Analysis Overview
SHA256
c7f1ed371709751d8bb50943670a1dd35a70a19d68bc37c7cbcc53835d0c89f9
Threat Level: Known bad
The file main.exe was found to be: Known bad.
Malicious Activity Summary
Empyrean family
Detects Empyrean stealer
Loads dropped DLL
UPX packed file
Unsigned PE
Enumerates physical storage devices
Detects Pyinstaller
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-20 14:31
Signatures
Detects Empyrean stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Empyrean family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-20 14:31
Reported
2023-12-20 14:36
Platform
win10-20231220-en
Max time kernel
286s
Max time network
255s
Command Line
Signatures
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\.pyc | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\edit | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\.pyc\ = "pyc_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\edit\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\main.pyc
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.0.1264876035\854068223" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4f68be1-12d2-498b-88ad-d254aaa811c5} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 1796 2716cdd5b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.1.946233559\1921056715" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d9ea292-193b-4950-83f3-8026fc4ac44d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2152 2715aa6fe58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.2.177198332\949869850" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 2640 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c270e0b-46e4-4889-afa1-dc48b7ed7033} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2700 27170f9fa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.3.2129467575\4180218" -childID 2 -isForBrowser -prefsHandle 3328 -prefMapHandle 3324 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {738903e8-3000-4486-a815-e961335449ec} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 3352 2716f2c8c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.4.1500617900\1316978203" -childID 3 -isForBrowser -prefsHandle 4348 -prefMapHandle 4344 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0233718d-11ac-49d2-8c55-ade608e5039b} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4100 27172e3f258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.5.1564496403\645314951" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4836 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f624178-1514-44d7-a664-8eba9882218a} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4800 27172e3ce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.7.1377320153\1100845552" -childID 6 -isForBrowser -prefsHandle 4728 -prefMapHandle 5124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d387950a-2915-4552-8d6a-849af1389d0d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5020 271732dfb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.6.185441557\1022243424" -childID 5 -isForBrowser -prefsHandle 4924 -prefMapHandle 4928 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {275d17b6-5ae4-4283-a8cb-49683c8d72b9} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4916 271732df558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.8.1474383448\101869420" -childID 7 -isForBrowser -prefsHandle 5564 -prefMapHandle 5536 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a954e9-6d39-4e47-b253-8f55f98fe49d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5592 27174b44758 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49782 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| N/A | 127.0.0.1:49788 | tcp | |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-2gb7sne6.gvt1.com | udp |
| PL | 173.194.10.167:443 | r2---sn-2gb7sne6.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-2gb7sne6.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-2gb7sne6.gvt1.com | udp |
| PL | 173.194.10.167:443 | r2.sn-2gb7sne6.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.10.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\139867fd-46d1-4464-b234-d9d3dcc85a71
| MD5 | 412219c2754d8a1354e99e5d0fc1eaa1 |
| SHA1 | 68c02ae793560685c91003e84301832c2c79faa4 |
| SHA256 | beca972324701713818f8de7209e1c091f575c056e0d8cf6109b5471a1995462 |
| SHA512 | 62c49ba72b7a2af08e65b218420c8f6cb3ef7afa5542aaa2a5cd47fff124e4b4798a09cc0e4d93cc126c01d1749c9840a89bc5a7018f9e46884997f7e29999e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7471ab394fe720a959e9f4822b42343f |
| SHA1 | 66948fbb24a4c2ea3ad769361edbde2395a33181 |
| SHA256 | 02b89e19fd52adf49b9577bf88d27c2b5ccf922c24e93cb077ace757b28e1212 |
| SHA512 | 0143335f1cf6b7357a2abbafdf1625f47b082f8cd47a38842d3fe11cd1deb2673e04309fc0b66fafa244849a23e84d7f7dd06289d7163d3798226dfcfe0e021e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js
| MD5 | 7ead0278c699d366ef216b8258bf0d4a |
| SHA1 | 8aff905ed956f541e15f7d5f6365c41959c91ff8 |
| SHA256 | 65e160ca1ea1e7fb3c460ad35982b336870291a187e93044010771f169e6407b |
| SHA512 | 6d4531b8fba949b6047e363e06980c7c2f866f5ab44e3f37b27f06e07a226c9ac2af2342f153b8aeeb3a10d176c0bc319138de02091e20c0f6f16da570fca3a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8672758d0648a052ac5dc7d96c4c2178 |
| SHA1 | 2b939fd0ae287be579a10fbb9e178386729eae47 |
| SHA256 | 3355a399151cca6fa68a2fa1b8c11a51d64829db31b127fff3a8efeb1dd5a45a |
| SHA512 | 51a22a7313bede1d77d97c987e13aadd3564192d6f1b2cc5a897208e5f82939e8554b50a7a00766dbdd941433053080495d27bb00df8c02ee44081f9837eaf29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5168e5f7dc05a5c3834461f6a5bcb91f |
| SHA1 | 44d6be386b31228d5269335ca2da72773bae6ebc |
| SHA256 | 8064cbf23bd29ea71d6c3a76d54a72316f125f230bce4fa637c18dd4fdd6a5cc |
| SHA512 | 0dd7eb019fa501e66343ff15b7aec97d19d51a0646bfdb39204294fdbfaf99a4044cd68d338f08787c50516a11728530d9be924289a4a9ad3402a492eb7e22ce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js
| MD5 | 9cc6fabedb2459d1d85076acf02ec82a |
| SHA1 | 6a27a3caca49d362b87cf8766532d88ea54415f1 |
| SHA256 | c04c9177b2af67184a15fe3d59689652791f24f396de3e6154e7f414a80d2787 |
| SHA512 | d611e1362d8490477ceb998ee12abd802bd4805c05fdde65c4e14f2bfe198ddf311411e10c53da06f576f0b97612f9d10912ae84b864c6307d52cd2f2782ef25 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | e4e59c794f3f5d97c2ecd3c4c5974629 |
| SHA1 | ed251b5e1c09086027e5430ec84297226fdd5941 |
| SHA256 | a1d04d40931836b1f8b6996ee74fea03b9d729bbe18c111761890536e8e1debc |
| SHA512 | ebca14198382da417347f6f929d5aa5048c6f1e3ee3c9557652a0829e544a4b9158ace6734b718fd96086cda0f5a213732b6a2781898cf3e903d1fa8eb1891df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 173036d542db4fe1020c93c5471236ca |
| SHA1 | 1e8c7c5b8d206bf00f1a56b11db29b59c5ab38f3 |
| SHA256 | 5de55777b2b26588752b0b57f5146b34c74eddb97e640b79c3662d86c707e335 |
| SHA512 | f8f1b8199d482d7d8bb1b0d3cbf349a809e90c03b037271e431392a5c51a8a3da180942bbe1b866f754bb5ad20a53023e2c7809412d30fbe32311a34f7996232 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 27dd1168dc6ca27551626a6021f5f177 |
| SHA1 | 4f8e24dda061cf32f671668e7842cdb67db40ec4 |
| SHA256 | 4b05d61fa7a6993b49ff124f292b88dab620ecb86f2abb930b037e9e1bef933c |
| SHA512 | 830edb5e2ecf55f437716b158295c3fe640422f790e097f0cc30d30906ffc94165687904eed1b763b11063c6c7e2e2aba0f70d5519fb3f93fa878725d97107fa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 31e774e63fbe4e380a2a10e5586beb7d |
| SHA1 | eb15f5d7b5ad11e7607190c57410edb3d9df5b7a |
| SHA256 | 31a32abbaf2a560c82520966d4f2cc3c9b7a7e7c927182a33e15207a054696e8 |
| SHA512 | 73db5d963a19142253756d5ca90daa31f7de45807684be58f88865743d5cbbfed22c2ab21a58b5f5d5f4f768cd9fd3d8811903b9b8759458c1e3587f70c0b5df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f48136b739c0a817ffad0e0b39d80d6d |
| SHA1 | 14f4b075eb8b656e5739a5a4f639f901f15f288c |
| SHA256 | 90c24a7e02c844ac796a430d0b1ff37b9cd1d209621c642b884f208981f7092b |
| SHA512 | db370a841948df4bed766ab3a907539dc219cc0a1f175cd1f866fc77ec3f8aad55b7fbe23f348eb3ef1adf400b8f75a76b45a365ddeb9349823682de36045988 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 275480b0c72697fa80579257d513968b |
| SHA1 | 4aad8865d8a6cb8884ce34f1a6c589567d4ce33d |
| SHA256 | 3049a0da918e1af6e8d666fe798b1db8cf1159b1948b581b373204130b273e40 |
| SHA512 | 70ee8db6aff612f6cffd4f5f28d169120cbef9e4bd44b36a13b5164692e7acaa93b206685442fcd0caab8f1a9284d2bdcc2e9dab1bf3e11b44d2272799e1ddb3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 660b75288ce86fc36a330c270a8d1346 |
| SHA1 | 6e0db2fe04ee8c35cba69a5864195d0643702bd0 |
| SHA256 | 8c0a49f444fae74aacc2c1b7195e5024c4ac8a2e11d73accf96cefb7c2717a53 |
| SHA512 | c4bc735c0f75bfc297acf05227e66b84c675d38a42136b26669f5dfd7d824f4499774c76f67ca37bb7992cc1a13f927d80767b56790f43bb86115525f98b76b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js
| MD5 | 73d2f4880a14ed03a4d63ce6f3df86bd |
| SHA1 | bd53750ed7dfea72d9589dd15b1616c4dc283ab4 |
| SHA256 | f1b3790962d50887a033fa0ca79cf8a20907f633d840acec3dca8b19551938c1 |
| SHA512 | 8dc4d030df2e4d0984e1ccbb3fce971a6644c6e2f9893f8bb532cf5f40e4e0ff05b9d4839dd60e89f83571c0153fcbf23f5e3bc1e4ce03ae4ef5a0e4ef306ec9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\targeting.snapshot.json
| MD5 | cc6e954a1c32d17e07228e070630a3fb |
| SHA1 | 148bfe510a2c2f697fb861cb364b9e96849337de |
| SHA256 | 527697daf259f6cd8869c090615983521dd8bc974c513db5186378785b7fe709 |
| SHA512 | 525ed2e5783af9efb93ca2f722bd4cd67da2de8718f6bdb464bcd864cec3ab83fb27fdf1b345b55509108ad809bfd03e75faff3c58275cf231cb802b184b6e5e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | d204a3518d751d0f1523df3c38f8fafb |
| SHA1 | c4c63c57b73da654e85e4d690a20afa508a8cb89 |
| SHA256 | f06027f700fd557c8ba90f896c29929226ab02ba6d8fabd49d9a290c140cb635 |
| SHA512 | 69d676ffc0538972004c715e379bc9cbe7ae480562864b59c40a71567b615918e6a3e6099a2c4cf57e359f7c906c2777fbc5b765d1848154bee9eaa5409753b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\bookmarkbackups\bookmarks-2023-12-20_11_R2GCJW2HdLaIfBVPbIexVQ==.jsonlz4
| MD5 | 0393fcd716a9cca2e366c1f6501fb52a |
| SHA1 | 886d657e057864c6ca12b4614df2473dc982c890 |
| SHA256 | 6b6b3e30941a6c9d5aa9489429cd7e850e59b576352336d1ccfd3646d4668711 |
| SHA512 | 65cd124b101dbc20e3d08c9d0627b97a15d227e2142c1c0760015518f9e6eb25b2c06da46619aa9312b2812e0a2707fdf39ca74f6c87d3526cd42ad7f7a83181 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-20 14:31
Reported
2023-12-20 14:36
Platform
win10-20231220-en
Max time kernel
295s
Max time network
300s
Command Line
Signatures
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\main.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.0.1099748450\1359348738" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6acb039a-fb24-4717-b819-124bbf5afbeb} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 1796 1b0c1bd4858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.1.1750332394\327665445" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeb370ab-a802-4bc0-a5d4-6eedc51ed9ca} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 2152 1b0c1531758 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.2.578381091\1081336086" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 2660 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83091af5-2a88-46b1-acb6-a92662ae04fb} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 2844 1b0c1b5b358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.3.880399446\1186720931" -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 3528 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cee412f-af9f-4fa4-8b7f-0b8287a362da} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 3548 1b0af662558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.4.339811993\735246984" -childID 3 -isForBrowser -prefsHandle 3536 -prefMapHandle 3528 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a9d5dd8-adf3-4c84-89ee-b92aa6a834e7} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 4284 1b0c44c3e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.7.688137207\1516613243" -childID 6 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87823a8-9f0d-48e0-8ea2-becc311856fd} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 5176 1b0c82ab458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.6.1397209352\725455192" -childID 5 -isForBrowser -prefsHandle 4700 -prefMapHandle 4696 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2176cae9-05c4-45a9-88f1-5c616cfd39ee} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 4624 1b0c82ac958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.5.583973179\1356828564" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1abbb635-e991-4e1d-95fb-b467b3de8923} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 4888 1b0c82aa858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.8.1911912119\1689514040" -childID 7 -isForBrowser -prefsHandle 4696 -prefMapHandle 5208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc15dbb8-7d70-4a52-b03a-3ae659478bb7} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 5196 1b0c96bf258 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49998 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 127.0.0.1:50004 | tcp | |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-2gb7sne6.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-2gb7sne6.gvt1.com | udp |
| PL | 173.194.10.167:443 | r2.sn-2gb7sne6.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-2gb7sne6.gvt1.com | udp |
| PL | 173.194.10.167:443 | r2.sn-2gb7sne6.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.10.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI29562\python310.dll
| MD5 | 69d4f13fbaeee9b551c2d9a4a94d4458 |
| SHA1 | 69540d8dfc0ee299a7ff6585018c7db0662aa629 |
| SHA256 | 801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046 |
| SHA512 | 8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378 |
C:\Users\Admin\AppData\Local\Temp\_MEI29562\VCRUNTIME140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
memory/4588-75-0x00007FFD75760000-0x00007FFD75BCE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI29562\base_library.zip
| MD5 | 6193ef476f7798815a42b4dce8d29618 |
| SHA1 | 9d3fd67658f984cec775939898085be131cb728b |
| SHA256 | a9d3fe0cdf5334a19657eab77ef97a5c6731103edb251d7204e4633af3aa8c9e |
| SHA512 | 6555a2be2f9608f3f82ad2e0af664d494407d2eec9e1b005533e57f1f067ef646d784ed019d522fe1329f90bc3b6641759ad96e1ed6fe166880e8356e19f39ab |
C:\Users\Admin\AppData\Local\Temp\_MEI29562\_ctypes.pyd
| MD5 | 6ca9a99c75a0b7b6a22681aa8e5ad77b |
| SHA1 | dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8 |
| SHA256 | d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8 |
| SHA512 | b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe |
\Users\Admin\AppData\Local\Temp\_MEI29562\libffi-7.dll
| MD5 | b5150b41ca910f212a1dd236832eb472 |
| SHA1 | a17809732c562524b185953ffe60dfa91ba3ce7d |
| SHA256 | 1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a |
| SHA512 | 9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6 |
\Users\Admin\AppData\Local\Temp\_MEI29562\_socket.pyd
| MD5 | afd296823375e106c4b1ac8b39927f8b |
| SHA1 | b05d811e5a5921d5b5cc90b9e4763fd63783587b |
| SHA256 | e423a7c2ce5825dfdd41cfc99c049ff92abfb2aa394c85d0a9a11de7f8673007 |
| SHA512 | 95e98a24be9e603b2870b787349e2aa7734014ac088c691063e4078e11a04898c9c547d6998224b1b171fc4802039c3078a28c7e81d59f6497f2f9230d8c9369 |
memory/4588-84-0x00007FFD88E10000-0x00007FFD88E34000-memory.dmp
memory/4588-87-0x00007FFD8C830000-0x00007FFD8C83F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI29562\select.pyd
| MD5 | 72009cde5945de0673a11efb521c8ccd |
| SHA1 | bddb47ac13c6302a871a53ba303001837939f837 |
| SHA256 | 5aaa15868421a46461156e7817a69eeeb10b29c1e826a9155b5f8854facf3dca |
| SHA512 | d00a42700c9201f23a44fd9407fea7ea9df1014c976133f33ff711150727bf160941373d53f3a973f7dd6ca7b5502e178c2b88ea1815ca8bce1a239ed5d8256d |
\Users\Admin\AppData\Local\Temp\_MEI29562\pywintypes310.dll
| MD5 | 6f2aa8fa02f59671f99083f9cef12cda |
| SHA1 | 9fd0716bcde6ac01cd916be28aa4297c5d4791cd |
| SHA256 | 1a15d98d4f9622fa81b60876a5f359707a88fbbbae3ae4e0c799192c378ef8c6 |
| SHA512 | f5d5112e63307068cdb1d0670fe24b65a9f4942a39416f537bdbc17dedfd99963861bf0f4e94299cdce874816f27b3d86c4bebb889c3162c666d5ee92229c211 |
memory/4588-107-0x00007FFD88CB0000-0x00007FFD88D6C000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\pyexpat.pyd
| MD5 | 5a328b011fa748939264318a433297e2 |
| SHA1 | d46dd2be7c452e5b6525e88a2d29179f4c07de65 |
| SHA256 | e8a81b47029e8500e0f4e04ccf81f8bdf23a599a2b5cd627095678cdf2fabc14 |
| SHA512 | 06fa8262378634a42f5ab8c1e5f6716202544c8b304de327a08aa20c8f888114746f69b725ed3088d975d09094df7c3a37338a93983b957723aa2b7fda597f87 |
\Users\Admin\AppData\Local\Temp\_MEI29562\_queue.pyd
| MD5 | 0d267bb65918b55839a9400b0fb11aa2 |
| SHA1 | 54e66a14bea8ae551ab6f8f48d81560b2add1afc |
| SHA256 | 13ee41980b7d0fb9ce07f8e41ee6a309e69a30bbf5b801942f41cbc357d59e9c |
| SHA512 | c2375f46a98e44f54e2dd0a5cc5f016098500090bb78de520dc5e05aef8e6f11405d8f6964850a03060caed3628d0a6303091cba1f28a0aa9b3b814217d71e56 |
memory/4588-113-0x00007FFD88C40000-0x00007FFD88C74000-memory.dmp
memory/4588-116-0x00007FFD88C30000-0x00007FFD88C3D000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\_decimal.pyd
| MD5 | eb45ea265a48348ce0ac4124cb72df22 |
| SHA1 | ecdc1d76a205f482d1ed9c25445fa6d8f73a1422 |
| SHA256 | 3881f00dbc4aadf9e87b44c316d93425a8f6ba73d72790987226238defbc7279 |
| SHA512 | f7367bf2a2d221a7508d767ad754b61b2b02cdd7ae36ae25b306f3443d4800d50404ac7e503f589450ed023ff79a2fb1de89a30a49aa1dd32746c3e041494013 |
\Users\Admin\AppData\Local\Temp\_MEI29562\psutil\_psutil_windows.pyd
| MD5 | fb17b2f2f09725c3ffca6345acd7f0a8 |
| SHA1 | b8d747cc0cb9f7646181536d9451d91d83b9fc61 |
| SHA256 | 9c7d401418db14353db85b54ff8c7773ee5d17cbf9a20085fde4af652bd24fc4 |
| SHA512 | b4acb60045da8639779b6bb01175b13344c3705c92ea55f9c2942f06c89e5f43cedae8c691836d63183cacf2d0a98aa3bcb0354528f1707956b252206991bf63 |
\Users\Admin\AppData\Local\Temp\_MEI29562\_ssl.pyd
| MD5 | 1e643c629f993a63045b0ff70d6cf7c6 |
| SHA1 | 9af2d22226e57dc16c199cad002e3beb6a0a0058 |
| SHA256 | 4a50b4b77bf9e5d6f62c7850589b80b4caa775c81856b0d84cb1a73d397eb38a |
| SHA512 | 9d8cd6e9c03880cc015e87059db28ff588881679f8e3f5a26a90f13e2c34a5bd03fb7329d9a4e33c4a01209c85a36fc999e77d9ece42cebdb738c2f1fd6775af |
C:\Users\Admin\AppData\Local\Temp\_MEI29562\libcrypto-1_1.dll
| MD5 | f9d318fdfd968d695670ebfd7f821b65 |
| SHA1 | bd3a471b3406dd75728c8c98c13cb12cbffdc273 |
| SHA256 | 5d26ec9f53f92067a58c64e8f3cb2552fa870f92db046e399ab3f78a9bdd58c9 |
| SHA512 | 2498c14b3dbd6fd50ccf004c09c3183a372dd5f752ab2906adb33faf643df8635c9f93cc56df5a6ec57a689ea8d834b9385558aa43534d4459ebc6ec04a62859 |
\Users\Admin\AppData\Local\Temp\_MEI29562\libssl-1_1.dll
| MD5 | 48d792202922fffe8ea12798f03d94de |
| SHA1 | f8818be47becb8ccf2907399f62019c3be0efeb5 |
| SHA256 | 8221a76831a103b2b2ae01c3702d0bba4f82f2afd4390a3727056e60b28650cc |
| SHA512 | 69f3a8b556dd517ae89084623f499ef89bd0f97031e3006677ceed330ed13fcc56bf3cde5c9ed0fc6c440487d13899ffda775e6a967966294cadfd70069b2833 |
\Users\Admin\AppData\Local\Temp\_MEI29562\libcrypto-1_1.dll
| MD5 | f29267002e0c0da65a7872e133df46e9 |
| SHA1 | 42747c88b57f7f7a54c21717ceaf6b04170d51b6 |
| SHA256 | 28981d6393ad6eae7fe5ca979d1a4912a73df9eb11a3094c4704d3e5c13c0553 |
| SHA512 | 9f3f3baaa18cae5fd56485a292146ce6daf23ea67f0b7b445b9c1949bc83a062dbf04ab89631babbd8f9d37a8c0e0c11440b38249eec2c22d037e07a682d8ca7 |
memory/4588-134-0x00007FFD85F80000-0x00007FFD85F9C000-memory.dmp
memory/4588-136-0x00007FFD85B10000-0x00007FFD85B3E000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\libcrypto-1_1.dll
| MD5 | 62c560d04f8dfcaa798549d7ac7274da |
| SHA1 | 8de88dfb7cd336f967192f13eeed5aed31ce8fba |
| SHA256 | e04a0aba203723df51009e5c34318cde8e70c39f7188e7282496de6bf48993cf |
| SHA512 | 946a8de5b1dcdedbf3412986337ba0b4b028e3584d08b141af4b1a52e2076700df55952c72599eb4cb9a5d61447b04c40e8ff9addee56822f59a775837e72141 |
memory/4588-135-0x00000201F0430000-0x00000201F07A5000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\_hashlib.pyd
| MD5 | 0d723bc34592d5bb2b32cf259858d80e |
| SHA1 | eacfabd037ba5890885656f2485c2d7226a19d17 |
| SHA256 | f2b927aaa856d23f628b01380d5a19bfe9233db39c9078c0e0585d376948c13f |
| SHA512 | 3e79455554d527d380adca39ac10dbf3914ca4980d8ee009b7daf30aeb4e9359d9d890403da9cc2b69327c695c57374c390fa780a8fd6148bbea3136138ead33 |
C:\Users\Admin\AppData\Local\Temp\_MEI29562\unicodedata.pyd
| MD5 | ca3baebf8725c7d785710f1dfbb2736d |
| SHA1 | 8f9aec2732a252888f3873967d8cc0139ff7f4e5 |
| SHA256 | f2d03a39556491d1ace63447b067b38055f32f5f1523c01249ba18052c599b4c |
| SHA512 | 5c2397e4dcb361a154cd3887c229bcf7ef980acbb4b851a16294d5df6245b2615cc4b42f6a95cf1d3c49b735c2f7025447247d887ccf4cd964f19f14e4533470 |
memory/4588-150-0x00007FFD85BE0000-0x00007FFD85BEB000-memory.dmp
memory/4588-151-0x00007FFD85A00000-0x00007FFD85A26000-memory.dmp
memory/4588-149-0x00007FFD858E0000-0x00007FFD859F8000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\charset_normalizer\md__mypyc.cp310-win_amd64.pyd
| MD5 | 9bb72ad673c91050ecb9f4a3f98b91ef |
| SHA1 | 67ff2d6ab21e2bbe84f43a84ecd2fd64161e25f4 |
| SHA256 | 17fc896275afcd3cdd20836a7379d565d156cd409dc28f95305c32f1b3e99c4f |
| SHA512 | 4c1236f9cfbb2ec8e895c134b7965d1ebf5404e5d00acf543b9935bc22d07d58713a75eee793c02dfda29b128412972f00e82a636d33ec8c9e0d9804f465bc40 |
memory/4588-145-0x00007FFD85A30000-0x00007FFD85A44000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\charset_normalizer\md.cp310-win_amd64.pyd
| MD5 | 79f58590559566a010140b0b94a9ff3f |
| SHA1 | e3b6b62886bba487e524cbba4530ca703b24cbda |
| SHA256 | f8eae2b1020024ee92ba116c29bc3c8f80906be2029ddbe0c48ca1d02bf1ea73 |
| SHA512 | ecfcd6c58175f3e95195abe9a18bb6dd1d10b989539bf24ea1bcdbd3c435a10bbd2d8835a4c3acf7f9aeb44b160307ae0c377125202b9dbf0dd6e8cfd2603131 |
memory/4588-142-0x00007FFD88DF0000-0x00007FFD88E09000-memory.dmp
memory/4588-140-0x00007FFD753E0000-0x00007FFD75755000-memory.dmp
memory/4588-138-0x00007FFD85A50000-0x00007FFD85B08000-memory.dmp
memory/4588-131-0x00007FFD85FA0000-0x00007FFD85FAA000-memory.dmp
memory/4588-129-0x00007FFD88E10000-0x00007FFD88E34000-memory.dmp
memory/4588-128-0x00007FFD75760000-0x00007FFD75BCE000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\_uuid.pyd
| MD5 | 81dfa68ca3cb20ced73316dbc78423f6 |
| SHA1 | 8841cf22938aa6ee373ff770716bb9c6d9bc3e26 |
| SHA256 | d0cb6dd98a2c9d4134c6ec74e521bad734bc722d6a3b4722428bf79e7b66f190 |
| SHA512 | e24288ae627488251682cd47c1884f2dc5f4cd834d7959b9881e5739c42d91fd0a30e75f0de77f5b5a0d63d9baebcafa56851e7e40812df367fd433421c0ccdb |
memory/4588-119-0x00007FFD85BF0000-0x00007FFD85C32000-memory.dmp
memory/4588-111-0x00007FFD88C80000-0x00007FFD88CAB000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\win32api.pyd
| MD5 | 561f419a2b44158646ee13cd9af44c60 |
| SHA1 | 93212788de48e0a91e603d74f071a7c8f42fe39b |
| SHA256 | 631465da2a1dad0cb11cd86b14b4a0e4c7708d5b1e8d6f40ae9e794520c3aaf7 |
| SHA512 | d76ab089f6dc1beffd5247e81d267f826706e60604a157676e6cbc3b3447f5bcee66a84bf35c21696c020362fadd814c3e0945942cdc5e0dfe44c0bca169945c |
\Users\Admin\AppData\Local\Temp\_MEI29562\pythoncom310.dll
| MD5 | 9051abae01a41ea13febdea7d93470c0 |
| SHA1 | b06bd4cd4fd453eb827a108e137320d5dc3a002f |
| SHA256 | f12c8141d4795719035c89ff459823ed6174564136020739c106f08a6257b399 |
| SHA512 | 58d8277ec4101ad468dd8c4b4a9353ab684ecc391e5f9db37de44d5c3316c17d4c7a5ffd547ce9b9a08c56e3dd6d3c87428eae12144dfb72fc448b0f2cfc47da |
memory/4588-105-0x00007FFD88D70000-0x00007FFD88D9D000-memory.dmp
memory/4588-104-0x00007FFD88DA0000-0x00007FFD88DB9000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\_lzma.pyd
| MD5 | abceeceaeff3798b5b0de412af610f58 |
| SHA1 | c3c94c120b5bed8bccf8104d933e96ac6e42ca90 |
| SHA256 | 216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e |
| SHA512 | 3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955 |
\Users\Admin\AppData\Local\Temp\_MEI29562\_bz2.pyd
| MD5 | 758fff1d194a7ac7a1e3d98bcf143a44 |
| SHA1 | de1c61a8e1fb90666340f8b0a34e4d8bfc56da07 |
| SHA256 | f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708 |
| SHA512 | 468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc |
memory/4588-97-0x00007FFD88DC0000-0x00007FFD88DEE000-memory.dmp
memory/4588-95-0x00007FFD89910000-0x00007FFD8991D000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\VCRUNTIME140_1.dll
| MD5 | bba9680bc310d8d25e97b12463196c92 |
| SHA1 | 9a480c0cf9d377a4caedd4ea60e90fa79001f03a |
| SHA256 | e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab |
| SHA512 | 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739 |
memory/4588-89-0x00007FFD88DF0000-0x00007FFD88E09000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI29562\python3.dll
| MD5 | c17b7a4b853827f538576f4c3521c653 |
| SHA1 | 6115047d02fbbad4ff32afb4ebd439f5d529485a |
| SHA256 | d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68 |
| SHA512 | 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7 |
memory/4588-152-0x00007FFD75760000-0x00007FFD75BCE000-memory.dmp
memory/4588-153-0x00007FFD88E10000-0x00007FFD88E34000-memory.dmp
memory/4588-154-0x00007FFD8C830000-0x00007FFD8C83F000-memory.dmp
memory/4588-160-0x00007FFD88CB0000-0x00007FFD88D6C000-memory.dmp
memory/4588-161-0x00007FFD88C80000-0x00007FFD88CAB000-memory.dmp
memory/4588-173-0x00007FFD858E0000-0x00007FFD859F8000-memory.dmp
memory/4588-172-0x00007FFD85A00000-0x00007FFD85A26000-memory.dmp
memory/4588-171-0x00007FFD85BE0000-0x00007FFD85BEB000-memory.dmp
memory/4588-170-0x00007FFD85A30000-0x00007FFD85A44000-memory.dmp
memory/4588-169-0x00007FFD753E0000-0x00007FFD75755000-memory.dmp
memory/4588-168-0x00007FFD85A50000-0x00007FFD85B08000-memory.dmp
memory/4588-167-0x00007FFD85B10000-0x00007FFD85B3E000-memory.dmp
memory/4588-166-0x00007FFD85F80000-0x00007FFD85F9C000-memory.dmp
memory/4588-165-0x00007FFD85FA0000-0x00007FFD85FAA000-memory.dmp
memory/4588-164-0x00007FFD85BF0000-0x00007FFD85C32000-memory.dmp
memory/4588-163-0x00007FFD88C30000-0x00007FFD88C3D000-memory.dmp
memory/4588-162-0x00007FFD88C40000-0x00007FFD88C74000-memory.dmp
memory/4588-159-0x00007FFD88D70000-0x00007FFD88D9D000-memory.dmp
memory/4588-158-0x00007FFD88DA0000-0x00007FFD88DB9000-memory.dmp
memory/4588-157-0x00007FFD88DC0000-0x00007FFD88DEE000-memory.dmp
memory/4588-156-0x00007FFD89910000-0x00007FFD8991D000-memory.dmp
memory/4588-155-0x00007FFD88DF0000-0x00007FFD88E09000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\c0ccac6d-460e-4b81-aca6-c9053f0bf3cb
| MD5 | 109dc026fb102ec6b43c7252b5e10d36 |
| SHA1 | a91ca0715886f7b86bbac64692bad6004300dd70 |
| SHA256 | 59fae43545adb88d17d5b2764e963e3c3597f414ecf150d0738938bca5749b2c |
| SHA512 | 34934385ecc89b55a251d1f2883283b043cc77437ca54c84900f61a37eca74614668df755b75dfe5992f24e835d7077ebd2081910d245e70f366b1c62e3e8f21 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin
| MD5 | a974c9f76be30e0dc37a26959484143c |
| SHA1 | fbf72b2f959b25a0c5fbf66276bd76ff81570429 |
| SHA256 | 6c610f403939244af3faa102841deef0ee27e8c9404fc3ee50f332436adcf28f |
| SHA512 | 472519d2e825b4c720945830c3b83a09fdda65e4e5300fa391ea0853288ac2f90eb6d56d2a7cce2f7923dac754a62875d53273f102fd06528645af779578c1e9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js
| MD5 | 6942ebe3c2b5ff665c694aa35d9dc3e8 |
| SHA1 | 162e054edbc4854b5c5fc93c625816d0aed473d0 |
| SHA256 | 4559253d4c1cac88817a8e748f5178ffed8383b723dad6b94893168cc18abf87 |
| SHA512 | e11101b870f33886814f9422b66f6fed7465e7b4306e947771a6a850ca7eb8dcaf064ed7105e48dac74bfc2d82083aa4b1f66c3fe2a3157a3626b8ed80097deb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 889c2f03a99c5b1608b94876d98a8726 |
| SHA1 | 813fa2e1d9e3b015361ecb0cc3a3bda37d7cd0fb |
| SHA256 | f2128cc42c875539b61491d8f0fbea532e4fe5ca9af8fdbbe3fd73ee293bdcc6 |
| SHA512 | 74bd6a859b7243761e9cb8b51ccae073f5498d3c5241482b1ea24f63ca399f35a9ab5bea1c04c0619133d980124d0cf8ffa969053eea3b844bf6d1a4a3cffa99 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6a4add25462e0d1ca2c0023729631136 |
| SHA1 | f50f5b47fc99f9c21017fab9bd352e6b4dd425df |
| SHA256 | 8701b794dea110263e18ac4877f6f34e957fa9199585341869f5ca8721aca09d |
| SHA512 | 71e16c1647feeec6d371f16f29c326575f354ae63ef1a506b21be6a9c49cc84ab0d50baa68870cf644639f2c0328a5ee8f05100ff1d2da34dedc9dd7048febbb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js
| MD5 | c665cdc7b79b1350a5b076550a041be3 |
| SHA1 | 654b22e2c714e215e22979ae658a9d33768063fe |
| SHA256 | 837a2299098af73a9887bcb298a47ae5790a8ee7943a0cd5d7721b0c02e4ddef |
| SHA512 | 6bdffbb1a7f479a6d6684d72ab27d900518e1985a80782a9e368d4a810cdc7b45c679e24bce58ce922f045940a79cbd3192da323de4e403fb8693ca3fe859847 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 41788af1af6e45b22e3e79ba0809974b |
| SHA1 | 59904789578ede901b6d934888c20019c39b2ada |
| SHA256 | 1f2ea8bb0c0918fa296c4109b1ab0d8f95906ff0bf123c5a9ae55eaeef0c6452 |
| SHA512 | 5b641f1fbd5049a33c2c3440fcbce7862966caff62cd5a9d00dd4f47c00e725d8018e00052e74bc4be1e8aff4ed8b0779b887263ef571a77151a4fae91386d8b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 599f243d1a337c206b9bd8e1714a9082 |
| SHA1 | fc3409cf12fae430c1911e673360748632ab101a |
| SHA256 | 906d48aed4d9893ec63d5de16970c69cb8ae321f57e95617e5280db780bdfe87 |
| SHA512 | 7986d3f6661bdd81eb9bad562fdc39806579800b90a0a78d391f27737e7d19fb0daccabf789fc48a618c34c2a4145f482159525335c21c0cc3a093191f7f5cce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9ed74236c9de6a628ffe74926f3fd5ff |
| SHA1 | e8c026a730bf85c05d9b68e4b5a0a0b4cb07223a |
| SHA256 | 2f151a93a442bb856e800ece2e070d7f14930903a817a881a7abbf1a7f74d71e |
| SHA512 | 04a38350719d7b5293d4888797c022e87975f76464f9d6540a15b571beb790e5292e98b118dcb7f6f298dd9bcc71af4471de77a8b38fafb63afa20f0bfd32efb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 480b83d9ecf1d07c894a49ed830534d0 |
| SHA1 | 4123069907686798f55b84ffc57af36c19cfc08f |
| SHA256 | ec30d2af622615a541288f0b53079416bd4db71c20d6f97091741d3c29e338f3 |
| SHA512 | 7851010b3eb8b6fec041612aebe43287dab23d933d15fdaa6f2e7e12588746ff03b2e97b8a4c47ad6ccee63cf318845a60e3664e258167bafc9eab3b3abc898c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1b18becc84cb67e538d799030b38899d |
| SHA1 | ee2df93b9e9f61e8c15e3855bf2dba74ac8a5bb8 |
| SHA256 | 1ab02420d12606bb338398fc11ee16bf655258acff6089d5db1c46ecfdec71f6 |
| SHA512 | d1867ee8da3c06dc39b1b4d3716b2df721952e193cacab82e588da9c261e7f99db494c093ef407be8918eff7b0910c3630f0d37d97a744709a4b82101bdf229a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 990d183fd27fe2115f7ee33b020d809d |
| SHA1 | 1a15c055065c0bc2d4083e34f06d4fe578610333 |
| SHA256 | c48ef4f672afcbaea4af63ed78df3f683d6fdab8a5ce58b2d99768d3ab7a0557 |
| SHA512 | 6485c4f62d38eccdc062acf95b236edece2dc60f610ee7200ef56a61299e4c02dd7be72cb6033915b95fb22f79c422cf63daab3e1c478fbb0558e53a518b0aec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 742fa43f5c09ee25e5c19846f71aca33 |
| SHA1 | 5fab3a50a565bf0e7aff3a0f76d191b3e0350154 |
| SHA256 | e3a93f082a20abb5bba89b5691333ec0a232f2f0f6cc281c01c9d31eab599a16 |
| SHA512 | 4e313db6448d56590ed74241a9c6fc303f4e9dba596cb86a6f6d63d375933bae24e3a786dad93792556652dc963a930bb9cfb7d983206f0a69ae6e7c0a4fc603 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js
| MD5 | 2cd71867e3e46888d7904170c5343bb2 |
| SHA1 | 6a30f68717069f1df96b5cb7f627c9823e53929a |
| SHA256 | b8f083ca0b960c8c39a681d15caf9bd047f43110c3cfa6e9def0fa40cd85085c |
| SHA512 | 5d0159837d35f50891b5f3f55dc88e3c1d0d1251437c37420f52423f22dbd9c66e726ac9c3fa8c034cc91be1525de47c04353ef3227b4bf64a66623b7cc17f7e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\targeting.snapshot.json
| MD5 | dd468a01c2772cba792f2d7eb6ce48ef |
| SHA1 | df032c6c47eda48985ed2379419359456eb4623d |
| SHA256 | bf0bd78082199f12cafe4fb2d5cf154e69eba68a7e319e40164106264fecf069 |
| SHA512 | f44e3d59f17414adbfec233faf92cb744894b790190f5fa84c4f7e8b45442c91619053c89c5a9c28ccd36914de506e47cbfe56ef4f7b65877e8b0234f0052535 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7823f98961ec748569531b850108b5d4 |
| SHA1 | 2c500eddc165e01f9229155e3dea458e00edd0f1 |
| SHA256 | 58e13739aba0fc945253a09dc18774684a9cb1afd77cfc838d6dc63fd53d6f58 |
| SHA512 | 10014c5cae672ddd3cc6405fe06fda1470b2ef75efd2cbfba4668db0d246503a2a29af970d8174dbce162cd6b79e0953f51e7007cf8f3b3ed25fd0214dce593a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\bookmarkbackups\bookmarks-2023-12-20_11_R2GCJW2HdLaIfBVPbIexVQ==.jsonlz4
| MD5 | 0393fcd716a9cca2e366c1f6501fb52a |
| SHA1 | 886d657e057864c6ca12b4614df2473dc982c890 |
| SHA256 | 6b6b3e30941a6c9d5aa9489429cd7e850e59b576352336d1ccfd3646d4668711 |
| SHA512 | 65cd124b101dbc20e3d08c9d0627b97a15d227e2142c1c0760015518f9e6eb25b2c06da46619aa9312b2812e0a2707fdf39ca74f6c87d3526cd42ad7f7a83181 |