Malware Analysis Report

2025-03-15 03:33

Sample ID 231220-rvvv6acabm
Target main.exe
SHA256 c7f1ed371709751d8bb50943670a1dd35a70a19d68bc37c7cbcc53835d0c89f9
Tags
pyinstaller empyrean upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c7f1ed371709751d8bb50943670a1dd35a70a19d68bc37c7cbcc53835d0c89f9

Threat Level: Known bad

The file main.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller empyrean upx

Empyrean family

Detects Empyrean stealer

Loads dropped DLL

UPX packed file

Unsigned PE

Enumerates physical storage devices

Detects Pyinstaller

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-20 14:31

Signatures

Detects Empyrean stealer

Description Indicator Process Target
N/A N/A N/A N/A

Empyrean family

empyrean

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-20 14:31

Reported

2023-12-20 14:36

Platform

win10-20231220-en

Max time kernel

286s

Max time network

255s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc

Signatures

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\.pyc C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\.pyc\ = "pyc_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\pyc_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3500 wrote to memory of 4340 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 3500 wrote to memory of 4340 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3224 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4960 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 4240 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1792 wrote to memory of 2344 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\main.pyc

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.0.1264876035\854068223" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4f68be1-12d2-498b-88ad-d254aaa811c5} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 1796 2716cdd5b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.1.946233559\1921056715" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d9ea292-193b-4950-83f3-8026fc4ac44d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2152 2715aa6fe58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.2.177198332\949869850" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 2640 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c270e0b-46e4-4889-afa1-dc48b7ed7033} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 2700 27170f9fa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.3.2129467575\4180218" -childID 2 -isForBrowser -prefsHandle 3328 -prefMapHandle 3324 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {738903e8-3000-4486-a815-e961335449ec} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 3352 2716f2c8c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.4.1500617900\1316978203" -childID 3 -isForBrowser -prefsHandle 4348 -prefMapHandle 4344 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0233718d-11ac-49d2-8c55-ade608e5039b} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4100 27172e3f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.5.1564496403\645314951" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4836 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f624178-1514-44d7-a664-8eba9882218a} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4800 27172e3ce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.7.1377320153\1100845552" -childID 6 -isForBrowser -prefsHandle 4728 -prefMapHandle 5124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d387950a-2915-4552-8d6a-849af1389d0d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5020 271732dfb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.6.185441557\1022243424" -childID 5 -isForBrowser -prefsHandle 4924 -prefMapHandle 4928 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {275d17b6-5ae4-4283-a8cb-49683c8d72b9} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 4916 271732df558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1792.8.1474383448\101869420" -childID 7 -isForBrowser -prefsHandle 5564 -prefMapHandle 5536 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a954e9-6d39-4e47-b253-8f55f98fe49d} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" 5592 27174b44758 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49782 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 127.0.0.1:49788 tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 www.google.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
GB 142.250.200.4:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-2gb7sne6.gvt1.com udp
PL 173.194.10.167:443 r2---sn-2gb7sne6.gvt1.com tcp
US 8.8.8.8:53 r2.sn-2gb7sne6.gvt1.com udp
US 8.8.8.8:53 r2.sn-2gb7sne6.gvt1.com udp
PL 173.194.10.167:443 r2.sn-2gb7sne6.gvt1.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.10.194.173.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\139867fd-46d1-4464-b234-d9d3dcc85a71

MD5 412219c2754d8a1354e99e5d0fc1eaa1
SHA1 68c02ae793560685c91003e84301832c2c79faa4
SHA256 beca972324701713818f8de7209e1c091f575c056e0d8cf6109b5471a1995462
SHA512 62c49ba72b7a2af08e65b218420c8f6cb3ef7afa5542aaa2a5cd47fff124e4b4798a09cc0e4d93cc126c01d1749c9840a89bc5a7018f9e46884997f7e29999e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

MD5 7471ab394fe720a959e9f4822b42343f
SHA1 66948fbb24a4c2ea3ad769361edbde2395a33181
SHA256 02b89e19fd52adf49b9577bf88d27c2b5ccf922c24e93cb077ace757b28e1212
SHA512 0143335f1cf6b7357a2abbafdf1625f47b082f8cd47a38842d3fe11cd1deb2673e04309fc0b66fafa244849a23e84d7f7dd06289d7163d3798226dfcfe0e021e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 7ead0278c699d366ef216b8258bf0d4a
SHA1 8aff905ed956f541e15f7d5f6365c41959c91ff8
SHA256 65e160ca1ea1e7fb3c460ad35982b336870291a187e93044010771f169e6407b
SHA512 6d4531b8fba949b6047e363e06980c7c2f866f5ab44e3f37b27f06e07a226c9ac2af2342f153b8aeeb3a10d176c0bc319138de02091e20c0f6f16da570fca3a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8672758d0648a052ac5dc7d96c4c2178
SHA1 2b939fd0ae287be579a10fbb9e178386729eae47
SHA256 3355a399151cca6fa68a2fa1b8c11a51d64829db31b127fff3a8efeb1dd5a45a
SHA512 51a22a7313bede1d77d97c987e13aadd3564192d6f1b2cc5a897208e5f82939e8554b50a7a00766dbdd941433053080495d27bb00df8c02ee44081f9837eaf29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5168e5f7dc05a5c3834461f6a5bcb91f
SHA1 44d6be386b31228d5269335ca2da72773bae6ebc
SHA256 8064cbf23bd29ea71d6c3a76d54a72316f125f230bce4fa637c18dd4fdd6a5cc
SHA512 0dd7eb019fa501e66343ff15b7aec97d19d51a0646bfdb39204294fdbfaf99a4044cd68d338f08787c50516a11728530d9be924289a4a9ad3402a492eb7e22ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 9cc6fabedb2459d1d85076acf02ec82a
SHA1 6a27a3caca49d362b87cf8766532d88ea54415f1
SHA256 c04c9177b2af67184a15fe3d59689652791f24f396de3e6154e7f414a80d2787
SHA512 d611e1362d8490477ceb998ee12abd802bd4805c05fdde65c4e14f2bfe198ddf311411e10c53da06f576f0b97612f9d10912ae84b864c6307d52cd2f2782ef25

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 e4e59c794f3f5d97c2ecd3c4c5974629
SHA1 ed251b5e1c09086027e5430ec84297226fdd5941
SHA256 a1d04d40931836b1f8b6996ee74fea03b9d729bbe18c111761890536e8e1debc
SHA512 ebca14198382da417347f6f929d5aa5048c6f1e3ee3c9557652a0829e544a4b9158ace6734b718fd96086cda0f5a213732b6a2781898cf3e903d1fa8eb1891df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 173036d542db4fe1020c93c5471236ca
SHA1 1e8c7c5b8d206bf00f1a56b11db29b59c5ab38f3
SHA256 5de55777b2b26588752b0b57f5146b34c74eddb97e640b79c3662d86c707e335
SHA512 f8f1b8199d482d7d8bb1b0d3cbf349a809e90c03b037271e431392a5c51a8a3da180942bbe1b866f754bb5ad20a53023e2c7809412d30fbe32311a34f7996232

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 27dd1168dc6ca27551626a6021f5f177
SHA1 4f8e24dda061cf32f671668e7842cdb67db40ec4
SHA256 4b05d61fa7a6993b49ff124f292b88dab620ecb86f2abb930b037e9e1bef933c
SHA512 830edb5e2ecf55f437716b158295c3fe640422f790e097f0cc30d30906ffc94165687904eed1b763b11063c6c7e2e2aba0f70d5519fb3f93fa878725d97107fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 31e774e63fbe4e380a2a10e5586beb7d
SHA1 eb15f5d7b5ad11e7607190c57410edb3d9df5b7a
SHA256 31a32abbaf2a560c82520966d4f2cc3c9b7a7e7c927182a33e15207a054696e8
SHA512 73db5d963a19142253756d5ca90daa31f7de45807684be58f88865743d5cbbfed22c2ab21a58b5f5d5f4f768cd9fd3d8811903b9b8759458c1e3587f70c0b5df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f48136b739c0a817ffad0e0b39d80d6d
SHA1 14f4b075eb8b656e5739a5a4f639f901f15f288c
SHA256 90c24a7e02c844ac796a430d0b1ff37b9cd1d209621c642b884f208981f7092b
SHA512 db370a841948df4bed766ab3a907539dc219cc0a1f175cd1f866fc77ec3f8aad55b7fbe23f348eb3ef1adf400b8f75a76b45a365ddeb9349823682de36045988

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 275480b0c72697fa80579257d513968b
SHA1 4aad8865d8a6cb8884ce34f1a6c589567d4ce33d
SHA256 3049a0da918e1af6e8d666fe798b1db8cf1159b1948b581b373204130b273e40
SHA512 70ee8db6aff612f6cffd4f5f28d169120cbef9e4bd44b36a13b5164692e7acaa93b206685442fcd0caab8f1a9284d2bdcc2e9dab1bf3e11b44d2272799e1ddb3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 660b75288ce86fc36a330c270a8d1346
SHA1 6e0db2fe04ee8c35cba69a5864195d0643702bd0
SHA256 8c0a49f444fae74aacc2c1b7195e5024c4ac8a2e11d73accf96cefb7c2717a53
SHA512 c4bc735c0f75bfc297acf05227e66b84c675d38a42136b26669f5dfd7d824f4499774c76f67ca37bb7992cc1a13f927d80767b56790f43bb86115525f98b76b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 73d2f4880a14ed03a4d63ce6f3df86bd
SHA1 bd53750ed7dfea72d9589dd15b1616c4dc283ab4
SHA256 f1b3790962d50887a033fa0ca79cf8a20907f633d840acec3dca8b19551938c1
SHA512 8dc4d030df2e4d0984e1ccbb3fce971a6644c6e2f9893f8bb532cf5f40e4e0ff05b9d4839dd60e89f83571c0153fcbf23f5e3bc1e4ce03ae4ef5a0e4ef306ec9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\targeting.snapshot.json

MD5 cc6e954a1c32d17e07228e070630a3fb
SHA1 148bfe510a2c2f697fb861cb364b9e96849337de
SHA256 527697daf259f6cd8869c090615983521dd8bc974c513db5186378785b7fe709
SHA512 525ed2e5783af9efb93ca2f722bd4cd67da2de8718f6bdb464bcd864cec3ab83fb27fdf1b345b55509108ad809bfd03e75faff3c58275cf231cb802b184b6e5e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 d204a3518d751d0f1523df3c38f8fafb
SHA1 c4c63c57b73da654e85e4d690a20afa508a8cb89
SHA256 f06027f700fd557c8ba90f896c29929226ab02ba6d8fabd49d9a290c140cb635
SHA512 69d676ffc0538972004c715e379bc9cbe7ae480562864b59c40a71567b615918e6a3e6099a2c4cf57e359f7c906c2777fbc5b765d1848154bee9eaa5409753b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\bookmarkbackups\bookmarks-2023-12-20_11_R2GCJW2HdLaIfBVPbIexVQ==.jsonlz4

MD5 0393fcd716a9cca2e366c1f6501fb52a
SHA1 886d657e057864c6ca12b4614df2473dc982c890
SHA256 6b6b3e30941a6c9d5aa9489429cd7e850e59b576352336d1ccfd3646d4668711
SHA512 65cd124b101dbc20e3d08c9d0627b97a15d227e2142c1c0760015518f9e6eb25b2c06da46619aa9312b2812e0a2707fdf39ca74f6c87d3526cd42ad7f7a83181

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-20 14:31

Reported

2023-12-20 14:36

Platform

win10-20231220-en

Max time kernel

295s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\main.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2956 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Users\Admin\AppData\Local\Temp\main.exe
PID 2956 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Users\Admin\AppData\Local\Temp\main.exe
PID 4588 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Windows\system32\cmd.exe
PID 4588 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Windows\system32\cmd.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3964 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 4172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 4172 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4200 wrote to memory of 1792 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.0.1099748450\1359348738" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6acb039a-fb24-4717-b819-124bbf5afbeb} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 1796 1b0c1bd4858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.1.1750332394\327665445" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeb370ab-a802-4bc0-a5d4-6eedc51ed9ca} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 2152 1b0c1531758 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.2.578381091\1081336086" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 2660 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83091af5-2a88-46b1-acb6-a92662ae04fb} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 2844 1b0c1b5b358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.3.880399446\1186720931" -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 3528 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cee412f-af9f-4fa4-8b7f-0b8287a362da} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 3548 1b0af662558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.4.339811993\735246984" -childID 3 -isForBrowser -prefsHandle 3536 -prefMapHandle 3528 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a9d5dd8-adf3-4c84-89ee-b92aa6a834e7} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 4284 1b0c44c3e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.7.688137207\1516613243" -childID 6 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87823a8-9f0d-48e0-8ea2-becc311856fd} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 5176 1b0c82ab458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.6.1397209352\725455192" -childID 5 -isForBrowser -prefsHandle 4700 -prefMapHandle 4696 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2176cae9-05c4-45a9-88f1-5c616cfd39ee} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 4624 1b0c82ac958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.5.583973179\1356828564" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4876 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1abbb635-e991-4e1d-95fb-b467b3de8923} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 4888 1b0c82aa858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4200.8.1911912119\1689514040" -childID 7 -isForBrowser -prefsHandle 4696 -prefMapHandle 5208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc15dbb8-7d70-4a52-b03a-3ae659478bb7} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" 5196 1b0c96bf258 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49998 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:50004 tcp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-2gb7sne6.gvt1.com udp
US 8.8.8.8:53 r2.sn-2gb7sne6.gvt1.com udp
PL 173.194.10.167:443 r2.sn-2gb7sne6.gvt1.com tcp
US 8.8.8.8:53 r2.sn-2gb7sne6.gvt1.com udp
PL 173.194.10.167:443 r2.sn-2gb7sne6.gvt1.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.10.194.173.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 72.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29562\python310.dll

MD5 69d4f13fbaeee9b551c2d9a4a94d4458
SHA1 69540d8dfc0ee299a7ff6585018c7db0662aa629
SHA256 801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046
SHA512 8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

C:\Users\Admin\AppData\Local\Temp\_MEI29562\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

memory/4588-75-0x00007FFD75760000-0x00007FFD75BCE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29562\base_library.zip

MD5 6193ef476f7798815a42b4dce8d29618
SHA1 9d3fd67658f984cec775939898085be131cb728b
SHA256 a9d3fe0cdf5334a19657eab77ef97a5c6731103edb251d7204e4633af3aa8c9e
SHA512 6555a2be2f9608f3f82ad2e0af664d494407d2eec9e1b005533e57f1f067ef646d784ed019d522fe1329f90bc3b6641759ad96e1ed6fe166880e8356e19f39ab

C:\Users\Admin\AppData\Local\Temp\_MEI29562\_ctypes.pyd

MD5 6ca9a99c75a0b7b6a22681aa8e5ad77b
SHA1 dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8
SHA256 d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8
SHA512 b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe

\Users\Admin\AppData\Local\Temp\_MEI29562\libffi-7.dll

MD5 b5150b41ca910f212a1dd236832eb472
SHA1 a17809732c562524b185953ffe60dfa91ba3ce7d
SHA256 1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA512 9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

\Users\Admin\AppData\Local\Temp\_MEI29562\_socket.pyd

MD5 afd296823375e106c4b1ac8b39927f8b
SHA1 b05d811e5a5921d5b5cc90b9e4763fd63783587b
SHA256 e423a7c2ce5825dfdd41cfc99c049ff92abfb2aa394c85d0a9a11de7f8673007
SHA512 95e98a24be9e603b2870b787349e2aa7734014ac088c691063e4078e11a04898c9c547d6998224b1b171fc4802039c3078a28c7e81d59f6497f2f9230d8c9369

memory/4588-84-0x00007FFD88E10000-0x00007FFD88E34000-memory.dmp

memory/4588-87-0x00007FFD8C830000-0x00007FFD8C83F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI29562\select.pyd

MD5 72009cde5945de0673a11efb521c8ccd
SHA1 bddb47ac13c6302a871a53ba303001837939f837
SHA256 5aaa15868421a46461156e7817a69eeeb10b29c1e826a9155b5f8854facf3dca
SHA512 d00a42700c9201f23a44fd9407fea7ea9df1014c976133f33ff711150727bf160941373d53f3a973f7dd6ca7b5502e178c2b88ea1815ca8bce1a239ed5d8256d

\Users\Admin\AppData\Local\Temp\_MEI29562\pywintypes310.dll

MD5 6f2aa8fa02f59671f99083f9cef12cda
SHA1 9fd0716bcde6ac01cd916be28aa4297c5d4791cd
SHA256 1a15d98d4f9622fa81b60876a5f359707a88fbbbae3ae4e0c799192c378ef8c6
SHA512 f5d5112e63307068cdb1d0670fe24b65a9f4942a39416f537bdbc17dedfd99963861bf0f4e94299cdce874816f27b3d86c4bebb889c3162c666d5ee92229c211

memory/4588-107-0x00007FFD88CB0000-0x00007FFD88D6C000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\pyexpat.pyd

MD5 5a328b011fa748939264318a433297e2
SHA1 d46dd2be7c452e5b6525e88a2d29179f4c07de65
SHA256 e8a81b47029e8500e0f4e04ccf81f8bdf23a599a2b5cd627095678cdf2fabc14
SHA512 06fa8262378634a42f5ab8c1e5f6716202544c8b304de327a08aa20c8f888114746f69b725ed3088d975d09094df7c3a37338a93983b957723aa2b7fda597f87

\Users\Admin\AppData\Local\Temp\_MEI29562\_queue.pyd

MD5 0d267bb65918b55839a9400b0fb11aa2
SHA1 54e66a14bea8ae551ab6f8f48d81560b2add1afc
SHA256 13ee41980b7d0fb9ce07f8e41ee6a309e69a30bbf5b801942f41cbc357d59e9c
SHA512 c2375f46a98e44f54e2dd0a5cc5f016098500090bb78de520dc5e05aef8e6f11405d8f6964850a03060caed3628d0a6303091cba1f28a0aa9b3b814217d71e56

memory/4588-113-0x00007FFD88C40000-0x00007FFD88C74000-memory.dmp

memory/4588-116-0x00007FFD88C30000-0x00007FFD88C3D000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\_decimal.pyd

MD5 eb45ea265a48348ce0ac4124cb72df22
SHA1 ecdc1d76a205f482d1ed9c25445fa6d8f73a1422
SHA256 3881f00dbc4aadf9e87b44c316d93425a8f6ba73d72790987226238defbc7279
SHA512 f7367bf2a2d221a7508d767ad754b61b2b02cdd7ae36ae25b306f3443d4800d50404ac7e503f589450ed023ff79a2fb1de89a30a49aa1dd32746c3e041494013

\Users\Admin\AppData\Local\Temp\_MEI29562\psutil\_psutil_windows.pyd

MD5 fb17b2f2f09725c3ffca6345acd7f0a8
SHA1 b8d747cc0cb9f7646181536d9451d91d83b9fc61
SHA256 9c7d401418db14353db85b54ff8c7773ee5d17cbf9a20085fde4af652bd24fc4
SHA512 b4acb60045da8639779b6bb01175b13344c3705c92ea55f9c2942f06c89e5f43cedae8c691836d63183cacf2d0a98aa3bcb0354528f1707956b252206991bf63

\Users\Admin\AppData\Local\Temp\_MEI29562\_ssl.pyd

MD5 1e643c629f993a63045b0ff70d6cf7c6
SHA1 9af2d22226e57dc16c199cad002e3beb6a0a0058
SHA256 4a50b4b77bf9e5d6f62c7850589b80b4caa775c81856b0d84cb1a73d397eb38a
SHA512 9d8cd6e9c03880cc015e87059db28ff588881679f8e3f5a26a90f13e2c34a5bd03fb7329d9a4e33c4a01209c85a36fc999e77d9ece42cebdb738c2f1fd6775af

C:\Users\Admin\AppData\Local\Temp\_MEI29562\libcrypto-1_1.dll

MD5 f9d318fdfd968d695670ebfd7f821b65
SHA1 bd3a471b3406dd75728c8c98c13cb12cbffdc273
SHA256 5d26ec9f53f92067a58c64e8f3cb2552fa870f92db046e399ab3f78a9bdd58c9
SHA512 2498c14b3dbd6fd50ccf004c09c3183a372dd5f752ab2906adb33faf643df8635c9f93cc56df5a6ec57a689ea8d834b9385558aa43534d4459ebc6ec04a62859

\Users\Admin\AppData\Local\Temp\_MEI29562\libssl-1_1.dll

MD5 48d792202922fffe8ea12798f03d94de
SHA1 f8818be47becb8ccf2907399f62019c3be0efeb5
SHA256 8221a76831a103b2b2ae01c3702d0bba4f82f2afd4390a3727056e60b28650cc
SHA512 69f3a8b556dd517ae89084623f499ef89bd0f97031e3006677ceed330ed13fcc56bf3cde5c9ed0fc6c440487d13899ffda775e6a967966294cadfd70069b2833

\Users\Admin\AppData\Local\Temp\_MEI29562\libcrypto-1_1.dll

MD5 f29267002e0c0da65a7872e133df46e9
SHA1 42747c88b57f7f7a54c21717ceaf6b04170d51b6
SHA256 28981d6393ad6eae7fe5ca979d1a4912a73df9eb11a3094c4704d3e5c13c0553
SHA512 9f3f3baaa18cae5fd56485a292146ce6daf23ea67f0b7b445b9c1949bc83a062dbf04ab89631babbd8f9d37a8c0e0c11440b38249eec2c22d037e07a682d8ca7

memory/4588-134-0x00007FFD85F80000-0x00007FFD85F9C000-memory.dmp

memory/4588-136-0x00007FFD85B10000-0x00007FFD85B3E000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\libcrypto-1_1.dll

MD5 62c560d04f8dfcaa798549d7ac7274da
SHA1 8de88dfb7cd336f967192f13eeed5aed31ce8fba
SHA256 e04a0aba203723df51009e5c34318cde8e70c39f7188e7282496de6bf48993cf
SHA512 946a8de5b1dcdedbf3412986337ba0b4b028e3584d08b141af4b1a52e2076700df55952c72599eb4cb9a5d61447b04c40e8ff9addee56822f59a775837e72141

memory/4588-135-0x00000201F0430000-0x00000201F07A5000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\_hashlib.pyd

MD5 0d723bc34592d5bb2b32cf259858d80e
SHA1 eacfabd037ba5890885656f2485c2d7226a19d17
SHA256 f2b927aaa856d23f628b01380d5a19bfe9233db39c9078c0e0585d376948c13f
SHA512 3e79455554d527d380adca39ac10dbf3914ca4980d8ee009b7daf30aeb4e9359d9d890403da9cc2b69327c695c57374c390fa780a8fd6148bbea3136138ead33

C:\Users\Admin\AppData\Local\Temp\_MEI29562\unicodedata.pyd

MD5 ca3baebf8725c7d785710f1dfbb2736d
SHA1 8f9aec2732a252888f3873967d8cc0139ff7f4e5
SHA256 f2d03a39556491d1ace63447b067b38055f32f5f1523c01249ba18052c599b4c
SHA512 5c2397e4dcb361a154cd3887c229bcf7ef980acbb4b851a16294d5df6245b2615cc4b42f6a95cf1d3c49b735c2f7025447247d887ccf4cd964f19f14e4533470

memory/4588-150-0x00007FFD85BE0000-0x00007FFD85BEB000-memory.dmp

memory/4588-151-0x00007FFD85A00000-0x00007FFD85A26000-memory.dmp

memory/4588-149-0x00007FFD858E0000-0x00007FFD859F8000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

MD5 9bb72ad673c91050ecb9f4a3f98b91ef
SHA1 67ff2d6ab21e2bbe84f43a84ecd2fd64161e25f4
SHA256 17fc896275afcd3cdd20836a7379d565d156cd409dc28f95305c32f1b3e99c4f
SHA512 4c1236f9cfbb2ec8e895c134b7965d1ebf5404e5d00acf543b9935bc22d07d58713a75eee793c02dfda29b128412972f00e82a636d33ec8c9e0d9804f465bc40

memory/4588-145-0x00007FFD85A30000-0x00007FFD85A44000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\charset_normalizer\md.cp310-win_amd64.pyd

MD5 79f58590559566a010140b0b94a9ff3f
SHA1 e3b6b62886bba487e524cbba4530ca703b24cbda
SHA256 f8eae2b1020024ee92ba116c29bc3c8f80906be2029ddbe0c48ca1d02bf1ea73
SHA512 ecfcd6c58175f3e95195abe9a18bb6dd1d10b989539bf24ea1bcdbd3c435a10bbd2d8835a4c3acf7f9aeb44b160307ae0c377125202b9dbf0dd6e8cfd2603131

memory/4588-142-0x00007FFD88DF0000-0x00007FFD88E09000-memory.dmp

memory/4588-140-0x00007FFD753E0000-0x00007FFD75755000-memory.dmp

memory/4588-138-0x00007FFD85A50000-0x00007FFD85B08000-memory.dmp

memory/4588-131-0x00007FFD85FA0000-0x00007FFD85FAA000-memory.dmp

memory/4588-129-0x00007FFD88E10000-0x00007FFD88E34000-memory.dmp

memory/4588-128-0x00007FFD75760000-0x00007FFD75BCE000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\_uuid.pyd

MD5 81dfa68ca3cb20ced73316dbc78423f6
SHA1 8841cf22938aa6ee373ff770716bb9c6d9bc3e26
SHA256 d0cb6dd98a2c9d4134c6ec74e521bad734bc722d6a3b4722428bf79e7b66f190
SHA512 e24288ae627488251682cd47c1884f2dc5f4cd834d7959b9881e5739c42d91fd0a30e75f0de77f5b5a0d63d9baebcafa56851e7e40812df367fd433421c0ccdb

memory/4588-119-0x00007FFD85BF0000-0x00007FFD85C32000-memory.dmp

memory/4588-111-0x00007FFD88C80000-0x00007FFD88CAB000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\win32api.pyd

MD5 561f419a2b44158646ee13cd9af44c60
SHA1 93212788de48e0a91e603d74f071a7c8f42fe39b
SHA256 631465da2a1dad0cb11cd86b14b4a0e4c7708d5b1e8d6f40ae9e794520c3aaf7
SHA512 d76ab089f6dc1beffd5247e81d267f826706e60604a157676e6cbc3b3447f5bcee66a84bf35c21696c020362fadd814c3e0945942cdc5e0dfe44c0bca169945c

\Users\Admin\AppData\Local\Temp\_MEI29562\pythoncom310.dll

MD5 9051abae01a41ea13febdea7d93470c0
SHA1 b06bd4cd4fd453eb827a108e137320d5dc3a002f
SHA256 f12c8141d4795719035c89ff459823ed6174564136020739c106f08a6257b399
SHA512 58d8277ec4101ad468dd8c4b4a9353ab684ecc391e5f9db37de44d5c3316c17d4c7a5ffd547ce9b9a08c56e3dd6d3c87428eae12144dfb72fc448b0f2cfc47da

memory/4588-105-0x00007FFD88D70000-0x00007FFD88D9D000-memory.dmp

memory/4588-104-0x00007FFD88DA0000-0x00007FFD88DB9000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\_lzma.pyd

MD5 abceeceaeff3798b5b0de412af610f58
SHA1 c3c94c120b5bed8bccf8104d933e96ac6e42ca90
SHA256 216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e
SHA512 3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955

\Users\Admin\AppData\Local\Temp\_MEI29562\_bz2.pyd

MD5 758fff1d194a7ac7a1e3d98bcf143a44
SHA1 de1c61a8e1fb90666340f8b0a34e4d8bfc56da07
SHA256 f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708
SHA512 468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc

memory/4588-97-0x00007FFD88DC0000-0x00007FFD88DEE000-memory.dmp

memory/4588-95-0x00007FFD89910000-0x00007FFD8991D000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\VCRUNTIME140_1.dll

MD5 bba9680bc310d8d25e97b12463196c92
SHA1 9a480c0cf9d377a4caedd4ea60e90fa79001f03a
SHA256 e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab
SHA512 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

memory/4588-89-0x00007FFD88DF0000-0x00007FFD88E09000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI29562\python3.dll

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

memory/4588-152-0x00007FFD75760000-0x00007FFD75BCE000-memory.dmp

memory/4588-153-0x00007FFD88E10000-0x00007FFD88E34000-memory.dmp

memory/4588-154-0x00007FFD8C830000-0x00007FFD8C83F000-memory.dmp

memory/4588-160-0x00007FFD88CB0000-0x00007FFD88D6C000-memory.dmp

memory/4588-161-0x00007FFD88C80000-0x00007FFD88CAB000-memory.dmp

memory/4588-173-0x00007FFD858E0000-0x00007FFD859F8000-memory.dmp

memory/4588-172-0x00007FFD85A00000-0x00007FFD85A26000-memory.dmp

memory/4588-171-0x00007FFD85BE0000-0x00007FFD85BEB000-memory.dmp

memory/4588-170-0x00007FFD85A30000-0x00007FFD85A44000-memory.dmp

memory/4588-169-0x00007FFD753E0000-0x00007FFD75755000-memory.dmp

memory/4588-168-0x00007FFD85A50000-0x00007FFD85B08000-memory.dmp

memory/4588-167-0x00007FFD85B10000-0x00007FFD85B3E000-memory.dmp

memory/4588-166-0x00007FFD85F80000-0x00007FFD85F9C000-memory.dmp

memory/4588-165-0x00007FFD85FA0000-0x00007FFD85FAA000-memory.dmp

memory/4588-164-0x00007FFD85BF0000-0x00007FFD85C32000-memory.dmp

memory/4588-163-0x00007FFD88C30000-0x00007FFD88C3D000-memory.dmp

memory/4588-162-0x00007FFD88C40000-0x00007FFD88C74000-memory.dmp

memory/4588-159-0x00007FFD88D70000-0x00007FFD88D9D000-memory.dmp

memory/4588-158-0x00007FFD88DA0000-0x00007FFD88DB9000-memory.dmp

memory/4588-157-0x00007FFD88DC0000-0x00007FFD88DEE000-memory.dmp

memory/4588-156-0x00007FFD89910000-0x00007FFD8991D000-memory.dmp

memory/4588-155-0x00007FFD88DF0000-0x00007FFD88E09000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\c0ccac6d-460e-4b81-aca6-c9053f0bf3cb

MD5 109dc026fb102ec6b43c7252b5e10d36
SHA1 a91ca0715886f7b86bbac64692bad6004300dd70
SHA256 59fae43545adb88d17d5b2764e963e3c3597f414ecf150d0738938bca5749b2c
SHA512 34934385ecc89b55a251d1f2883283b043cc77437ca54c84900f61a37eca74614668df755b75dfe5992f24e835d7077ebd2081910d245e70f366b1c62e3e8f21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin

MD5 a974c9f76be30e0dc37a26959484143c
SHA1 fbf72b2f959b25a0c5fbf66276bd76ff81570429
SHA256 6c610f403939244af3faa102841deef0ee27e8c9404fc3ee50f332436adcf28f
SHA512 472519d2e825b4c720945830c3b83a09fdda65e4e5300fa391ea0853288ac2f90eb6d56d2a7cce2f7923dac754a62875d53273f102fd06528645af779578c1e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 6942ebe3c2b5ff665c694aa35d9dc3e8
SHA1 162e054edbc4854b5c5fc93c625816d0aed473d0
SHA256 4559253d4c1cac88817a8e748f5178ffed8383b723dad6b94893168cc18abf87
SHA512 e11101b870f33886814f9422b66f6fed7465e7b4306e947771a6a850ca7eb8dcaf064ed7105e48dac74bfc2d82083aa4b1f66c3fe2a3157a3626b8ed80097deb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 889c2f03a99c5b1608b94876d98a8726
SHA1 813fa2e1d9e3b015361ecb0cc3a3bda37d7cd0fb
SHA256 f2128cc42c875539b61491d8f0fbea532e4fe5ca9af8fdbbe3fd73ee293bdcc6
SHA512 74bd6a859b7243761e9cb8b51ccae073f5498d3c5241482b1ea24f63ca399f35a9ab5bea1c04c0619133d980124d0cf8ffa969053eea3b844bf6d1a4a3cffa99

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6a4add25462e0d1ca2c0023729631136
SHA1 f50f5b47fc99f9c21017fab9bd352e6b4dd425df
SHA256 8701b794dea110263e18ac4877f6f34e957fa9199585341869f5ca8721aca09d
SHA512 71e16c1647feeec6d371f16f29c326575f354ae63ef1a506b21be6a9c49cc84ab0d50baa68870cf644639f2c0328a5ee8f05100ff1d2da34dedc9dd7048febbb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 c665cdc7b79b1350a5b076550a041be3
SHA1 654b22e2c714e215e22979ae658a9d33768063fe
SHA256 837a2299098af73a9887bcb298a47ae5790a8ee7943a0cd5d7721b0c02e4ddef
SHA512 6bdffbb1a7f479a6d6684d72ab27d900518e1985a80782a9e368d4a810cdc7b45c679e24bce58ce922f045940a79cbd3192da323de4e403fb8693ca3fe859847

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 41788af1af6e45b22e3e79ba0809974b
SHA1 59904789578ede901b6d934888c20019c39b2ada
SHA256 1f2ea8bb0c0918fa296c4109b1ab0d8f95906ff0bf123c5a9ae55eaeef0c6452
SHA512 5b641f1fbd5049a33c2c3440fcbce7862966caff62cd5a9d00dd4f47c00e725d8018e00052e74bc4be1e8aff4ed8b0779b887263ef571a77151a4fae91386d8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 599f243d1a337c206b9bd8e1714a9082
SHA1 fc3409cf12fae430c1911e673360748632ab101a
SHA256 906d48aed4d9893ec63d5de16970c69cb8ae321f57e95617e5280db780bdfe87
SHA512 7986d3f6661bdd81eb9bad562fdc39806579800b90a0a78d391f27737e7d19fb0daccabf789fc48a618c34c2a4145f482159525335c21c0cc3a093191f7f5cce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9ed74236c9de6a628ffe74926f3fd5ff
SHA1 e8c026a730bf85c05d9b68e4b5a0a0b4cb07223a
SHA256 2f151a93a442bb856e800ece2e070d7f14930903a817a881a7abbf1a7f74d71e
SHA512 04a38350719d7b5293d4888797c022e87975f76464f9d6540a15b571beb790e5292e98b118dcb7f6f298dd9bcc71af4471de77a8b38fafb63afa20f0bfd32efb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 480b83d9ecf1d07c894a49ed830534d0
SHA1 4123069907686798f55b84ffc57af36c19cfc08f
SHA256 ec30d2af622615a541288f0b53079416bd4db71c20d6f97091741d3c29e338f3
SHA512 7851010b3eb8b6fec041612aebe43287dab23d933d15fdaa6f2e7e12588746ff03b2e97b8a4c47ad6ccee63cf318845a60e3664e258167bafc9eab3b3abc898c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1b18becc84cb67e538d799030b38899d
SHA1 ee2df93b9e9f61e8c15e3855bf2dba74ac8a5bb8
SHA256 1ab02420d12606bb338398fc11ee16bf655258acff6089d5db1c46ecfdec71f6
SHA512 d1867ee8da3c06dc39b1b4d3716b2df721952e193cacab82e588da9c261e7f99db494c093ef407be8918eff7b0910c3630f0d37d97a744709a4b82101bdf229a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 990d183fd27fe2115f7ee33b020d809d
SHA1 1a15c055065c0bc2d4083e34f06d4fe578610333
SHA256 c48ef4f672afcbaea4af63ed78df3f683d6fdab8a5ce58b2d99768d3ab7a0557
SHA512 6485c4f62d38eccdc062acf95b236edece2dc60f610ee7200ef56a61299e4c02dd7be72cb6033915b95fb22f79c422cf63daab3e1c478fbb0558e53a518b0aec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4

MD5 742fa43f5c09ee25e5c19846f71aca33
SHA1 5fab3a50a565bf0e7aff3a0f76d191b3e0350154
SHA256 e3a93f082a20abb5bba89b5691333ec0a232f2f0f6cc281c01c9d31eab599a16
SHA512 4e313db6448d56590ed74241a9c6fc303f4e9dba596cb86a6f6d63d375933bae24e3a786dad93792556652dc963a930bb9cfb7d983206f0a69ae6e7c0a4fc603

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\prefs-1.js

MD5 2cd71867e3e46888d7904170c5343bb2
SHA1 6a30f68717069f1df96b5cb7f627c9823e53929a
SHA256 b8f083ca0b960c8c39a681d15caf9bd047f43110c3cfa6e9def0fa40cd85085c
SHA512 5d0159837d35f50891b5f3f55dc88e3c1d0d1251437c37420f52423f22dbd9c66e726ac9c3fa8c034cc91be1525de47c04353ef3227b4bf64a66623b7cc17f7e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\targeting.snapshot.json

MD5 dd468a01c2772cba792f2d7eb6ce48ef
SHA1 df032c6c47eda48985ed2379419359456eb4623d
SHA256 bf0bd78082199f12cafe4fb2d5cf154e69eba68a7e319e40164106264fecf069
SHA512 f44e3d59f17414adbfec233faf92cb744894b790190f5fa84c4f7e8b45442c91619053c89c5a9c28ccd36914de506e47cbfe56ef4f7b65877e8b0234f0052535

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 7823f98961ec748569531b850108b5d4
SHA1 2c500eddc165e01f9229155e3dea458e00edd0f1
SHA256 58e13739aba0fc945253a09dc18774684a9cb1afd77cfc838d6dc63fd53d6f58
SHA512 10014c5cae672ddd3cc6405fe06fda1470b2ef75efd2cbfba4668db0d246503a2a29af970d8174dbce162cd6b79e0953f51e7007cf8f3b3ed25fd0214dce593a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\bookmarkbackups\bookmarks-2023-12-20_11_R2GCJW2HdLaIfBVPbIexVQ==.jsonlz4

MD5 0393fcd716a9cca2e366c1f6501fb52a
SHA1 886d657e057864c6ca12b4614df2473dc982c890
SHA256 6b6b3e30941a6c9d5aa9489429cd7e850e59b576352336d1ccfd3646d4668711
SHA512 65cd124b101dbc20e3d08c9d0627b97a15d227e2142c1c0760015518f9e6eb25b2c06da46619aa9312b2812e0a2707fdf39ca74f6c87d3526cd42ad7f7a83181