e2b638d8474281db1ed9eb231 |
| SHA512 | 43bff62ec11139f66ae0866bcf82237f9e0838b3c87e9c518e7baf07c373ed29bc3c29a972a8d4c50d89b0fac61e7e84c31ef4065c3077022d37be61d5cd7c66 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\thumbnails\6c84335a2888e54e438a2c76e640d17b.png
| MD5 | bb74f4d2650bd512aff26203795c1f29 |
| SHA1 | 9a783bd059f9eb08150a4fc22c40635ad3817b08 |
| SHA256 | 5165d58502b761800d58a4ee30b82c778c2498ca1100612c9a9f23f069ec21b3 |
| SHA512 | 1f68380038b1afd376db1d816d9c15aa3ac1bcdca2679732591f46c98340a125c6c4911b720cc5d08184f2f032261ce3b54966fe1f26f76368a269c1cb2b20eb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\5171
| MD5 | 2c5bef7594a9794dd1343376f857cbb6 |
| SHA1 | 01324bc035f1b9b664ae5836452b4f5415f7fffb |
| SHA256 | 76f1216491ae67361298ad975fcb68a577c9808a90a406739d0089fdaeb6f9aa |
| SHA512 | df152427ae5ed0e4380d35c611ad67b0e34efb9ae4ad25d076c336b76452d1b39a2d2bee21e3d6ee216938995b4643e8321fbb4b73202a728d56bef78443d0d3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\19019
| MD5 | b05d97aa8f9354f6f980acecd88147e5 |
| SHA1 | ef20255d2eee4c99ea4773a9f699423e523bc79b |
| SHA256 | 894c3d6deee42eee7879b020daa088db4ee422d3d3f5a81d5b0730063a73697f |
| SHA512 | 2436dce47e6595addf24be3e74f140774a64dc88a269083b735bb559797c13eca3c76959172629439ccdc598237612bb561f4c41b834b00e58bae642fa0dc500 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\22408
| MD5 | cd724d134970cc7ec59fd011b5db6384 |
| SHA1 | b855a9fbd1fa13c14d534d10eea15a9d22dabf64 |
| SHA256 | 0d14b34289cda085c35597680daa0f971dd616148f7c167649965676adce82bd |
| SHA512 | dfefc770f106ed68bcdd1c65f05981e912d0cd9d0629d9609c8acc23ba501cc0447f179b0be6aa00b91071a9746715450d93db60534c62884782b21249ba5653 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\15877
| MD5 | 2217032a385800c2ee87906c41497b3b |
| SHA1 | deed6f7a2125fbf5228c56aef59892c685479834 |
| SHA256 | adfc4e3bccb1b1832701c397de00da45b210ec088309a4aaab248b444574dd38 |
| SHA512 | 7001ec5b393f12960d0bc5c08b57efdf5f5e5d6537930e44d5f37cac898e2ba71f6f09670d0450c7a61a3161ced353c61275b9156357989de03ebcefb922b86e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\9346
| MD5 | 649bbfc5e953e3e1a993fef63a6b89aa |
| SHA1 | d51f4d6602dd8a9cc382442f0e60140682b69f8e |
| SHA256 | 039c7cc1f0584f36635740d8987578600d67e1d1bd53d699e85de91d915cdc73 |
| SHA512 | 9fb9bff65faa42c7bcda64d73b353db4bb8a36a62347e7228934049c20663fee189b98a55cfda7497165ccfc6b6638a60b01a5d1d2f0391bd67693fe3866a52d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\2814
| MD5 | 7f4bb40a3dfe9fb9d3287661868eccd2 |
| SHA1 | 12d3471b38d907abfdeaa2ce049eecfbccfecbb8 |
| SHA256 | 8f62284930d828eb5c86268db2b8b952ec08dbc699f58535c61aca16c32c1a12 |
| SHA512 | e4ea308055d203a14821d1805ea9712a4c7c38aaac34959b616bad6b739d88894b5c6afa643ba1a5573ceebad441aa389ea2a8b56ca45c06f89dc5bb99862562 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25786
| MD5 | a7acda2edb9ce210b5227cfeb84608b8 |
| SHA1 | 52458be810953714f0b2b6074afedf31e4000d35 |
| SHA256 | 71b0685fa9acf913f7c15624aa9acaea6172c16aad212d0520f24b990a00a193 |
| SHA512 | e5f23a92cf7c81211f63f38e1c6f5d6269cea212ba4d969a1810fc26c138cdcf9af961ee884c4674f0738fe60b52e74552d5d926e83f1d65c01b3d092d3c61c0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25674
| MD5 | de4f020b60f62b90146b62857e628d15 |
| SHA1 | 6231f0b0341e210b72cbe69ba716f9b81dc4236a |
| SHA256 | d39662a43f44ecb9b3b8a4927baa7b60d80e486d9072c531a4d31f6061fca84a |
| SHA512 | 59a6a8592587e827a2ee94326efee2a6f4df193ba8279ee7c0680e4db71b49c7f87148671a3bf319232a09f6f339465b1dbc886188f8a4870fe9dc42c2c05699 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10591
| MD5 | d7b3ba93c09bb61faa552ff9f4ebae22 |
| SHA1 | 392e53e007aaef1531965e4fc6b4dd558dd64d5e |
| SHA256 | b4f3a960f09838412a40fe9a06194c6fcffb176358e556aa08ea82fae2618ad9 |
| SHA512 | 484e1d148346d4cb619521520e8ef9d0192796b4cb182c9e5f03448fc5bf1762451f75e39f910bfe547033fe2f45889ed56b8088b5f184403dbd03e20561ae4b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\7438
| MD5 | feca2a1e57bd5bb06b96c46ee004f67a |
| SHA1 | b86330e3d05fa7321f7d06fc04d83dd56a15b988 |
| SHA256 | d2c2398197ee0f6289e63ac37cca33837cb44b970adc13fbc71b342da76ec121 |
| SHA512 | 154e51cca0113a1badbc64651784b5324ea5ef9a7c4c9f118e32204702ea18f4e0edabedb7fa7b8937c1b79bb9f415d9dba738be531e330b9066bc59e8bd5bf3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8460
| MD5 | b625629a49821e3914d28b6125675a80 |
| SHA1 | de7fdfc859d5428b3fa49d669e3b8387f41bfe92 |
| SHA256 | 4492171711c473c7be6a5da7d5b091dd085c756c19513e3bde9c0a7b639dec49 |
| SHA512 | 6a63e6ffb08e7faa914c0921478da128f23e30350553ce2d60055adea1cf13ca3f8e669e17c6062da02009e042837de807f155727a901a79ca310117e1059fec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8011
| MD5 | 379de2aae4af47df99eebbb0a987d143 |
| SHA1 | 73d80df14e13efc5ff4d67703e9c801643e105b8 |
| SHA256 | a179c75da1e84eaa0c2b5500005c22f188a689f3c627ce0c9e4dbb957d0420ab |
| SHA512 | ad31dc5287f846e20e53de3a02f09db7fc76b1ef71d83b84d063c1e25a5e40063719b7b2704f962e965f3c232403ede7919a3019d6b48c2a3ae1d41bcb9bd66d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25259
| MD5 | 8e085971d8f39fc6f22d582515a645fc |
| SHA1 | a9cd59068502f87cfd9c308619c266245583792f |
| SHA256 | ed6a9b19cca7ae8dfb0bb6e1bd754d81f6c98e10d42e512205ed86be2aa63bbf |
| SHA512 | 06a487592eb48f3eec1483dc7abde02e627755eb843507f28ef2c6a4c815c7c73399c2e89f3c1b929caab1678d82ca5cc8b1e02febad11f4c3e5cfc1c28cafd9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\28862
| MD5 | 0ddbf3f53e0e4a1635a5bb08a14d77fc |
| SHA1 | a45886868cac0d2d63e61a37042b183ba5eefe21 |
| SHA256 | 4058009f7733d3419ac805ffeede1a7cf37242699068f93f803bbc2bc1e6a75d |
| SHA512 | 5c998f4e16abfe1516de86fb2726e1c86f28e738e9d236faf119410649860b698af409098f8f32e0c50ce9cc1aa2192717e76e1b1480955aec2990be07437030 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25596
| MD5 | 7413e62c2ab66ce2ddd15b7ea08ba5ca |
| SHA1 | e26900792d58caf4be1736f531e5b9149012fdae |
| SHA256 | 59544ec780455b972f2ea937aa153a4e0f3bbdc1e6936d15d3c5e54a699de182 |
| SHA512 | 467d118b9c01bd0dbefcd0a1d46e438160522ef8cf00f7f4af1e63b1d280700c9ee0c4b8743bc7cbf66eac249196304f47c257143cd03fa8d9c1f27d16ea177e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\9268
| MD5 | b15e707b439bf3f7f84f133207190c95 |
| SHA1 | f54f698e19a954ad9da4ac40fd2eaad7863d872b |
| SHA256 | 2da681e80e157ef22b950589a1699ecfba35fbe7138b182f2fa43fcb6aa7c3b1 |
| SHA512 | 35795abbfec3c5654e7eec0437ebc2a71fd3df58171a95146393020b75a29aad968d792f045d784a5ca2adac6391e8c1bec78e20b3f0d59ab56d60b597e38a96 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5f7bc22f677124146b16f0d96216ea4c |
| SHA1 | 22ab7a6045e17af6a5c922d56f77b161b7f9f6a3 |
| SHA256 | 58de6424ee080f55b08bcccef80c50b1411b47d3c3c7eda58e16a55b0c54dff8 |
| SHA512 | b8531690d6032820ffb41d230ccaffffddb7b189dad97ee4767efdff17c19ebaf09b2373dbb3182cdc6b82259e57413a7a537e88ea8cd8973136b75a256dac46 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\30921
| MD5 | 47df867fe8ed14bdb6e06bf37c688297 |
| SHA1 | c89e8b7badd37eb3ce2fe3120742e427928ae0c8 |
| SHA256 | 4771ccf22f07735fca7d6b7e6d8b098ea5c07af194e2d70ae447c56de2c3cde5 |
| SHA512 | a5bcea475a745deb3edf70af704a2123df60f9fdbd577db06caec55f7ee610c8f5dbc60cf2fcc1f49cf2d1616d6cf48bb7562126ee8d389df981032b661d196b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\11575
| MD5 | 48878c72f3b65e5fb45b4f7174f36bf4 |
| SHA1 | ab95fd8631d255ca1e87815e8280517e7ee613e8 |
| SHA256 | 25591682d5f1345efda0ad32ba05dd8f0c38140700eddea1e0cc56a1ec8bbb03 |
| SHA512 | 7b94eed3ddb4aeed6edaee6c02d9f1b7b675297656956dab17ec8e0935d53e1f6aec8394501b2ddc39aa6a14c76562fe2a1839d42a8d966617be7d5ba064a303 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\27791
| MD5 | 142d7dcc896ba11683b1eecbe2c25e2f |
| SHA1 | ec8715a9cf015ac74d635f25fef7ac57d5ca8f6f |
| SHA256 | e08f8c0c2a3cdf75e6d5ee16f00466f2cf4483f8ec19a2e5ae3579e8cf19ab5d |
| SHA512 | 60cd049ff58be32ea43c193bc552c4649021fba30dc92ebc0ebba25c1aebc7d4a1f4dae872a54d9a8d3885fa9b50273febed1986b2ddc00237c5befda8867ed7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24301
| MD5 | be432db915326db29f87fefbff92e05a |
| SHA1 | 82439dc3eb41dd3c925f135acd6897c9bad40833 |
| SHA256 | deb2bc545bfc0a1a4a955a56d0dbbdc20210152d727fc947bbd3993ee93d7fef |
| SHA512 | eb7042acd6c4ebc8142e1b7ec55fb45af4ae613e5171b9c1c994d7e27955ae882d11aa20b3af8575ffd4575a7bd52636a0f3c5c4439b2eb6cf7d755361de3753 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\1217
| MD5 | 82b13ab319ee2c9f3801105118c5c9cf |
| SHA1 | b2bdecf7f4f202968c03483a4eae45199547a22c |
| SHA256 | d2baded094f6bacd1423fb7c7758f08a20dbb25ed71f0f9d5a1de6e73c1f220e |
| SHA512 | 5280312a99e2a8e4d5a4a530dc71f78498bbc12eef8c0f1a37b53ded4220a14ffd96f4961ccdcf94da6b9f1b03acf8e4ab8fa14cbe579f8803f2a88bf9e0322b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\20811
| MD5 | 7d34b599a9a54c9201957a217c0708c6 |
| SHA1 | 8137632a9de085391017e76aa3338be332f39f3a |
| SHA256 | 426c4ef8767290eefacce4f1f15fe1522014624d48b6b6685153bae4934be624 |
| SHA512 | 2632117412a94121c4e02358c72b028e061bb0dcd6cefb0ccf658b603b6cba3d45badc04098fa5aba0267c4d561f7803eb51bc390cf37340c4c54c28f0e85ba3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10902
| MD5 | 724c9c51ba102e28cb143156b55d0be4 |
| SHA1 | fadfec070bb4a86f096d5b07d429fb6c742457f6 |
| SHA256 | 0ab4ab8a88900f8778b333a4fdbef8112950d0cd98b95b092d09ce7c6bbf42a4 |
| SHA512 | 8ed5a452957bbbf6420e8e2f55b711934495a74a948f8851ca10e996f55e47d84461bf5898d22b4e9ff153c6773cb49fbe95aae106db65394637456b2b066cb1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\32414
| MD5 | c2a5d16cdeefb0a57474e85ba288fb6e |
| SHA1 | 6e809dcf6c6af11971d5e668f985d0cf2e7089d5 |
| SHA256 | 8586432e802afb7125bdff305d591032a571c49399b3656f5c76ecbe017fe9da |
| SHA512 | 74728ec67f6170fc5ef39b773376f022d9de8ed769b69ee31b2750b4a13b16d0f61805a18a844d1135142ca3d989dde81bf2d6f9b114f594e5cd981dd4db7c4e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24537
| MD5 | 8f6b38259a191cd48dcbf9071ca1ca38 |
| SHA1 | 90b06dc98e1d6b52cb00312813e575175314b4cc |
| SHA256 | bf5cab6cb78eb92fd6a89df114eb109b57519203896b9da386857245740c7098 |
| SHA512 | 90cad75bb2395831fa1a4cae7e571d5bce59eed27a2d3935ca63ea7dfa700381c3ef08ddc2757443186018a3fae6566d8ae6f501535f42a50ccaf238460498b9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\13394
| MD5 | e89a8f8e05240ac51f7830c808d43fc1 |
| SHA1 | 3581b1c466e769298e6d6450fe9cd495afa38d31 |
| SHA256 | 3612e80710eba40088494e157813de9b8e1c7904ee6ba67c730556ed3a72c5f1 |
| SHA512 | 108427a497f31fc5b7e63a0a97dc0e620b81ed1cf00ace778260eff71a477f9e1ef8f87fc5a22248188058efdafb0ced1c45b1f802f56d470d04bfa7d3076cf7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8781
| MD5 | 40a9147751b941cd21f806deac80bdc9 |
| SHA1 | b5e4f075cbbb7153a166b9b8ea230fbc3f84181c |
| SHA256 | 2750db734ffccd2077a88f2d30d563f5a44bea4ccb9e280aa50052e8cce06449 |
| SHA512 | 0ab231a0cb0c457a2386176a30af3c6f76bc3bb8dda5aa30cad3a22fb82d21602431389a8bf02debf5091383398e3bbe7388a405b6a96a63d86eb7697a006deb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\20497
| MD5 | 848ea7fb92530d3f7fe59ee951358fb5 |
| SHA1 | 854421bf887a724a2e129c1498ca3ce1949e8a77 |
| SHA256 | a8ba55a53a80bf06532de0b99e153c7afa3bfa198371bc33eccf039f18088735 |
| SHA512 | d0674458d53961983fd756d0313c2c840802e1528414ee56f3d09cb3991638a1566384af85a904b9e0de3bdc522f9309a27b65f75be1deeb96afe0f40b6e9712 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\6089
| MD5 | 2f6589519592b5e5ec3dd84f81abc22c |
| SHA1 | e8e8b3782834f990d170b270c92c216e9f66518b |
| SHA256 | a7e2775039f6dd9d6372b5cd5be03e93b0fbc0e5b1c57653c3950fdeea162f53 |
| SHA512 | 0c89425f85bc8c6efd5399e8a293c52d9c1a5de1551ded801b68d26a7dc0b515092675df2c8004829149f5f4bd36f4e7523c322adf565c6008546b4f0aea2336 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\11273
| MD5 | f029b7aac626bb11128081a882a5de76 |
| SHA1 | 52ee020415a5226a4354d4810c14a841f3496519 |
| SHA256 | a1f84c55ae075c3c645b3c39a9c59c577adbe6b0e248b9cb557f2a2d72477377 |
| SHA512 | 1cd72bd0bdaef714a131d6f71dc308ee26638a3aab50603caeef59a8cdd8cf47bd916a83292ca03009ee656c12782ab927d40543559efdf472e0426d4f37feee |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16121
| MD5 | 0f40783fc4918a5ff21f437916993a60 |
| SHA1 | 2d4111e77773d6c5cab0533118fd56fcc1841e2c |
| SHA256 | 5a59d4c6fbf703fe751bc5861ca160878674e6e27ffaaa2817df5512c2bd70f2 |
| SHA512 | fe4dc6c077b1cd8db0784af75102fccfd10224b4abec9fc32f83f054cbd3fe6033806f7d59fe234e34873c9e7766aa6ab6fa3d9010298a9a26572d849849c094 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
| MD5 | 7560f2cb7d857af28d10727da86f4f20 |
| SHA1 | 4fdf7e74d79d8f1560ee7648d830c8a54448580d |
| SHA256 | a4318f925a750152e074118613188d8c3dd7f17b3aaf90ac7b6a49da8c3d19f6 |
| SHA512 | 910bff46ef920fdf37021378435ff44d3db9cb1c790febe0a5762d156187472f5504bbf33f0b1357715da27224020290d7abb6617feff588535411741725e3d2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 6b7e5c8463f11baddfe09f99f783726a |
| SHA1 | e753750d217b66e19747913c292532ebbb3a7290 |
| SHA256 | 9f5b17984de3d537de35120ecf0461405f351d4de59de377c2b90e4955699533 |
| SHA512 | 09c30d05cfc3cfbdcabdb4d74d053b0968ed8cc44de85677256c2825ceb0c06a1288608a26cb07163c54c498ea3bf6f1e8e06f2d44f47d989111e9a4259b9e7b |
Analysis: behavioral3
Detonation Overview
Submitted
2023-05-13 04:32
Reported
2023-05-13 04:35
Platform
win10v2004-20230220-en
Max time kernel
142s
Max time network
144s
Command Line
Signatures
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.0.1059580323\543490881" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3185805c-02f3-45e2-aede-a229e721097c} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 1908 2b29517f858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.1.1907087777\1252794" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 21628 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {909aa278-69c4-4a34-8fda-f4250fb3923f} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 2324 2b287174758 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.2.1462465561\1710858458" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 21711 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e346649-2232-4e48-990c-00fc6c86e315} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 3108 2b297ed9058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.3.1372208506\1773234891" -childID 2 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d56758-866a-4cc2-afa0-370a8ca2302f} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 3980 2b298ef7658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.4.1044876619\686627784" -childID 3 -isForBrowser -prefsHandle 4632 -prefMapHandle 4628 -prefsLen 26675 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b1c18be-f8a6-433a-ae43-bec1e18ef8bc} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 4644 2b29a49f458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.5.916476945\18744325" -childID 4 -isForBrowser -prefsHandle 4644 -prefMapHandle 4880 -prefsLen 26675 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecaa75b3-6af7-4286-9d18-4e1d6a67aeee} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 4892 2b29a4a0f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.6.95409635\138064847" -childID 5 -isForBrowser -prefsHandle 4824 -prefMapHandle 5024 -prefsLen 26675 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a138a5b-45fc-4b57-a736-fddcaab3f56a} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 4832 2b29a49f758 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:49740 | tcp | |
| N/A | 127.0.0.1:49750 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 54.212.210.58:443 | shavar.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 239.237.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.100.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.210.212.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 52.152.110.14:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.73:443 | r4.sn-5hneknee.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.73:443 | r4.sn-5hneknee.gvt1.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 73.8.125.74.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 62.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 34.117.121.53:443 | fennec-catalog-cdn.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | api.msn.com | tcp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | fennec-catalog-cdn.prod.mozaws.net | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js
| MD5 | 9971fa8fa89a208685d3e30835832fb5 |
| SHA1 | 5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300 |
| SHA256 | 13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084 |
| SHA512 | 02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 1072491703151a86df64a8e53d49ef62 |
| SHA1 | cb74d0d74456aab8fa9cb10aa8baae5dcdf6a736 |
| SHA256 | db5792f7ca7e4a2486fda23fa27649be65d65986b92e60c36698f7f44b4dca69 |
| SHA512 | 611ffe8643796cdb6edd61cc427b04060dbf40db3f896f5b3089c1719331e993c7638200adcbec5f5c6700a033fbc20f737aef8557b8364e45c887b002ad2f9d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
| MD5 | 79b0af6c5b377de00df0b7d53e00ff83 |
| SHA1 | 28953816b2f90106f4e42a2cc855adf55853bb23 |
| SHA256 | a6bcc2d8ec3e5181a1f7846a2fb655df44809387761c0f8606ab9bc879e6f012 |
| SHA512 | 2e9b90f6d689271c105fe09ae32e5c8c2c08deb78c0c620a05522c9c77955ad10601296956a02c02031ea321c09fd88bba45eb5c36ee76c239a8601b1d0cd08b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a429b09d289e32f16de7d35cd3b7e6b5 |
| SHA1 | d57aff9eee89d6e562855342d47d7274cbfcfa7f |
| SHA256 | 9b42cdeb62fa32220a93a5e90fb59df2132b1d0e18db7044c43abdbdef4cea67 |
| SHA512 | 6cf4a2ca84b8a76865060ab9a442812f79297f27f37fe8e629c383fd83f567dfe8eb494a25046fc2cdb40384950b937e506a67aad1b1cb9c829bb2ed3a0d117a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
| MD5 | edf549745a81a46258de5078e08da07d |
| SHA1 | 1b0eba1761d6882d23f66b8c0980dfb0421b5161 |
| SHA256 | 876013ab9e95f663d36a7b874b3a96012962d42fd693c89fbf7dc1e5d847a4fa |
| SHA512 | 4ad0d9d1bcd5d6e8bf61fbc9b8c019d2b0f4d3ca6989db93552174c3a363d18f85ecba10f04b04ef4ffa96b69ef8479984aae2993d9752d1bd7e019eb77e019a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
| MD5 | 3676df283d26fcd894a8cf1e1e631bd2 |
| SHA1 | e18478000b2d0c9f0e224ad0180b6fe1ba030af7 |
| SHA256 | 0a2fc5df62745fe7833662bdfa37a2655b46b660b00fe592bd3e3cf7daa91544 |
| SHA512 | adfbe70f140bee39e962d576de2e25245e04b0b45feff00023a1c6babb1236c73dec1c4e70358d61f2fda40cf41cf6951c941d4f4e191bb420e3aeb1a3572925 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
| MD5 | bb9e9df80ecf3be406f0d7618492bbec |
| SHA1 | cb15e1c26f78de0ddd7ae0ecec20ea19f8a9ca2c |
| SHA256 | 12a2ab853875a3cff232e2d60609bf681d8eaa9b01a3529e6c962213f0b64c97 |
| SHA512 | 5393a199bf7f84d9381a0df232e147620108ba0d0c464dbc45d7eb189fb5451dfd2f647c5055d3594edc7ad53f64285d65dcc0f5dc205d7f9c84e5512b5e596e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
| MD5 | e67a83dcb48c2068660b0d6df7b263a2 |
| SHA1 | 979ba55c8faf3d620b69ef48421fcb8c75c900d3 |
| SHA256 | a302d0866c4bcbc4950068da02246cc95440b9194d3d8e386101727f97710f54 |
| SHA512 | 32fc44af64149d5e7fcb5872709b9ba4a7066b7edc3701217ff6bc79698f3ca34b9101063ba10ab90836dc5c50c48c863688e95fc0aee427b635f5f064836365 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
| MD5 | 58e773cf5dd033feb0de665ea64e5ef6 |
| SHA1 | 751f6e0de223a25ff0a7b09ad14a6d9acfaac19b |
| SHA256 | 67db643d4ae26537e4295591495dc13a86a57d99e64d77d02470c1603bf1d137 |
| SHA512 | 597c355b1dde41969b27aa9fe1fa76e59267e7d1e5eb5f53ba5916fe4881fe31b4ef77a6193a292a6a86c1abd97b2e617df4a7100553bcd5b63db81263bb9101 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3c7f0e7c46003a9fc6fc439c62c3ec5c |
| SHA1 | 7f61caa3fa6f42d962cc3194df8f1ac0f4914878 |
| SHA256 | 511ff5ea67c05a8a4fa871fa3665655cdad418f1c86f88caac8c68ba06fc2bb7 |
| SHA512 | e39a34e451a401ad67cde5c94b07684d9c506e0284e0ade2f6d36db10979a6bfa1ddcd79e4900f52d7b2cdc7ccf41d8101d2d3234c98d281c91d004da1696ac2 |