Malware Analysis Report

2024-10-16 03:22

Sample ID 230513-e6cgqsfe46
Target malware.zip
SHA256 a40d947d6a1d92c2789968ce0d2e6eb1734e248e2d30828c61a41f4ac840e8a0
Tags
bab21ee475b52c0c9eb47d23ec9ba1d1 xorddos blackmatter botnet downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a40d947d6a1d92c2789968ce0d2e6eb1734e248e2d30828c61a41f4ac840e8a0

Threat Level: Known bad

The file malware.zip was found to be: Known bad.

Malicious Activity Summary

bab21ee475b52c0c9eb47d23ec9ba1d1 xorddos blackmatter botnet downloader

XorDDoS payload

Blackmatter family

Xorddos family

XorDDoS

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies registry class

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-05-13 04:32

Signatures

Blackmatter family

blackmatter

XorDDoS payload

Description Indicator Process Target
N/A N/A N/A N/A

Xorddos family

xorddos

Analysis: behavioral1

Detonation Overview

Submitted

2023-05-13 04:32

Reported

2023-05-13 04:35

Platform

win10v2004-20230220-en

Max time kernel

150s

Max time network

153s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf

Signatures

XorDDoS

botnet downloader xorddos

XorDDoS payload

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1732 wrote to memory of 620 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1732 wrote to memory of 620 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 620 wrote to memory of 4976 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4120 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4976 wrote to memory of 4972 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.0.1880037598\1381793258" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {223faa83-7587-463d-a1ef-e26374faa4ba} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 1916 230e22cb958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.1.949113423\1228247246" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25ed5faa-d870-4fe7-9b68-91a9342ad4b8} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 2340 230d5375958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.2.1908583248\809927801" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3156 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4afba61d-857b-42f8-8644-f8ddaa9fd525} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 2928 230e5fe0e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.3.1122406392\1778780589" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {106f5ee9-d4a7-497c-8826-91d51e2542dd} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 3524 230e65fbd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.4.1768971844\68559087" -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 4996 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ad45300-6378-4edf-bbe3-d6ae8fe21c5f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5008 230e65fb458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.5.295288550\1867290709" -childID 4 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cdd4eb6-f1ce-4c6b-b231-7c0d9174e580} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5024 230e8e27958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.6.1202086089\214591185" -childID 5 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16d874c9-3933-403c-a257-811dfd91771f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5316 230e8e28858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.7.1486551017\1602255354" -childID 6 -isForBrowser -prefsHandle 3144 -prefMapHandle 5796 -prefsLen 30339 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bb7d4d0-a78f-4338-8352-2b87732be438} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 3116 230ebee0758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.8.2118291094\1141982651" -parentBuildID 20221007134813 -prefsHandle 5872 -prefMapHandle 5908 -prefsLen 30339 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e12f8dcc-089b-4619-b810-cec274a7d6c2} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 5932 230ed8f6d58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.9.449957220\1051787358" -childID 7 -isForBrowser -prefsHandle 6096 -prefMapHandle 6092 -prefsLen 30339 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dba6fb2d-03ab-478d-b8b6-95f6622e279e} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 6100 230ed553858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.11.2062470244\1509912449" -childID 9 -isForBrowser -prefsHandle 6968 -prefMapHandle 6964 -prefsLen 30339 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {005d3cc8-74b2-4293-8b51-e509bac1c8d4} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 6976 230ee8f3558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4976.10.207589613\622361803" -childID 8 -isForBrowser -prefsHandle 7020 -prefMapHandle 10348 -prefsLen 30339 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1602a674-87c9-4fc4-a021-f017051c228f} 4976 "\\.\pipe\gecko-crash-server-pipe.4976" 7008 230ee4a8d58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 143.145.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
N/A 127.0.0.1:49744 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
N/A 127.0.0.1:49750 tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 209.100.149.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 54.212.210.58:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 8.8.8.8:53 58.210.212.54.in-addr.arpa udp
US 40.125.122.176:443 tcp
NL 13.69.109.131:443 tcp
US 93.184.221.240:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-5hneknee.gvt1.com udp
NL 74.125.8.71:443 r2---sn-5hneknee.gvt1.com tcp
US 8.8.8.8:53 r2.sn-5hneknee.gvt1.com udp
US 8.8.8.8:53 r2.sn-5hneknee.gvt1.com udp
NL 74.125.8.71:443 r2.sn-5hneknee.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 71.8.125.74.in-addr.arpa udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 34.117.121.53:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 34.117.121.53:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 34.117.121.53:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 34.117.121.53:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
DE 172.217.23.206:443 plus.l.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 anonfiles.com udp
SE 45.154.253.152:443 anonfiles.com tcp
US 8.8.8.8:53 anonfiles.com udp
US 8.8.8.8:53 anonfiles.com udp
US 8.8.8.8:53 vjs.zencdn.net udp
US 151.101.2.217:443 vjs.zencdn.net tcp
US 8.8.8.8:53 dualstack.osff.map.fastly.net udp
US 8.8.8.8:53 dualstack.osff.map.fastly.net udp
SE 45.154.253.152:443 anonfiles.com tcp
SE 45.154.253.152:443 anonfiles.com tcp
SE 45.154.253.152:443 anonfiles.com tcp
SE 45.154.253.152:443 anonfiles.com tcp
SE 45.154.253.152:443 anonfiles.com tcp
US 8.8.8.8:53 djv99sxoqpv11.cloudfront.net udp
NL 13.227.211.177:443 djv99sxoqpv11.cloudfront.net tcp
US 8.8.8.8:53 djv99sxoqpv11.cloudfront.net udp
US 8.8.8.8:53 djv99sxoqpv11.cloudfront.net udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 152.253.154.45.in-addr.arpa udp
US 8.8.8.8:53 217.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 177.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 baconaces.pro udp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 ketingefifortcaukt.info udp
US 8.8.8.8:53 eallywasnothyca.info udp
GB 18.165.227.5:443 ketingefifortcaukt.info tcp
US 172.64.198.35:443 pogothere.xyz tcp
US 172.64.198.35:443 pogothere.xyz tcp
GB 18.165.227.5:443 ketingefifortcaukt.info tcp
US 8.8.8.8:53 accounts.google.com udp
US 52.20.131.174:443 baconaces.pro tcp
US 172.64.198.35:443 pogothere.xyz udp
US 8.8.8.8:53 ketingefifortcaukt.info udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 172.67.167.7:443 eallywasnothyca.info tcp
US 172.67.167.7:443 eallywasnothyca.info tcp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 ketingefifortcaukt.info udp
US 8.8.8.8:53 baconaces.pro udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 eallywasnothyca.info udp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 35.198.64.172.in-addr.arpa udp
US 8.8.8.8:53 5.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 174.131.20.52.in-addr.arpa udp
US 8.8.8.8:53 eallywasnothyca.info udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 172.67.167.7:443 eallywasnothyca.info udp
US 8.8.8.8:53 ntoftheusysianedt.info udp
US 8.8.8.8:53 nowledconsideu.com udp
NL 52.222.139.62:443 ntoftheusysianedt.info tcp
US 8.8.8.8:53 ntoftheusysianedt.info udp
US 8.8.8.8:53 nowledconsideu.com udp
US 54.162.51.18:443 nowledconsideu.com tcp
US 8.8.8.8:53 ntoftheusysianedt.info udp
US 8.8.8.8:53 nowledconsideu.com udp
NL 157.240.201.35:443 www.facebook.com tcp
US 54.162.51.18:443 nowledconsideu.com tcp
NL 157.240.201.35:443 www.facebook.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 7.167.67.172.in-addr.arpa udp
US 8.8.8.8:53 62.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 18.51.162.54.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 40.125.122.176:443 tcp
SE 45.154.253.152:443 anonfiles.com tcp
US 40.125.122.176:443 tcp
US 8.8.8.8:53 api.anonfiles.com udp
SE 45.154.253.154:443 api.anonfiles.com tcp
SE 45.154.253.154:443 api.anonfiles.com tcp
US 8.8.8.8:53 api.anonfiles.com udp
US 8.8.8.8:53 api.anonfiles.com udp
US 8.8.8.8:53 154.253.154.45.in-addr.arpa udp
US 40.125.122.176:443 tcp

Files

C:\Users\Admin\Downloads\mJuihS22.elf.part

MD5 e7a3aa891e550834f9af4367a564e468
SHA1 38962368d0b3ea97126372410b101a19c8130532
SHA256 1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72
SHA512 7f5257d7316a864f63ee2b8fed51f97d55ad1b5c1db458a93a57b0cfde0694ff186ef576f9e8c76c96721def61877a0072c51ca7bf5dc5b1dd0b097135c2e9da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js

MD5 f73e52d124620d05267ba934f3b312d3
SHA1 34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30
SHA256 fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7
SHA512 4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp

MD5 fa03742b531d63ea9512a36e5cb41de0
SHA1 6129d5f71f5fc21029614840a3b40a55b57f74a6
SHA256 c5b980ed2d6b41bdc65437697668482d390b33c5ba70808112ef6586b6b0db78
SHA512 cee43900629662b0a20ffbd2077c578d6f57fe5f5b5e20474f4e74117d2b27c45e87074ee1ad336e85b1ec922f906b52729fb2791be7d506617d76fc4a13f638

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 220b99d53a9a97ecdf3aa32ce551a5d7
SHA1 1f9c8350fab218c51982fedaa0346f6ed34a9885
SHA256 1724abf0315b6c99cf133141e9c3a362f3f1c8be60e49a90948c3ee9ec144d32
SHA512 77b3f9ba9fbd3617daae3a37b7c7196f4eecfee0388b227fcf583ba7fd7833692072a24c8f6803106e9647277a19bded8020a736117b8379e39aa5b739872125

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 4a244d18e807cc0effbb550ac0f0737d
SHA1 ee3dcaadd47488bb61d919f42da1b1a9c4322db4
SHA256 0949d7971b6b914b0fd44a50728cdffc64a356839ebe7dc571ffc44d1b3e40ef
SHA512 e6b2bf9d9f363242a8410c8aa4511f60e41ffcc145bda189d0d58b42f7292a0a2177cbc5f77fcfd5f1d5ea409021106a866c01006453f3c491370c9138c06cdf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f22c53f41e059d0e57df9fc5aab9d9fa
SHA1 d36a467e07e8492097b905d2edc6cad6946fa25c
SHA256 cef9d40baa61f27d992a4a0d22c886bc8cfe678992c567ace77c111fc740695b
SHA512 97397ec6e7eb2b4cd51f37c36852f69516ebf810aec17866f064daee6ec0646814df2692d794eec8a35af8a2df5daed1f49efc3afd645edc98c0169b6b76763a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 81c177befb90e6e44731a27cb1b0bfa2
SHA1 5ef9e2b6e8d0ef69d05ecf3cfd79bbae217cd394
SHA256 ae94b9c879c072950b94e8f07600013ba4d1848bdfc7302f2ead6730b0d5b226
SHA512 7eb9121a2a59397dd1b5a44bd92f52e61e936538c7e5787315797d391c7dcc30f3dc30db91df347201b6c18d55b453a87d4e9b6c8d7aeb6d60478c90c184b678

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 b01fbe47a84e4b6fd80e775f8487a14d
SHA1 e67e50c9021068ead82c1c10c2a9dd94181e8994
SHA256 71042027975a2de4b90c521cb88b3690dc35f64e3ee03f061fedaf2a8e614b9d
SHA512 12872f8e7d0c16274692d2ac124ff38423fbac50e9af1f671b0c29893c7a940a5f767e8e1b6ba61008a08fb131d8bcd9ff1f1c58ff977268f276d2abaa89c562

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

MD5 030bf5dfa33c434142f1504d01e04e52
SHA1 df0b68171d34722fa796c384b7b16c0c7239e7f8
SHA256 d90d014725e4aeca7bd2853a2818d5d2329ada4ec1c58eae0cc175db07c89a2c
SHA512 f9c0d5145da0f1e08ac917b1adcf0aa2f3e0b062d03889dffbc242a9cf56b9d0b88a27f8c3da9013122b45a7d3de4afdd83abd84031d074dd7af571f382885e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

MD5 25e99b004fe95e4664a11fbd866d931c
SHA1 8e74c1b78e0cb9f9a209556513c656c83420e1db
SHA256 b98ffad2427a467b13b23e5d5ab9f41db853ed7b8135afcbdc57c264930bbe4e
SHA512 2a72bd353d410e40757c53056d2bab9ac621c56d05957d9ab12d1a7943c78a0f5638f9407869cc060b3e55d54f482fd800f70c12124d13477e29ba6b77cbadc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0fa0994fd56b97fd743108e7ab32e5ce
SHA1 ed9073ad7dc81df2daab25bdcfec88712af38b0d
SHA256 cb58be75bc8c80ee19b6cbabebe9c54d1ea575959c31c929614d4a28d303a11d
SHA512 40bee8dc82c2edca9461192a90d7e457fb7788b28818f89b97988719f023f914c91341a98a420a2eb6b2d6cc3e23da66c5ea6a921282c4f61d909de6af04964c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++anonfiles.com\cache\morgue\133\{e05c66f2-4bc5-470f-b27a-3682c06ab685}.final

MD5 7509101d3b592c9336f130526a5dcc65
SHA1 b01f59b0e4326318c0c6d7b5c19e57093e11a31f
SHA256 7279a0d506c71496d08227fdaeef4d2503186298977186367cf631fa8e8eaa65
SHA512 533f642b3a2e18bdd3f48d70cc134acb2b8d9881d24fc1f6dfd0cb9a68a3889ac232f36238be365a1144c27033a4f5a610dda4b15bef44a627cdb019bfe59e5a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\FC9BFF04A9FF358E96860503495881775379D2B3

MD5 15102b0ece685526c14d2be1ad309d86
SHA1 9c495c4b36cbeec1d8abf672c38e57e9190999a9
SHA256 7349e9937d987fcb5b874388b48b81efca4ef9648704c423d9ab8ab839811c08
SHA512 0ac4214ffe22b484e706681028a7f3fe38e88d18651067ec1f253a83af0becafc09ef9ea628a953f592dde2dace9df8e0f484288d6195a762419c921e327e82f

Analysis: behavioral2

Detonation Overview

Submitted

2023-05-13 04:32

Reported

2023-05-13 04:35

Platform

win10v2004-20230220-en

Max time kernel

159s

Max time network

154s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf

Signatures

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2076 wrote to memory of 2232 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2076 wrote to memory of 2232 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2232 wrote to memory of 3956 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 1284 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 1284 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3956 wrote to memory of 1148 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.0.1901702188\122195364" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46684a29-bde5-48f7-8d8e-7b0f71b176e0} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 1916 1de6a917758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.1.1682920787\652376600" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae4dae58-a951-4013-a40f-ea2f3ff00d9c} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 2340 1de5c976858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.2.143799209\1712176742" -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 3088 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {186278e0-9205-4560-a262-bbe30766e532} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3024 1de6d541d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.3.1987101318\1508845367" -childID 2 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a05c84dc-8c84-4e79-b2bf-3cf090d5f74e} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 3836 1de6e868158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.4.1901121040\471220625" -childID 3 -isForBrowser -prefsHandle 4320 -prefMapHandle 4808 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {652cfefc-e36d-497d-944e-785b4d8390f5} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4820 1de7019a458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.6.269132464\2130403963" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {344b2986-d97d-4077-96dc-e9f632a3e27b} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5196 1de70837a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.5.1087314040\294354473" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e3d19ab-31fa-4385-86c5-3738b1372e70} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 5044 1de701f8958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3956.7.380396309\832596087" -childID 6 -isForBrowser -prefsHandle 2992 -prefMapHandle 2740 -prefsLen 29055 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {110fe7cf-ae32-47d7-bd73-5d48873535ba} 3956 "\\.\pipe\gecko-crash-server-pipe.3956" 4504 1de72d9e458 tab

Network

Country Destination Domain Proto
US 52.152.110.14:443 tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
NL 23.73.0.144:443 assets.msn.com tcp
US 8.8.8.8:53 144.0.73.23.in-addr.arpa udp
N/A 127.0.0.1:49741 tcp
N/A 127.0.0.1:49747 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.226.253.107:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 209.100.149.34.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 107.253.226.44.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-5hneknee.gvt1.com udp
US 8.8.8.8:53 r4.sn-5hneknee.gvt1.com udp
US 8.8.8.8:53 r4.sn-5hneknee.gvt1.com udp
NL 74.125.8.73:443 r4.sn-5hneknee.gvt1.com tcp
NL 74.125.8.73:443 r4.sn-5hneknee.gvt1.com udp
US 8.8.8.8:53 73.8.125.74.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 anonfiles.com udp
SE 45.154.253.151:80 anonfiles.com tcp
SE 45.154.253.151:80 anonfiles.com tcp
US 8.8.8.8:53 anonfiles.com udp
US 8.8.8.8:53 anonfiles.com udp
SE 45.154.253.151:443 anonfiles.com tcp
US 8.8.8.8:53 151.253.154.45.in-addr.arpa udp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 52.152.110.14:443 tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
SE 45.154.253.151:443 anonfiles.com tcp
US 8.8.8.8:53 api.anonfiles.com udp
US 8.8.8.8:53 api.anonfiles.com udp
SE 45.154.253.154:443 api.anonfiles.com tcp
SE 45.154.253.154:443 api.anonfiles.com tcp
US 8.8.8.8:53 api.anonfiles.com udp
US 8.8.8.8:53 154.253.154.45.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 93.184.220.29:80 tcp
US 93.184.220.29:80 tcp
US 93.184.221.240:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp

Files

C:\Users\Admin\Downloads\9qcbGjdZ.elf.part

MD5 3f9a28e8c057e7ea7ccf15a4db81f362
SHA1 10d6d3c957facf06098771bf409b9593eea58c75
SHA256 6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502
SHA512 58a71aeac247d206f023ee29aff81026881e41d3fbd268f7513e3bcd951701a68502361dd717befa79a094eb9fc0caaa9f8770ba83f5c94a8acb9ae0986ee386

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

MD5 0e2edf0ad853c4a3d18a9d6595c90b63
SHA1 36751e50326f4161e9f6429ac73eb1e0a4969c27
SHA256 2eaf05f7db8f8fbf70af58228fd819dfba5ec3c5973b66c36dec59741a796ae8
SHA512 b1d0406ca9848d8c9f40ac0a78116ed368669e48c9a4cd169462c098d5b91e9328accd6c3faa50b60a9502e932e852338b9f14b0a653fe47c41ca8f2f10d7240

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

MD5 207077fed406e49d74fa19116d2712aa
SHA1 3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee
SHA256 b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58
SHA512 0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

MD5 74e0127ebf0e8194b5beed8bb68484b1
SHA1 b2f6797a2e610aa925075f14f9c1ecb03ed61951
SHA256 91a34c43c56cdc2d40744fbaa86dc22bc0f9c4eb77aafec44010cd42e0c723ca
SHA512 7f10b2f5fcd3e3df9102c6e40754fe61daa153d8a9b8e2c38fc63606d145f48b810f46f61b362df21a7a911f31ad079c8c9acca2a63920aafb78b6e7b543c694

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

MD5 16b226427e49e27ade9cf6fa073c946b
SHA1 137f1bd64e03b973adf3c990d180697b0a221315
SHA256 7ef29973bc2cfa3c1e73f043aa6d04d550c2f36f334e5268cbf98be206217d27
SHA512 f3b47313c8c11838deb2a7a2a0303a72ee9380355d8982932f25d1249794639c0f0fb141ec2f769f457c268f3e99a3b95f2f0a79346389d429a4d4aab07a2ca6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 89937a7f83641d49fee457171b707988
SHA1 3a2d186119333587cbd4f097895ad264645acfb2
SHA256 b3f721fe224b31b6df57d7ba236f88ce36e9feb7d97c664f94efcc6c6564d36d
SHA512 7795ba3ab1a95618cc524be2183dd94da7930d7e4e1b0c9312b8b111880195073fa2be43f8a91af21d8601115329a7b2b389cee834ce1e170905734bead0e2be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

MD5 3c5d40ce73034644b6b6954e02860059
SHA1 17f85a300a99d01c6690205244e864289cdea6ee
SHA256 a0da87452df439100d4e6ecd29b0916034bef49f0651078ebbffc0665cf38d7f
SHA512 2fb09ad9d3a4212fe674bc4a281f5aea98bc2e3bbca1527c50a3b47f8fc70d9f46ab664f6b6351efb39ddfd5e7190ade9cda3ff4097122e5dcb003c95ce5013c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

MD5 beab5873383840f1a2c12aff4f8e49c3
SHA1 fa8fb9da6de4b669028590cde827cc0bf38fb78f
SHA256 1c27e7aed6fb6324b63d4db45443a7f2e6d7e14d558e1c84b281bf004c1c95e2
SHA512 9283cb393db5a67cb3445dfdeb1fcbf1f7577b154c3370a96251beb4f5cf6fa1b885e951810b81c5d935b03386e3ae574bf016a21007bea6427117ada0774d5c

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

MD5 02b8d98345c40efcb9b0decfbbd8d495
SHA1 2a2156f9921fb81e94299b58c943d64bf0a82822
SHA256 9f674129679dcb5dabf3dcf0efc0dfc84acb3521cf9cc27a18b27fa81043212f
SHA512 380de5a210e69516715551fa5ca701b06f24f792af9b48b410ba90afa00506552c6dc0465b589589553ad91a26a912287ef29ac401e3640800a5493c59d79885

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

MD5 415dd4105aaf2b813a315fe48a316330
SHA1 89ce8a5dbd7a4eee36b38eaed05b53ae1d0f2b46
SHA256 a66a01bc5bed0e81fbd11b7f8b4feebb3b2f954e06c8584bbc2cbac7794ecc86
SHA512 05fcc55be8f23336cecc67d6148b0b25b3b7d22b560b101804369fee2839c1aa5450e4576bfc4665f8b1f3db93664d25bdcf08254a6959c3f9cc8a9d52417641

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e74c1794e203bd509e916d8885b008e0
SHA1 535865c4fc437054c85664418feac5340f7e24c7
SHA256 5496505eccb0ff97b07f8282cd4acd0538111f72dca9b3f3743c489f37457731
SHA512 0bf659adad0044469c45fe14f02d6e456fb59efcf08f8994a4b5599b25ae82c82bcdf0c377f270f2e1deefb3ae4b35288efbdb5ade770d9fad176f341b12cbf1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

MD5 b5f625f7d5879017c6d03c5c87c16fe4
SHA1 23a2d2dac56bcfb0902b55adfd0ed855b8781a9c
SHA256 d5207a335b12bb9d511cabb1ddfd9de2ed5bcb5e2b638d8474281db1ed9eb231
SHA512 43bff62ec11139f66ae0866bcf82237f9e0838b3c87e9c518e7baf07c373ed29bc3c29a972a8d4c50d89b0fac61e7e84c31ef4065c3077022d37be61d5cd7c66

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\thumbnails\6c84335a2888e54e438a2c76e640d17b.png

MD5 bb74f4d2650bd512aff26203795c1f29
SHA1 9a783bd059f9eb08150a4fc22c40635ad3817b08
SHA256 5165d58502b761800d58a4ee30b82c778c2498ca1100612c9a9f23f069ec21b3
SHA512 1f68380038b1afd376db1d816d9c15aa3ac1bcdca2679732591f46c98340a125c6c4911b720cc5d08184f2f032261ce3b54966fe1f26f76368a269c1cb2b20eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\5171

MD5 2c5bef7594a9794dd1343376f857cbb6
SHA1 01324bc035f1b9b664ae5836452b4f5415f7fffb
SHA256 76f1216491ae67361298ad975fcb68a577c9808a90a406739d0089fdaeb6f9aa
SHA512 df152427ae5ed0e4380d35c611ad67b0e34efb9ae4ad25d076c336b76452d1b39a2d2bee21e3d6ee216938995b4643e8321fbb4b73202a728d56bef78443d0d3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\19019

MD5 b05d97aa8f9354f6f980acecd88147e5
SHA1 ef20255d2eee4c99ea4773a9f699423e523bc79b
SHA256 894c3d6deee42eee7879b020daa088db4ee422d3d3f5a81d5b0730063a73697f
SHA512 2436dce47e6595addf24be3e74f140774a64dc88a269083b735bb559797c13eca3c76959172629439ccdc598237612bb561f4c41b834b00e58bae642fa0dc500

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\22408

MD5 cd724d134970cc7ec59fd011b5db6384
SHA1 b855a9fbd1fa13c14d534d10eea15a9d22dabf64
SHA256 0d14b34289cda085c35597680daa0f971dd616148f7c167649965676adce82bd
SHA512 dfefc770f106ed68bcdd1c65f05981e912d0cd9d0629d9609c8acc23ba501cc0447f179b0be6aa00b91071a9746715450d93db60534c62884782b21249ba5653

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\15877

MD5 2217032a385800c2ee87906c41497b3b
SHA1 deed6f7a2125fbf5228c56aef59892c685479834
SHA256 adfc4e3bccb1b1832701c397de00da45b210ec088309a4aaab248b444574dd38
SHA512 7001ec5b393f12960d0bc5c08b57efdf5f5e5d6537930e44d5f37cac898e2ba71f6f09670d0450c7a61a3161ced353c61275b9156357989de03ebcefb922b86e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\9346

MD5 649bbfc5e953e3e1a993fef63a6b89aa
SHA1 d51f4d6602dd8a9cc382442f0e60140682b69f8e
SHA256 039c7cc1f0584f36635740d8987578600d67e1d1bd53d699e85de91d915cdc73
SHA512 9fb9bff65faa42c7bcda64d73b353db4bb8a36a62347e7228934049c20663fee189b98a55cfda7497165ccfc6b6638a60b01a5d1d2f0391bd67693fe3866a52d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\2814

MD5 7f4bb40a3dfe9fb9d3287661868eccd2
SHA1 12d3471b38d907abfdeaa2ce049eecfbccfecbb8
SHA256 8f62284930d828eb5c86268db2b8b952ec08dbc699f58535c61aca16c32c1a12
SHA512 e4ea308055d203a14821d1805ea9712a4c7c38aaac34959b616bad6b739d88894b5c6afa643ba1a5573ceebad441aa389ea2a8b56ca45c06f89dc5bb99862562

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25786

MD5 a7acda2edb9ce210b5227cfeb84608b8
SHA1 52458be810953714f0b2b6074afedf31e4000d35
SHA256 71b0685fa9acf913f7c15624aa9acaea6172c16aad212d0520f24b990a00a193
SHA512 e5f23a92cf7c81211f63f38e1c6f5d6269cea212ba4d969a1810fc26c138cdcf9af961ee884c4674f0738fe60b52e74552d5d926e83f1d65c01b3d092d3c61c0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25674

MD5 de4f020b60f62b90146b62857e628d15
SHA1 6231f0b0341e210b72cbe69ba716f9b81dc4236a
SHA256 d39662a43f44ecb9b3b8a4927baa7b60d80e486d9072c531a4d31f6061fca84a
SHA512 59a6a8592587e827a2ee94326efee2a6f4df193ba8279ee7c0680e4db71b49c7f87148671a3bf319232a09f6f339465b1dbc886188f8a4870fe9dc42c2c05699

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10591

MD5 d7b3ba93c09bb61faa552ff9f4ebae22
SHA1 392e53e007aaef1531965e4fc6b4dd558dd64d5e
SHA256 b4f3a960f09838412a40fe9a06194c6fcffb176358e556aa08ea82fae2618ad9
SHA512 484e1d148346d4cb619521520e8ef9d0192796b4cb182c9e5f03448fc5bf1762451f75e39f910bfe547033fe2f45889ed56b8088b5f184403dbd03e20561ae4b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\7438

MD5 feca2a1e57bd5bb06b96c46ee004f67a
SHA1 b86330e3d05fa7321f7d06fc04d83dd56a15b988
SHA256 d2c2398197ee0f6289e63ac37cca33837cb44b970adc13fbc71b342da76ec121
SHA512 154e51cca0113a1badbc64651784b5324ea5ef9a7c4c9f118e32204702ea18f4e0edabedb7fa7b8937c1b79bb9f415d9dba738be531e330b9066bc59e8bd5bf3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8460

MD5 b625629a49821e3914d28b6125675a80
SHA1 de7fdfc859d5428b3fa49d669e3b8387f41bfe92
SHA256 4492171711c473c7be6a5da7d5b091dd085c756c19513e3bde9c0a7b639dec49
SHA512 6a63e6ffb08e7faa914c0921478da128f23e30350553ce2d60055adea1cf13ca3f8e669e17c6062da02009e042837de807f155727a901a79ca310117e1059fec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8011

MD5 379de2aae4af47df99eebbb0a987d143
SHA1 73d80df14e13efc5ff4d67703e9c801643e105b8
SHA256 a179c75da1e84eaa0c2b5500005c22f188a689f3c627ce0c9e4dbb957d0420ab
SHA512 ad31dc5287f846e20e53de3a02f09db7fc76b1ef71d83b84d063c1e25a5e40063719b7b2704f962e965f3c232403ede7919a3019d6b48c2a3ae1d41bcb9bd66d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25259

MD5 8e085971d8f39fc6f22d582515a645fc
SHA1 a9cd59068502f87cfd9c308619c266245583792f
SHA256 ed6a9b19cca7ae8dfb0bb6e1bd754d81f6c98e10d42e512205ed86be2aa63bbf
SHA512 06a487592eb48f3eec1483dc7abde02e627755eb843507f28ef2c6a4c815c7c73399c2e89f3c1b929caab1678d82ca5cc8b1e02febad11f4c3e5cfc1c28cafd9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\28862

MD5 0ddbf3f53e0e4a1635a5bb08a14d77fc
SHA1 a45886868cac0d2d63e61a37042b183ba5eefe21
SHA256 4058009f7733d3419ac805ffeede1a7cf37242699068f93f803bbc2bc1e6a75d
SHA512 5c998f4e16abfe1516de86fb2726e1c86f28e738e9d236faf119410649860b698af409098f8f32e0c50ce9cc1aa2192717e76e1b1480955aec2990be07437030

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25596

MD5 7413e62c2ab66ce2ddd15b7ea08ba5ca
SHA1 e26900792d58caf4be1736f531e5b9149012fdae
SHA256 59544ec780455b972f2ea937aa153a4e0f3bbdc1e6936d15d3c5e54a699de182
SHA512 467d118b9c01bd0dbefcd0a1d46e438160522ef8cf00f7f4af1e63b1d280700c9ee0c4b8743bc7cbf66eac249196304f47c257143cd03fa8d9c1f27d16ea177e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\9268

MD5 b15e707b439bf3f7f84f133207190c95
SHA1 f54f698e19a954ad9da4ac40fd2eaad7863d872b
SHA256 2da681e80e157ef22b950589a1699ecfba35fbe7138b182f2fa43fcb6aa7c3b1
SHA512 35795abbfec3c5654e7eec0437ebc2a71fd3df58171a95146393020b75a29aad968d792f045d784a5ca2adac6391e8c1bec78e20b3f0d59ab56d60b597e38a96

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5f7bc22f677124146b16f0d96216ea4c
SHA1 22ab7a6045e17af6a5c922d56f77b161b7f9f6a3
SHA256 58de6424ee080f55b08bcccef80c50b1411b47d3c3c7eda58e16a55b0c54dff8
SHA512 b8531690d6032820ffb41d230ccaffffddb7b189dad97ee4767efdff17c19ebaf09b2373dbb3182cdc6b82259e57413a7a537e88ea8cd8973136b75a256dac46

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\30921

MD5 47df867fe8ed14bdb6e06bf37c688297
SHA1 c89e8b7badd37eb3ce2fe3120742e427928ae0c8
SHA256 4771ccf22f07735fca7d6b7e6d8b098ea5c07af194e2d70ae447c56de2c3cde5
SHA512 a5bcea475a745deb3edf70af704a2123df60f9fdbd577db06caec55f7ee610c8f5dbc60cf2fcc1f49cf2d1616d6cf48bb7562126ee8d389df981032b661d196b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\11575

MD5 48878c72f3b65e5fb45b4f7174f36bf4
SHA1 ab95fd8631d255ca1e87815e8280517e7ee613e8
SHA256 25591682d5f1345efda0ad32ba05dd8f0c38140700eddea1e0cc56a1ec8bbb03
SHA512 7b94eed3ddb4aeed6edaee6c02d9f1b7b675297656956dab17ec8e0935d53e1f6aec8394501b2ddc39aa6a14c76562fe2a1839d42a8d966617be7d5ba064a303

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\27791

MD5 142d7dcc896ba11683b1eecbe2c25e2f
SHA1 ec8715a9cf015ac74d635f25fef7ac57d5ca8f6f
SHA256 e08f8c0c2a3cdf75e6d5ee16f00466f2cf4483f8ec19a2e5ae3579e8cf19ab5d
SHA512 60cd049ff58be32ea43c193bc552c4649021fba30dc92ebc0ebba25c1aebc7d4a1f4dae872a54d9a8d3885fa9b50273febed1986b2ddc00237c5befda8867ed7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24301

MD5 be432db915326db29f87fefbff92e05a
SHA1 82439dc3eb41dd3c925f135acd6897c9bad40833
SHA256 deb2bc545bfc0a1a4a955a56d0dbbdc20210152d727fc947bbd3993ee93d7fef
SHA512 eb7042acd6c4ebc8142e1b7ec55fb45af4ae613e5171b9c1c994d7e27955ae882d11aa20b3af8575ffd4575a7bd52636a0f3c5c4439b2eb6cf7d755361de3753

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\1217

MD5 82b13ab319ee2c9f3801105118c5c9cf
SHA1 b2bdecf7f4f202968c03483a4eae45199547a22c
SHA256 d2baded094f6bacd1423fb7c7758f08a20dbb25ed71f0f9d5a1de6e73c1f220e
SHA512 5280312a99e2a8e4d5a4a530dc71f78498bbc12eef8c0f1a37b53ded4220a14ffd96f4961ccdcf94da6b9f1b03acf8e4ab8fa14cbe579f8803f2a88bf9e0322b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\20811

MD5 7d34b599a9a54c9201957a217c0708c6
SHA1 8137632a9de085391017e76aa3338be332f39f3a
SHA256 426c4ef8767290eefacce4f1f15fe1522014624d48b6b6685153bae4934be624
SHA512 2632117412a94121c4e02358c72b028e061bb0dcd6cefb0ccf658b603b6cba3d45badc04098fa5aba0267c4d561f7803eb51bc390cf37340c4c54c28f0e85ba3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\10902

MD5 724c9c51ba102e28cb143156b55d0be4
SHA1 fadfec070bb4a86f096d5b07d429fb6c742457f6
SHA256 0ab4ab8a88900f8778b333a4fdbef8112950d0cd98b95b092d09ce7c6bbf42a4
SHA512 8ed5a452957bbbf6420e8e2f55b711934495a74a948f8851ca10e996f55e47d84461bf5898d22b4e9ff153c6773cb49fbe95aae106db65394637456b2b066cb1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\32414

MD5 c2a5d16cdeefb0a57474e85ba288fb6e
SHA1 6e809dcf6c6af11971d5e668f985d0cf2e7089d5
SHA256 8586432e802afb7125bdff305d591032a571c49399b3656f5c76ecbe017fe9da
SHA512 74728ec67f6170fc5ef39b773376f022d9de8ed769b69ee31b2750b4a13b16d0f61805a18a844d1135142ca3d989dde81bf2d6f9b114f594e5cd981dd4db7c4e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24537

MD5 8f6b38259a191cd48dcbf9071ca1ca38
SHA1 90b06dc98e1d6b52cb00312813e575175314b4cc
SHA256 bf5cab6cb78eb92fd6a89df114eb109b57519203896b9da386857245740c7098
SHA512 90cad75bb2395831fa1a4cae7e571d5bce59eed27a2d3935ca63ea7dfa700381c3ef08ddc2757443186018a3fae6566d8ae6f501535f42a50ccaf238460498b9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\13394

MD5 e89a8f8e05240ac51f7830c808d43fc1
SHA1 3581b1c466e769298e6d6450fe9cd495afa38d31
SHA256 3612e80710eba40088494e157813de9b8e1c7904ee6ba67c730556ed3a72c5f1
SHA512 108427a497f31fc5b7e63a0a97dc0e620b81ed1cf00ace778260eff71a477f9e1ef8f87fc5a22248188058efdafb0ced1c45b1f802f56d470d04bfa7d3076cf7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\8781

MD5 40a9147751b941cd21f806deac80bdc9
SHA1 b5e4f075cbbb7153a166b9b8ea230fbc3f84181c
SHA256 2750db734ffccd2077a88f2d30d563f5a44bea4ccb9e280aa50052e8cce06449
SHA512 0ab231a0cb0c457a2386176a30af3c6f76bc3bb8dda5aa30cad3a22fb82d21602431389a8bf02debf5091383398e3bbe7388a405b6a96a63d86eb7697a006deb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\20497

MD5 848ea7fb92530d3f7fe59ee951358fb5
SHA1 854421bf887a724a2e129c1498ca3ce1949e8a77
SHA256 a8ba55a53a80bf06532de0b99e153c7afa3bfa198371bc33eccf039f18088735
SHA512 d0674458d53961983fd756d0313c2c840802e1528414ee56f3d09cb3991638a1566384af85a904b9e0de3bdc522f9309a27b65f75be1deeb96afe0f40b6e9712

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\6089

MD5 2f6589519592b5e5ec3dd84f81abc22c
SHA1 e8e8b3782834f990d170b270c92c216e9f66518b
SHA256 a7e2775039f6dd9d6372b5cd5be03e93b0fbc0e5b1c57653c3950fdeea162f53
SHA512 0c89425f85bc8c6efd5399e8a293c52d9c1a5de1551ded801b68d26a7dc0b515092675df2c8004829149f5f4bd36f4e7523c322adf565c6008546b4f0aea2336

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\11273

MD5 f029b7aac626bb11128081a882a5de76
SHA1 52ee020415a5226a4354d4810c14a841f3496519
SHA256 a1f84c55ae075c3c645b3c39a9c59c577adbe6b0e248b9cb557f2a2d72477377
SHA512 1cd72bd0bdaef714a131d6f71dc308ee26638a3aab50603caeef59a8cdd8cf47bd916a83292ca03009ee656c12782ab927d40543559efdf472e0426d4f37feee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16121

MD5 0f40783fc4918a5ff21f437916993a60
SHA1 2d4111e77773d6c5cab0533118fd56fcc1841e2c
SHA256 5a59d4c6fbf703fe751bc5861ca160878674e6e27ffaaa2817df5512c2bd70f2
SHA512 fe4dc6c077b1cd8db0784af75102fccfd10224b4abec9fc32f83f054cbd3fe6033806f7d59fe234e34873c9e7766aa6ab6fa3d9010298a9a26572d849849c094

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

MD5 7560f2cb7d857af28d10727da86f4f20
SHA1 4fdf7e74d79d8f1560ee7648d830c8a54448580d
SHA256 a4318f925a750152e074118613188d8c3dd7f17b3aaf90ac7b6a49da8c3d19f6
SHA512 910bff46ef920fdf37021378435ff44d3db9cb1c790febe0a5762d156187472f5504bbf33f0b1357715da27224020290d7abb6617feff588535411741725e3d2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 6b7e5c8463f11baddfe09f99f783726a
SHA1 e753750d217b66e19747913c292532ebbb3a7290
SHA256 9f5b17984de3d537de35120ecf0461405f351d4de59de377c2b90e4955699533
SHA512 09c30d05cfc3cfbdcabdb4d74d053b0968ed8cc44de85677256c2825ceb0c06a1288608a26cb07163c54c498ea3bf6f1e8e06f2d44f47d989111e9a4259b9e7b

Analysis: behavioral3

Detonation Overview

Submitted

2023-05-13 04:32

Reported

2023-05-13 04:35

Platform

win10v2004-20230220-en

Max time kernel

142s

Max time network

144s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh

Signatures

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4260 wrote to memory of 5032 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4260 wrote to memory of 5032 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5032 wrote to memory of 2052 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3872 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2052 wrote to memory of 1432 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.0.1059580323\543490881" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3185805c-02f3-45e2-aede-a229e721097c} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 1908 2b29517f858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.1.1907087777\1252794" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 21628 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {909aa278-69c4-4a34-8fda-f4250fb3923f} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 2324 2b287174758 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.2.1462465561\1710858458" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 21711 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e346649-2232-4e48-990c-00fc6c86e315} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 3108 2b297ed9058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.3.1372208506\1773234891" -childID 2 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d56758-866a-4cc2-afa0-370a8ca2302f} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 3980 2b298ef7658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.4.1044876619\686627784" -childID 3 -isForBrowser -prefsHandle 4632 -prefMapHandle 4628 -prefsLen 26675 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b1c18be-f8a6-433a-ae43-bec1e18ef8bc} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 4644 2b29a49f458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.5.916476945\18744325" -childID 4 -isForBrowser -prefsHandle 4644 -prefMapHandle 4880 -prefsLen 26675 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecaa75b3-6af7-4286-9d18-4e1d6a67aeee} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 4892 2b29a4a0f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2052.6.95409635\138064847" -childID 5 -isForBrowser -prefsHandle 4824 -prefMapHandle 5024 -prefsLen 26675 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a138a5b-45fc-4b57-a736-fddcaab3f56a} 2052 "\\.\pipe\gecko-crash-server-pipe.2052" 4832 2b29a49f758 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 127.0.0.1:49740 tcp
N/A 127.0.0.1:49750 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 54.212.210.58:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 239.237.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 209.100.149.34.in-addr.arpa udp
US 8.8.8.8:53 55.65.117.34.in-addr.arpa udp
US 8.8.8.8:53 58.210.212.54.in-addr.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 37.158.120.34.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 52.152.110.14:443 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
GB 216.58.208.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-5hneknee.gvt1.com udp
US 8.8.8.8:53 r4.sn-5hneknee.gvt1.com udp
NL 74.125.8.73:443 r4.sn-5hneknee.gvt1.com tcp
US 8.8.8.8:53 r4.sn-5hneknee.gvt1.com udp
NL 74.125.8.73:443 r4.sn-5hneknee.gvt1.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 73.8.125.74.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 62.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 34.117.121.53:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 34.117.121.53:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 34.117.121.53:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 34.117.121.53:443 fennec-catalog-cdn.prod.mozaws.net tcp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 api.msn.com tcp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 8.8.8.8:53 fennec-catalog-cdn.prod.mozaws.net udp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js

MD5 9971fa8fa89a208685d3e30835832fb5
SHA1 5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300
SHA256 13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084
SHA512 02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp

MD5 1072491703151a86df64a8e53d49ef62
SHA1 cb74d0d74456aab8fa9cb10aa8baae5dcdf6a736
SHA256 db5792f7ca7e4a2486fda23fa27649be65d65986b92e60c36698f7f44b4dca69
SHA512 611ffe8643796cdb6edd61cc427b04060dbf40db3f896f5b3089c1719331e993c7638200adcbec5f5c6700a033fbc20f737aef8557b8364e45c887b002ad2f9d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

MD5 79b0af6c5b377de00df0b7d53e00ff83
SHA1 28953816b2f90106f4e42a2cc855adf55853bb23
SHA256 a6bcc2d8ec3e5181a1f7846a2fb655df44809387761c0f8606ab9bc879e6f012
SHA512 2e9b90f6d689271c105fe09ae32e5c8c2c08deb78c0c620a05522c9c77955ad10601296956a02c02031ea321c09fd88bba45eb5c36ee76c239a8601b1d0cd08b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a429b09d289e32f16de7d35cd3b7e6b5
SHA1 d57aff9eee89d6e562855342d47d7274cbfcfa7f
SHA256 9b42cdeb62fa32220a93a5e90fb59df2132b1d0e18db7044c43abdbdef4cea67
SHA512 6cf4a2ca84b8a76865060ab9a442812f79297f27f37fe8e629c383fd83f567dfe8eb494a25046fc2cdb40384950b937e506a67aad1b1cb9c829bb2ed3a0d117a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

MD5 edf549745a81a46258de5078e08da07d
SHA1 1b0eba1761d6882d23f66b8c0980dfb0421b5161
SHA256 876013ab9e95f663d36a7b874b3a96012962d42fd693c89fbf7dc1e5d847a4fa
SHA512 4ad0d9d1bcd5d6e8bf61fbc9b8c019d2b0f4d3ca6989db93552174c3a363d18f85ecba10f04b04ef4ffa96b69ef8479984aae2993d9752d1bd7e019eb77e019a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

MD5 3676df283d26fcd894a8cf1e1e631bd2
SHA1 e18478000b2d0c9f0e224ad0180b6fe1ba030af7
SHA256 0a2fc5df62745fe7833662bdfa37a2655b46b660b00fe592bd3e3cf7daa91544
SHA512 adfbe70f140bee39e962d576de2e25245e04b0b45feff00023a1c6babb1236c73dec1c4e70358d61f2fda40cf41cf6951c941d4f4e191bb420e3aeb1a3572925

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

MD5 bb9e9df80ecf3be406f0d7618492bbec
SHA1 cb15e1c26f78de0ddd7ae0ecec20ea19f8a9ca2c
SHA256 12a2ab853875a3cff232e2d60609bf681d8eaa9b01a3529e6c962213f0b64c97
SHA512 5393a199bf7f84d9381a0df232e147620108ba0d0c464dbc45d7eb189fb5451dfd2f647c5055d3594edc7ad53f64285d65dcc0f5dc205d7f9c84e5512b5e596e

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

MD5 e67a83dcb48c2068660b0d6df7b263a2
SHA1 979ba55c8faf3d620b69ef48421fcb8c75c900d3
SHA256 a302d0866c4bcbc4950068da02246cc95440b9194d3d8e386101727f97710f54
SHA512 32fc44af64149d5e7fcb5872709b9ba4a7066b7edc3701217ff6bc79698f3ca34b9101063ba10ab90836dc5c50c48c863688e95fc0aee427b635f5f064836365

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

MD5 58e773cf5dd033feb0de665ea64e5ef6
SHA1 751f6e0de223a25ff0a7b09ad14a6d9acfaac19b
SHA256 67db643d4ae26537e4295591495dc13a86a57d99e64d77d02470c1603bf1d137
SHA512 597c355b1dde41969b27aa9fe1fa76e59267e7d1e5eb5f53ba5916fe4881fe31b4ef77a6193a292a6a86c1abd97b2e617df4a7100553bcd5b63db81263bb9101

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3c7f0e7c46003a9fc6fc439c62c3ec5c
SHA1 7f61caa3fa6f42d962cc3194df8f1ac0f4914878
SHA256 511ff5ea67c05a8a4fa871fa3665655cdad418f1c86f88caac8c68ba06fc2bb7
SHA512 e39a34e451a401ad67cde5c94b07684d9c506e0284e0ade2f6d36db10979a6bfa1ddcd79e4900f52d7b2cdc7ccf41d8101d2d3234c98d281c91d004da1696ac2