Analysis Overview
SHA256
c5fd5691f4eec136f0bdbfbc3f84c0f70cb0b39d03ea4402eace25b90a699c82
Threat Level: Likely malicious
The file potato-launcher.Setup.2.2.6.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Drops file in Windows directory
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-04 18:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral9
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
312s
Max time network
1600s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
469s
Max time network
1591s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe"
C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe" --type=gpu-process --field-trial-handle=1452,12232941864867033136,7730113696170313515,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1460 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,12232941864867033136,7730113696170313515,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1668 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe" --type=renderer --field-trial-handle=1452,12232941864867033136,7730113696170313515,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe" --type=gpu-process --field-trial-handle=1452,12232941864867033136,7730113696170313515,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2372 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 142.250.180.10:80 | fonts.googleapis.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| GB | 142.250.179.227:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.178.17.96.in-addr.arpa | udp |
Files
memory/5076-8-0x00007FF9E6F00000-0x00007FF9E6F01000-memory.dmp
C:\Users\Admin\AppData\Roaming\potato-launcher\Network Persistent State~RFe58f596.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\potato-launcher\Network Persistent State
| MD5 | 4bf4de22b9ec2623df888602ec206927 |
| SHA1 | cca259876d216ce68ea6501dc497859fd30df5fa |
| SHA256 | c482b2f9541b0b4df0aa2762a40e0e207142ed3135ec6232a7ec32c7bc8afce6 |
| SHA512 | 9f848c07a9375ffe53347a4a9efd85a1ec535a5aaecda750799e6d3f35c6ab6868859609468cc7f80d893d9118faae6cccbfaa8455a70e246f520ce7fd53a77e |
Analysis: behavioral13
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
309s
Max time network
1606s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
314s
Max time network
1597s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4432 wrote to memory of 2352 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall potato-launcher.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 4432 wrote to memory of 2352 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall potato-launcher.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 4432 wrote to memory of 2352 | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall potato-launcher.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Uninstall potato-launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall potato-launcher.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.6.0.0.0.0.0.0.0.e.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
| MD5 | ff2c08bb78a189ee17ca0ec6ae4e9c9e |
| SHA1 | b6b33df1e39e77fef225c4216652ba1734236323 |
| SHA256 | 1e90aaa075e22679d5ceab5392ca34ed02f8c0559d8b3b7e39092d798c5e7439 |
| SHA512 | 5e1756bb6ec1417f95c7c7ba6dc3b07adc67b8468ef7ac7f7463dff3e4f2dd5fed3cbedbaf0497a920551b8e0d41775b0c423c751773d2c8e2bf7ea483a21a24 |
\Users\Admin\AppData\Local\Temp\nsh664C.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsh664C.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nsh664C.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
\Users\Admin\AppData\Local\Temp\nsh664C.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
Analysis: behavioral23
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:36
Platform
win10-20240221-en
Max time kernel
315s
Max time network
1582s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4680 wrote to memory of 4548 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4680 wrote to memory of 4548 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4680 wrote to memory of 4548 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
1212s
Max time network
1589s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5060 wrote to memory of 3328 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5060 wrote to memory of 3328 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5060 wrote to memory of 3328 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.80.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
1799s
Max time network
1596s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\2219095117.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = de292ac35e6eda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000bce1ab6b8ee94c0a0edef60b81dc8109444db6f702b7486dbb45f22d913503a204921795b5f8b43990503d4f98e182175be2e34af1708bb7f166 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e19f9fd55e6eda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 344fb0d55e6eda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e5db1bc35e6eda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f44837c75e6eda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 30876228916eda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = d03c8bc21c75da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "416340597" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.128.164:443 | www.bing.com | tcp |
| GB | 92.123.128.164:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 133.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
Files
memory/5112-0-0x0000024F00320000-0x0000024F00330000-memory.dmp
memory/5112-16-0x0000024F00900000-0x0000024F00910000-memory.dmp
memory/5112-35-0x0000024F00BD0000-0x0000024F00BD2000-memory.dmp
memory/2228-56-0x0000017703AE0000-0x0000017703AE2000-memory.dmp
memory/2228-59-0x00000177043A0000-0x00000177043A2000-memory.dmp
memory/2228-61-0x00000177043C0000-0x00000177043C2000-memory.dmp
memory/2228-63-0x00000177043E0000-0x00000177043E2000-memory.dmp
memory/2228-65-0x00000177156D0000-0x00000177156D2000-memory.dmp
memory/2228-67-0x00000177156F0000-0x00000177156F2000-memory.dmp
memory/2228-69-0x00000177160A0000-0x00000177160A2000-memory.dmp
memory/2228-71-0x00000177160C0000-0x00000177160C2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZP3JQEV6\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
memory/5112-90-0x0000024F06D60000-0x0000024F06D61000-memory.dmp
memory/5112-91-0x0000024F06D70000-0x0000024F06D71000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WFH0F0I5\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral8
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
313s
Max time network
1608s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:36
Platform
win10-20240221-en
Max time kernel
375s
Max time network
1608s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3452 wrote to memory of 4940 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3452 wrote to memory of 4940 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3452 wrote to memory of 4940 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 616
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
310s
Max time network
1602s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
397s
Max time network
1614s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
315s
Max time network
1587s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4620 wrote to memory of 4760 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4620 wrote to memory of 4760 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4620 wrote to memory of 4760 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 620
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
314s
Max time network
1608s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4448 wrote to memory of 1412 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4448 wrote to memory of 1412 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4448 wrote to memory of 1412 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 616
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:36
Platform
win10-20240221-en
Max time kernel
316s
Max time network
1596s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 220 wrote to memory of 364 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 220 wrote to memory of 364 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 220 wrote to memory of 364 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 636
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
1247s
Max time network
1606s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ykacfmayoi.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\de4dot.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\de4dot.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\de4dot\de4dot.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\de4dot\de4dot-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\de4dot\Test.Rename.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FileGrab.exe | N/A |
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1524 set thread context of 4984 | N/A | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | C:\Users\Admin\Downloads\ykacfmayoi.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\810424605.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\3877292338.pri | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\de4dot.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\de4dot.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\FileGrab.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "8" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Users\Admin\Downloads\FileGrab.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Users\Admin\Downloads\FileGrab.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\ykacfmayoi.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\dnSpy-net-win64.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\de4dot.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\FileGrab.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.0.902446050\1255198404" -parentBuildID 20221007134813 -prefsHandle 1724 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {091dbbe6-867b-4a3d-a040-398110fe1953} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 1816 22e110e6f58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.1.216691906\1541837410" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b13f223-a32a-40dc-a198-cf677207eba1} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 2152 22e10ffc858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.2.1186576990\1275767965" -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 2892 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c45c63fc-30f6-4a88-af0f-208c5ae72750} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 2820 22e152de658 tab
C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe
"C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.3.1655919174\1963909405" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e8bec9f-9c26-4d5a-a909-09ccbab08048} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 3460 22e16023858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.4.498438098\2004072813" -childID 3 -isForBrowser -prefsHandle 3840 -prefMapHandle 3852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52360a58-536e-4048-818e-100889540c2f} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 3516 22e1736d658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.5.732299100\1966135769" -childID 4 -isForBrowser -prefsHandle 4768 -prefMapHandle 4832 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {464775c8-9a0b-4505-b247-fec312afc867} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 4836 22e173df858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.6.1715769756\1076552588" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5060 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1acd2a60-ed22-4b7f-87d2-ff06cabf173c} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 5076 22e176dde58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.7.1477757766\118136183" -childID 6 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaa435ea-a140-41a3-b731-4401ab44a74f} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 5156 22e17fcb358 tab
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe"
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=gpu-process --field-trial-handle=1488,1580137055281438259,15850614484432545607,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1500 /prefetch:2
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,1580137055281438259,15850614484432545607,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1652 /prefetch:8
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
"C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=renderer --field-trial-handle=1488,1580137055281438259,15850614484432545607,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\potato-launcher\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.8.552412676\1889696638" -childID 7 -isForBrowser -prefsHandle 2628 -prefMapHandle 3224 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0e5ffc7-dd32-4cd0-8840-21088f6a1891} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 2632 22e18cb1958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.9.980040610\1410839059" -childID 8 -isForBrowser -prefsHandle 6040 -prefMapHandle 6036 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e19c44d8-3266-4315-8239-9a58158bc456} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6052 22e1b2a8b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.10.464148661\926493694" -childID 9 -isForBrowser -prefsHandle 5112 -prefMapHandle 5104 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1949beb1-2597-4f7d-8805-e8c75904a2fa} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 4952 22e1c59a258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.11.805179620\1617052593" -childID 10 -isForBrowser -prefsHandle 6420 -prefMapHandle 6424 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4e277ec-0af7-439f-ae11-40344f798b4e} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6412 22e1c59ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.12.717730959\238503580" -childID 11 -isForBrowser -prefsHandle 6532 -prefMapHandle 6540 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3e62a9b-36be-4170-b7c4-2de9491b99c3} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6548 22e1c879858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.13.1814813698\810075442" -childID 12 -isForBrowser -prefsHandle 6660 -prefMapHandle 6664 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba648ee7-c572-4e12-a33a-a53eb1b13a88} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6748 22e1c87a458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.14.12828556\1418551294" -childID 13 -isForBrowser -prefsHandle 10408 -prefMapHandle 10456 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fea9eb7a-9925-47ab-a76f-8db2dcf25a6b} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10420 22e1c6f1c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.15.1408023894\226739417" -childID 14 -isForBrowser -prefsHandle 10400 -prefMapHandle 10376 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fab9413-21c5-4905-8b39-df60fb67ece4} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10284 22e1c6f2e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.16.1568148804\609045761" -childID 15 -isForBrowser -prefsHandle 6164 -prefMapHandle 6284 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c71c2b7d-f8d0-4bfe-9f57-a90d0af691c4} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6316 22e1be30858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.17.44418159\407764456" -childID 16 -isForBrowser -prefsHandle 10468 -prefMapHandle 6228 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41d36287-b3d0-47f0-b42b-61087144e1d6} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6716 22e1ddde558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.18.1615189506\1946633056" -childID 17 -isForBrowser -prefsHandle 6676 -prefMapHandle 6652 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c76f7b8-0516-4f42-aeee-ae48309cfaa4} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6576 22e1dde0658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.19.1503704651\271167758" -childID 18 -isForBrowser -prefsHandle 10384 -prefMapHandle 10008 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {963e39f4-b37f-49da-b266-2bb553386d24} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10404 22e1d3a0058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.20.1327338082\271385749" -childID 19 -isForBrowser -prefsHandle 10304 -prefMapHandle 10372 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60c79f14-aa08-4f74-a0c5-952602901f49} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10328 22e1ca4d658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.21.66579853\1726286254" -childID 20 -isForBrowser -prefsHandle 10380 -prefMapHandle 6412 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {113641e5-cfad-4df1-959f-045b250b6c8d} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9620 22e1e2dcc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.22.1303438434\502520719" -childID 21 -isForBrowser -prefsHandle 4332 -prefMapHandle 1636 -prefsLen 27582 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50c975b4-efe7-4b67-97cc-0b724681ce1d} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 4864 22e1fab2f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.23.1217251386\1122646727" -childID 22 -isForBrowser -prefsHandle 9340 -prefMapHandle 9356 -prefsLen 27582 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {282d7608-120f-46d6-b2b5-f7effae9225a} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9336 22e1fab2058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.24.733113898\744806611" -parentBuildID 20221007134813 -prefsHandle 10492 -prefMapHandle 4864 -prefsLen 27582 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67f96a4a-6c58-4d33-ab4b-68285c0c71cf} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 5112 22e1e26e758 rdd
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.25.1410167178\1548051207" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10372 -prefMapHandle 10304 -prefsLen 27582 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf522b6-588c-40c2-9c09-54c7694cc6ce} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10492 22e2023bd58 utility
C:\Users\Admin\AppData\Local\Temp\Temp1_snapshot_2024-02-19_03-16.zip\release\x64\x64dbg.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_snapshot_2024-02-19_03-16.zip\release\x64\x64dbg.exe"
C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe
"C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe"
C:\Users\Admin\Downloads\ykacfmayoi.exe
"C:\Users\Admin\Downloads\ykacfmayoi.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.26.797334712\1687275804" -childID 23 -isForBrowser -prefsHandle 6304 -prefMapHandle 10044 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {280b6f5b-d3aa-45a9-aab8-6c03143557e1} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9208 22e2021da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.27.504087261\1862344685" -childID 24 -isForBrowser -prefsHandle 9544 -prefMapHandle 9600 -prefsLen 27600 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40e514f0-f253-41d6-bb53-671e0adea7a6} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9532 22e1e3cde58 tab
C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe
"C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.28.2060290270\127262810" -childID 25 -isForBrowser -prefsHandle 9496 -prefMapHandle 9152 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0659ed59-2aa7-4b2a-9026-16ef7c061c51} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9168 22e20b40558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.29.1295004441\25740834" -childID 26 -isForBrowser -prefsHandle 8832 -prefMapHandle 8836 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0123d03e-0d57-4d46-9421-9f99cee15d46} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9896 22e216a8f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.30.125054096\197938918" -childID 27 -isForBrowser -prefsHandle 4208 -prefMapHandle 10416 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b63c730a-e1be-496e-9b8f-05e178e05b20} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 1636 22e79963558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.31.551921995\2046074197" -childID 28 -isForBrowser -prefsHandle 8972 -prefMapHandle 8976 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cba3f8c-a8c8-420f-99ca-3490721080da} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 8964 22e215ade58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.32.901892339\515692914" -childID 29 -isForBrowser -prefsHandle 9392 -prefMapHandle 10112 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a65bf0a9-bd74-4944-a610-7f32349e2f27} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10016 22e19279258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.33.1311314018\1400615942" -childID 30 -isForBrowser -prefsHandle 9980 -prefMapHandle 8988 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87220832-14a9-4562-a14a-b9b846f17d4d} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 2680 22e21d75858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.34.499726465\1536392202" -childID 31 -isForBrowser -prefsHandle 8928 -prefMapHandle 6600 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ade20dce-4173-4643-acd9-65e40c39d4db} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9128 22e223c2e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.35.1991522776\351175528" -childID 32 -isForBrowser -prefsHandle 8884 -prefMapHandle 8932 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbc367c-591c-4788-a72e-35e977c224bb} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6196 22e2280b558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.36.1228667097\156941634" -childID 33 -isForBrowser -prefsHandle 8896 -prefMapHandle 10044 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57204f13-2f90-44f5-b400-9bce24b16963} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 4308 22e2280be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.37.1006171936\1961222164" -childID 34 -isForBrowser -prefsHandle 8628 -prefMapHandle 8632 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c6cd973-bc3e-4584-bb1e-a4ea82a23f91} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 8640 22e21e98158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.38.69926484\1751009316" -childID 35 -isForBrowser -prefsHandle 8680 -prefMapHandle 8664 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59b3557b-559f-4611-b37e-d7ca69f3f5c1} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6060 22e21939258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.39.1112120142\821907828" -childID 36 -isForBrowser -prefsHandle 9080 -prefMapHandle 9044 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7429d78-91e1-4958-b4f8-5273137832ea} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9600 22e21939e58 tab
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\de4dot.rar"
C:\Users\Admin\Downloads\de4dot.exe
"C:\Users\Admin\Downloads\de4dot.exe" C:\Users\Admin\Downloads\ykacfmayoi.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 800
C:\Users\Admin\Downloads\de4dot.exe
"C:\Users\Admin\Downloads\de4dot.exe" C:\Users\Admin\Downloads\ykacfmayoi.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 780
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\de4dot.rar"
C:\Users\Admin\Downloads\de4dot\de4dot.exe
"C:\Users\Admin\Downloads\de4dot\de4dot.exe" C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe
C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe
"C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe"
C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe
"C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe"
C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe
"C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe"
C:\Users\Admin\Downloads\de4dot\de4dot-x64.exe
"C:\Users\Admin\Downloads\de4dot\de4dot-x64.exe" C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe
C:\Users\Admin\Downloads\de4dot\Test.Rename.exe
"C:\Users\Admin\Downloads\de4dot\Test.Rename.exe" C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.40.360273674\2146446163" -childID 37 -isForBrowser -prefsHandle 9528 -prefMapHandle 8876 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fc13957-b450-4b50-9087-877fadf418ac} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 5476 22e2237d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.41.1686557881\1101875345" -childID 38 -isForBrowser -prefsHandle 9972 -prefMapHandle 8628 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c1c5047-65fc-4e80-b3a3-762572f098f2} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6776 22e226f6b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.42.568205044\1784096422" -childID 39 -isForBrowser -prefsHandle 8252 -prefMapHandle 8256 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b5c7d83-1607-4c5a-958b-02f55fdf1d40} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 8244 22e1c2b3d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.43.549542700\867581756" -childID 40 -isForBrowser -prefsHandle 6332 -prefMapHandle 8556 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31c3e1b0-e3ea-490f-a5f3-090da556c8b5} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 8496 22e22eaa558 tab
C:\Users\Admin\Downloads\FileGrab.exe
"C:\Users\Admin\Downloads\FileGrab.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 1656
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 1652
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 54.218.225.239:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 239.225.218.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:49769 | tcp | |
| N/A | 127.0.0.1:49775 | tcp | |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 142.250.180.10:80 | fonts.googleapis.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| GB | 142.250.179.227:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.178.66.33:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| FR | 45.112.123.227:443 | store1.gofile.io | tcp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| US | 8.8.8.8:53 | 227.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.37.111:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.37.111:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 111.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| GB | 195.181.164.14:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 172.64.154.159:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 172.64.154.159:443 | c.sf-syn.com | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.38.105.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.77.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 1066099395ff28dd7509d911324a4329.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | 1066099395ff28dd7509d911324a4329.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 216.58.204.65:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| NL | 185.89.211.12:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | load-euw1.exelator.com | udp |
| DE | 3.121.27.153:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | load-euw1.exelator.com | udp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | 753cd15c5ca82b27936002e6dbcfa8d2.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| GB | 216.58.204.65:443 | 753cd15c5ca82b27936002e6dbcfa8d2.safeframe.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | 753cd15c5ca82b27936002e6dbcfa8d2.safeframe.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 12.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.27.121.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 8.8.8.8:53 | deac-fra.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | 105.111.68.204.in-addr.arpa | udp |
| DE | 37.203.33.33:443 | deac-fra.dl.sourceforge.net | tcp |
| US | 8.8.8.8:53 | deac-fra.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | deac-fra.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | 33.33.203.37.in-addr.arpa | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | be74f7474b1674bee5cb49eb8f7a5858.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | be74f7474b1674bee5cb49eb8f7a5858.safeframe.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | be74f7474b1674bee5cb49eb8f7a5858.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| IE | 63.35.74.224:443 | sync.crwdcntrl.net | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| DE | 3.121.27.153:443 | ps.eyeota.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.74.35.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5ednde.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5ednde.gvt1.com | udp |
| DE | 74.125.162.134:443 | r1.sn-4g5ednde.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-4g5ednde.gvt1.com | udp |
| DE | 74.125.162.134:443 | r1.sn-4g5ednde.gvt1.com | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.162.125.74.in-addr.arpa | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 172.64.154.159:443 | c.sf-syn.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | 020f15b59b52191349d6a5f2e5f1210c.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | 020f15b59b52191349d6a5f2e5f1210c.safeframe.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | 020f15b59b52191349d6a5f2e5f1210c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| NL | 185.89.211.12:443 | ib.anycast.adnxs.com | tcp |
| DE | 3.121.27.153:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 104.18.37.111:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | b.sf-syn.com | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | b.sf-syn.com | udp |
| US | 104.18.33.97:443 | b.sf-syn.com | tcp |
| GB | 89.187.167.3:443 | cdn.consentmanager.net | tcp |
| US | 104.18.33.97:443 | b.sf-syn.com | tcp |
| US | 8.8.8.8:53 | www.loom.com | udp |
| US | 8.8.8.8:53 | b.sf-syn.com | udp |
| GB | 18.172.88.103:443 | www.loom.com | tcp |
| US | 8.8.8.8:53 | www.loom.com | udp |
| US | 8.8.8.8:53 | www.loom.com | udp |
| GB | 18.172.88.103:443 | www.loom.com | tcp |
| US | 8.8.8.8:53 | 97.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.88.172.18.in-addr.arpa | udp |
| US | 104.18.33.97:443 | b.sf-syn.com | udp |
| GB | 18.172.88.103:443 | www.loom.com | udp |
| US | 8.8.8.8:53 | cdn.loom.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| GB | 13.224.81.18:443 | cdn.loom.com | tcp |
| GB | 13.224.81.18:443 | cdn.loom.com | tcp |
| GB | 13.224.81.18:443 | cdn.loom.com | tcp |
| US | 8.8.8.8:53 | cdn.loom.com | udp |
| GB | 13.224.81.18:443 | cdn.loom.com | tcp |
| GB | 13.224.81.18:443 | cdn.loom.com | tcp |
| GB | 13.224.81.18:443 | cdn.loom.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.loom.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| GB | 13.224.81.18:443 | cdn.loom.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o398470.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o398470.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | o398470.ingest.sentry.io | udp |
| US | 8.8.8.8:53 | o398470.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o398470.ingest.sentry.io | udp |
| GB | 18.172.88.103:443 | www.loom.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | evs.sgmt.loom.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| GB | 18.165.160.111:443 | evs.sgmt.loom.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| IE | 34.254.143.3:443 | load-euw1.exelator.com | tcp |
| DE | 37.252.171.53:443 | ib.adnxs.com | tcp |
| DE | 3.122.214.165:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 151.101.1.44:443 | dualstack.tls13.taboola.map.fastly.net | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | evs.sgmt.loom.com | udp |
| US | 8.8.8.8:53 | cdn.segment.com | udp |
| FR | 99.86.90.76:443 | cdn.segment.com | tcp |
| US | 8.8.8.8:53 | d296je7bbdd650.cloudfront.net | udp |
| US | 8.8.8.8:53 | s.adroll.com | udp |
| US | 8.8.8.8:53 | d296je7bbdd650.cloudfront.net | udp |
| US | 8.8.8.8:53 | 111.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.214.122.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1qug1xf2dk5z6.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1qug1xf2dk5z6.cloudfront.net | udp |
| GB | 54.230.10.13:443 | d1qug1xf2dk5z6.cloudfront.net | tcp |
| GB | 54.230.10.13:443 | d1qug1xf2dk5z6.cloudfront.net | tcp |
| FR | 99.86.90.76:443 | cdn.segment.com | tcp |
| FR | 99.86.90.76:443 | cdn.segment.com | tcp |
| GB | 54.230.10.13:443 | d1qug1xf2dk5z6.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d.adroll.com | udp |
| IE | 54.247.123.165:443 | d.adroll.com | tcp |
| US | 8.8.8.8:53 | adserver-vpc-alb-0-1578609942.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | adserver-vpc-alb-0-1578609942.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | cdn.sprig.com | udp |
| US | 8.8.8.8:53 | cdn.sprig.com | udp |
| GB | 18.165.160.11:443 | cdn.sprig.com | tcp |
| US | 8.8.8.8:53 | cdn.sprig.com | udp |
| US | 8.8.8.8:53 | api.sprig.com | udp |
| US | 8.8.8.8:53 | api.sgmt.loom.com | udp |
| US | 54.235.101.7:443 | api.sprig.com | tcp |
| US | 8.8.8.8:53 | api.sprig.com | udp |
| US | 54.235.101.7:443 | api.sprig.com | tcp |
| US | 54.69.21.216:443 | api.sgmt.loom.com | tcp |
| US | 54.69.21.216:443 | api.sgmt.loom.com | tcp |
| US | 8.8.8.8:53 | api.sprig.com | udp |
| US | 8.8.8.8:53 | api.sgmt.loom.com | udp |
| US | 8.8.8.8:53 | 76.90.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.123.247.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.sgmt.loom.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 7.101.235.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.21.69.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| BE | 66.102.1.154:443 | stats.g.doubleclick.net | tcp |
| BE | 66.102.1.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | luna.loom.com | udp |
| US | 54.69.21.216:443 | api.sgmt.loom.com | tcp |
| GB | 13.224.81.26:443 | luna.loom.com | tcp |
| US | 8.8.8.8:53 | luna.loom.com | udp |
| US | 8.8.8.8:53 | luna.loom.com | udp |
| GB | 13.224.81.26:443 | luna.loom.com | udp |
| GB | 13.224.81.26:443 | luna.loom.com | udp |
| US | 8.8.8.8:53 | 154.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.sgmt.loom.com | udp |
| US | 8.8.8.8:53 | api.sgmt.loom.com | udp |
| US | 8.8.8.8:53 | api.sgmt.loom.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| GB | 216.58.213.14:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 44.239.216.242:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 242.216.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.loom.com | udp |
| US | 8.8.8.8:53 | www.loom.com | udp |
| GB | 18.172.88.103:443 | www.loom.com | tcp |
| US | 8.8.8.8:53 | www.loom.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.178.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.178.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| GB | 216.58.213.14:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | adservice.google.co.uk | udp |
| GB | 142.250.187.194:443 | adservice.google.co.uk | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.230:443 | static.doubleclick.net | udp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| GB | 216.58.212.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | workupload.com | udp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| US | 8.8.8.8:53 | workupload.com | udp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| US | 8.8.8.8:53 | t.workupload.com | udp |
| DE | 213.239.194.3:443 | t.workupload.com | tcp |
| US | 8.8.8.8:53 | t.workupload.com | udp |
| US | 8.8.8.8:53 | t.workupload.com | udp |
| US | 8.8.8.8:53 | 119.176.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.194.239.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | tcp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 22497d28d2d8a4cd564bd3f05282bca3.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | 22497d28d2d8a4cd564bd3f05282bca3.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | pagead-googlehosted.l.google.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | tcp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | e6115.g.akamaiedge.net | udp |
| US | 13.107.246.64:443 | adsdk.microsoft.com | tcp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | e6115.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| GB | 92.123.128.168:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| GB | 92.123.128.168:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| NL | 185.89.210.82:443 | ams3-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| GB | 92.123.128.168:443 | www.bing.com | udp |
| GB | 96.16.108.246:443 | e6115.g.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | 168.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.108.16.96.in-addr.arpa | udp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| US | 8.8.8.8:53 | t.workupload.com | udp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| DE | 144.76.176.119:443 | workupload.com | tcp |
| DE | 213.239.194.3:443 | t.workupload.com | tcp |
| DE | 213.239.194.3:443 | t.workupload.com | tcp |
| US | 8.8.8.8:53 | 0adac7b895b176358b2cb393030d0744.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | 0adac7b895b176358b2cb393030d0744.safeframe.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | 0adac7b895b176358b2cb393030d0744.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | f62.workupload.com | udp |
| DE | 195.201.166.168:443 | f62.workupload.com | tcp |
| US | 8.8.8.8:53 | f62.workupload.com | udp |
| US | 8.8.8.8:53 | f62.workupload.com | udp |
| US | 8.8.8.8:53 | 168.166.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| NL | 5.206.227.87:8888 | tcp | |
| US | 8.8.8.8:53 | 87.227.206.5.in-addr.arpa | udp |
| NL | 5.206.227.87:8888 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| GB | 216.58.213.14:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.37.111:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| GB | 195.181.164.18:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 8.8.8.8:53 | 18.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 8.8.8.8:53 | b068f8c8aef908d75644c88ef243c8b5.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | b068f8c8aef908d75644c88ef243c8b5.safeframe.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | b068f8c8aef908d75644c88ef243c8b5.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 151.101.1.44:443 | dualstack.tls13.taboola.map.fastly.net | tcp |
| IE | 108.128.158.24:443 | sync.crwdcntrl.net | tcp |
| DE | 52.57.150.20:443 | ps.eyeota.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | 20.150.57.52.in-addr.arpa | udp |
| US | 172.64.154.159:443 | c.sf-syn.com | udp |
| US | 8.8.8.8:53 | 18303fe4086cb168c322bc79bfeda575.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| GB | 216.58.204.65:443 | 18303fe4086cb168c322bc79bfeda575.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| GB | 216.58.204.65:443 | 18303fe4086cb168c322bc79bfeda575.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| IE | 108.128.158.24:443 | sync.crwdcntrl.net | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| DE | 52.57.150.20:443 | ps.eyeota.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 216.58.204.65:443 | 18303fe4086cb168c322bc79bfeda575.safeframe.googlesyndication.com | udp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 8.8.8.8:53 | deac-ams.dl.sourceforge.net | udp |
| NL | 185.34.27.55:443 | deac-ams.dl.sourceforge.net | tcp |
| US | 8.8.8.8:53 | deac-ams.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | deac-ams.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | 55.27.34.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| GB | 195.181.164.18:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | 4bbd7b764cc41e28a19cee890ac7fd2f.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | 4bbd7b764cc41e28a19cee890ac7fd2f.safeframe.googlesyndication.com | tcp |
| GB | 216.58.204.65:443 | 4bbd7b764cc41e28a19cee890ac7fd2f.safeframe.googlesyndication.com | udp |
| US | 151.101.1.44:443 | dualstack.tls13.taboola.map.fastly.net | tcp |
| DE | 52.57.150.20:443 | ps.eyeota.net | tcp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| GB | 89.187.167.6:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | 6.167.187.89.in-addr.arpa | udp |
| IE | 34.254.143.3:443 | load-euw1.exelator.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| DE | 52.57.150.20:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | c26ad11a5073aff9dac396cace6232c7.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| GB | 216.58.204.65:443 | c26ad11a5073aff9dac396cace6232c7.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| GB | 216.58.204.65:443 | c26ad11a5073aff9dac396cace6232c7.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 6eb27d9581849804b7a3d7aeb088a5bb |
| SHA1 | 22d3816763bf0e480282629ddd79a7951cf19afd |
| SHA256 | 08fb1fc3dfaf16bba8d420deed376c656cd7c5b824a6711cde0ef5a88af51f59 |
| SHA512 | a31e8e74d706589231c77b5d1cf8d72587bd1631ea139b1620dd8c9f03a984873072b3ac97a3797d8f846d09359ddcda9b97f19881ff6719a4ced98b70f1a0ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\datareporting\glean\pending_pings\7a963a6f-a07a-4936-86e5-3b5b000f7fdb
| MD5 | 56c99eed0f25ad6827a8e5beda1c8878 |
| SHA1 | ba2ced5b119e08f833d51da22bc99f207da49197 |
| SHA256 | 7d24b07f8d082d8665cb795c15604a1a3382dc6d36574151f74ac865bdb60f0a |
| SHA512 | 272aa2d64a26af2e4b3f392a299ea4f32fc5a61baff518d6f386856cb0038c81fec159e048f9401204fb548a222e8129f899273f49fa28a1fd4383a5ca9f73c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\datareporting\glean\pending_pings\e8abd4ca-eac3-4777-bf7b-2baa2145e8a3
| MD5 | fd0c83773210db269418312ebac7b601 |
| SHA1 | f65a7e7ac83ffe86ae3ea82e3cbd31b5a297fea1 |
| SHA256 | b1da165557d40ed684011e491081aad0cdaf0c0ff110e00b4a16ee973e002320 |
| SHA512 | 12f275cba7dcc91ecc34fb7c94f0d198bbae68b54a89966ebd68c150dbd21bdfbeefdceb6c98b1fb6d48df09ca04e353b7ced7235411f778c1f72461f82513cf |
\Users\Admin\AppData\Local\Temp\nsrA346.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsrA346.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsrA346.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
\Users\Admin\AppData\Local\Temp\nsrA346.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
\Users\Admin\AppData\Local\Temp\nsrA346.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\prefs-1.js
| MD5 | 1480523b630b5d30e72e9d22d335d959 |
| SHA1 | 925ccc1f3142d547b58961e863ecb31be58b283f |
| SHA256 | 4af10146bb47500b732fa5dfb175eb90b361cbfbf53d065b1ffb457963098123 |
| SHA512 | 0e1d9f606935f3a1c833382fbf03ae7f6407ea6514550db2e97521d73371a918b2c51312845a967848a3880d4d4c655229927bd93365bbb2a5535155aacbde95 |
\Users\Admin\AppData\Local\Temp\nsrA346.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
| MD5 | 38aeb551100559a4c77dbca29b74f648 |
| SHA1 | e62a87541f79f569f327260a09948d8fd8a8ccb3 |
| SHA256 | b6d0e4c82986531ffb1a809b12fcc567f0ec65e1f6949c08e20e2cb4596adb69 |
| SHA512 | 50ce1341e5b10c425a88e18cfbbaebd31d0e12f496599f93ea43a712aa9487a1b9d3e82038f2cfc3f03516d3e8144a412068cf8317632d0db9a7028cc1cec854 |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
| MD5 | 235744205ac61903f0a7fd84ad4a8fee |
| SHA1 | 63cb6c68eda4f291c80571e88ecbee8c28fcab45 |
| SHA256 | ada3494995585ae82ee2641d97e919a09bdf1e37ed3addbd6d66d52891ba42d2 |
| SHA512 | 532c8534b9c46f4e9d2981bbcb04bfa499b393abbb538efee343a1edde68b48aa07ff896bc076ccd594f2aa0f842864f5e27435855d37f73a19d487f246432b4 |
\Users\Admin\AppData\Local\Programs\potato-launcher\ffmpeg.dll
| MD5 | 07beb1a2ce49b436d04b5c8f46719ed9 |
| SHA1 | 69ee074834d2185b433cc27d3110a9ea3e4f3e21 |
| SHA256 | 16ffe9225175bd9064756d3a004431617a2a422c40aa2aee7b9ea1dce7f73f93 |
| SHA512 | a6ab53585a67f52b04b5e487e8fc3e6c0a6530a0f1881b215b35672c350a6b8eae2c605d13b489cd740f2d32b81eb1d081081c7956faf1351264d7ac504aa898 |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\v8_context_snapshot.bin
| MD5 | 7b6ade66348357808456d7996e1af0f0 |
| SHA1 | 013237c38350d7aed4eda2b8c0b5bbfaf59875a5 |
| SHA256 | 6afa7482544150b1dccc82d13c5caceebadbb31cccc76dc8908966c86fc6e3dd |
| SHA512 | fe4efbe9ffaac8fde0aec6095f787dcfd3e9a4a0a04956e652b55cd1af46e166b5bb6fbec9f386ac96e50095d0924ba3f80946191f99a3446225a0073d780f29 |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\icudtl.dat
| MD5 | 320bff408819a935df74cd0c6ba9507a |
| SHA1 | ab3766023fa82078145139cf5338523ddb4bf529 |
| SHA256 | 578e2a2f1499a2b97c33a1f885cabda036a71e4b725a7d7cd030ef542fc3644a |
| SHA512 | 8aa0b699c90d97a997a0a5782fce6db8dbc07d8f241dbb73a19f28b323f03d9a6dcdcb5aeea70856bf924dc1769b57e18f780365c67eac9bcb6860218ea1540e |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\resources\app.asar
| MD5 | 5e8e1ad188d656f0dc5af25141641a5f |
| SHA1 | 0c59067f10251ac7b2c678190f8fc863643d4390 |
| SHA256 | 95676c5afe520ac8de766044d6fa03e244af3a171658ef9d2c9c8e8cb5ea7d0a |
| SHA512 | 0825a6214d306905e75eaa4327b2df13c6e3b03022468187af90a18cb69660a710e7fdd201016eb514357aa7a82bf6beee6571566f64104cb78586e655613ff0 |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\resources.pak
| MD5 | 2d3b06c8b1fed663ed4e54adf72fee29 |
| SHA1 | 15d30554dcb24d1535a9abf7e7ff09281fac96a2 |
| SHA256 | 739493e9eb010738e3c7b2020af5cb0400092a708784f2faf868c2facf2f730f |
| SHA512 | a1d5a16bcbd7c5b7118123eda996d763253017a9c04d0522daa9354a23735f2dbd815e7fb5fc6298ec4650689d083898f0eda0bbb9295cef357cce26c933a571 |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\locales\en-US.pak
| MD5 | 6bbeeb72daebc3b0cbd9c39e820c87a9 |
| SHA1 | bd9ebec2d3fc03a2b27f128cf2660b33a3344f43 |
| SHA256 | ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b |
| SHA512 | 66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10 |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\chrome_200_percent.pak
| MD5 | 1985b8fc603db4d83df72cfaeeac7c50 |
| SHA1 | 5b02363de1c193827062bfa628261b1ec16bd8cf |
| SHA256 | 7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b |
| SHA512 | 27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\chrome_100_percent.pak
| MD5 | a59ea69d64bf4f748401dc5a46a65854 |
| SHA1 | 111c4cc792991faf947a33386a5862e3205b0cff |
| SHA256 | f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9 |
| SHA512 | 12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd |
memory/4072-303-0x00007FFEC4000000-0x00007FFEC4001000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
| MD5 | 8b2fd654f34497e0299bdb5e5e592e74 |
| SHA1 | fcc174288e964cb23c24eeb077da5fae73455a50 |
| SHA256 | 214501812e3f92f04ba7cc4fcc2ecd969689d6185f58621b74a4d3252f494b1b |
| SHA512 | a45f9c1c0c00f919cc7e1bbd081a3145683301569fd7ff46faa5fda355c682247eea562820753d6ed4181f169657b39f9634f5d0ac754f188614c3186d2594dc |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
| MD5 | e4d4e9c9a11de75c845dd41f2ca4f3cd |
| SHA1 | 98a1874a1537a827e6b604415eea1a16725d7fec |
| SHA256 | 0fa70b0efac29526caf424e7b64c211e313921d9c529375f0eeafd008cf59104 |
| SHA512 | 335fd4c3ad229a78cee34e84fc426c468ca0e0f56a0dcee31f34b6efbfb37926f80adb546e256f39fb970d6442b6cb644bbd1abd72adced5340220cac62a9fe2 |
\Users\Admin\AppData\Local\Programs\potato-launcher\ffmpeg.dll
| MD5 | cb2b7209387691bf4a10cce9f8a1542b |
| SHA1 | 55db922720aeeb6006e4a64d1f2196f3a6e5847b |
| SHA256 | f1ea9857a6a8d2ecfef57148f118a6dd3dc0311a1de362456e6d42fc3c8afa0e |
| SHA512 | 8c7b9c1637ea5e08f4b9d914921638c0d20aa8621e0e588822f9499c01c697a2e81ad170f1d1c2029d5810e76ed6710b8ab3f976bcdcd698dffa1fa175d2f3f6 |
\Users\Admin\AppData\Local\Programs\potato-launcher\ffmpeg.dll
| MD5 | 663b4bde38c12716bdeca5e59fb37655 |
| SHA1 | 505ec04282fb2e6886cedc656fd173c38e80a7d1 |
| SHA256 | e3dab76169476d16c3a6f3b1082457e568dc2be1b1c2c83d29f7064860cdf382 |
| SHA512 | f08fe1ba4a5de0eafd424c8452249ac4d402ce878704f3392ee6809934365fcd5131d7e1c061245ec7a661ed8d361dfeeb106352d5d33322bfc00b188900d78b |
\Users\Admin\AppData\Local\Programs\potato-launcher\libEGL.dll
| MD5 | 58b262243d3fc20bd2be53dc5a916704 |
| SHA1 | e5d327d0ae3dd8c6d8703d1a948ca149af05a804 |
| SHA256 | 3c7bb3af62b10503e4b7365b36f417940cf905062f67b44f6a720ecbb8fa1cd6 |
| SHA512 | 1d100b64003f4899b88588c0542ba1a11838755aa39aeda8590e3f54f4a107fc394ccb076a3f51f9366cc8df02452c1437304efd1ef97cb1b673cb096e7457e9 |
\Users\Admin\AppData\Local\Programs\potato-launcher\libGLESv2.dll
| MD5 | 8af6cfb7e749353c87ddffe42321418a |
| SHA1 | e1627bc7da4f596cf9de2f91b2be2a31cfd2c204 |
| SHA256 | c49c15228a2aba5fcad32943a09168ad0872d87b66413d669bc0ca9d95a69c65 |
| SHA512 | 141dec1196f41df2bd9238114715c4f1761c945c5958c51c629bd0fcc6bdc70fe407a06d852d16d5c838211827e813f21aa2c4028eeabd46ef27ec4738d9bada |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\libglesv2.dll
| MD5 | 7ddabfe40991fe82bf14f9d12f5caf61 |
| SHA1 | 988d368e33fd806c953174f186b76dddd8d09979 |
| SHA256 | 6ba7e4915cf9cdcafbb9775ddba89b3dc8e08ea4dd9a564e2e1d409ab6587741 |
| SHA512 | 37fe876cec9771d579812df413ffac0b6e60ac374f36da719e371115b623fcc2b2678eb73f7741cb60d8303b009287323168183826687e0e9cf2f28ead529f73 |
\Users\Admin\AppData\Local\Programs\potato-launcher\d3dcompiler_47.dll
| MD5 | ce37826b135e8ffac65adbe08fe90b03 |
| SHA1 | d2fdf0e4a67986c7adfac0387641c6e6e872b227 |
| SHA256 | f0c073064d42b6b8b1be8ab4fbe740649cd696150371b8ba0d0f28cdf44ab602 |
| SHA512 | 91e83dd73809f6b7ddc7dec2577232c1c683acf0d31152ffbb607941429cabef8580b40707ffa02c721d36b5ef8654d6b8c7af8ab687ddc5608b69be8c438468 |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
| MD5 | d39ca92adba0a620839ce632be8ff8f6 |
| SHA1 | bba488fe34db795b7e21988692ff71e0a58ef606 |
| SHA256 | af81f7f4f31cf09ff533be0347185aa9bd2ab1dbec07366ab10dc63c1e1240b5 |
| SHA512 | 979d511dfca6fa273b776d6d2489c70776ee34326e3079823e9656eb5d9d485ec4bb95b23e5ea79e8451bd2c047bb33f0c35f1644165ddf624264ee9439b4987 |
\Users\Admin\AppData\Local\Programs\potato-launcher\ffmpeg.dll
| MD5 | c5b34d19b228e9d2e8e6e5ba98bab418 |
| SHA1 | 623f4dab054214efec2a536ae398b0656007f1fb |
| SHA256 | b1e189a42e7f6a39304ff55ccc2d8b10a0442993e96f354a6d2fc4b691872593 |
| SHA512 | 2b635c8baa377b06cdcbaac111f1a7c0730228b7580bcf402dcdd64d03946a2d4da26a4f6976ab12ee5d0ccd8b0ff19ed811b48a5d464467f638029c8bfa0ae2 |
C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe
| MD5 | 4bb7e7771e96155d180adc5f09b4efa6 |
| SHA1 | 7f0ed0b8718d5e40a051124a262ade22fb90fbb0 |
| SHA256 | be4ba03e0eb188de60ed16ffe831c6d89b6680f86f3e25561f4cdd6ae98cc704 |
| SHA512 | 7a9ec330c78fd38c78647a7b2e528c011580018d6cf50d45348ba8bbbc4cc1646606830881472c59a2464ff4c6228376bd661000f8f508eb94efda6b1e67d64b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d703c01a380ae154b3b6c1ebbb6763ba |
| SHA1 | 52b85a19007333f092cdbdaaa61301b92f9a529e |
| SHA256 | a597448f3c507ad0ae58822f13f8c9cc8dbfbe7b760d048bb607bcb4d4c0144a |
| SHA512 | eba9481ca50045761b02afc24c97ab16ff935270c3056ee1f0339ffc26b1b728c307dd84c025bc3cad823ccb8a98e70312013bacbc767d7c936b6c742a497fba |
memory/4072-412-0x000002751CE70000-0x000002751CF11000-memory.dmp
C:\Users\Admin\AppData\Roaming\potato-launcher\Network Persistent State
| MD5 | 4bf4de22b9ec2623df888602ec206927 |
| SHA1 | cca259876d216ce68ea6501dc497859fd30df5fa |
| SHA256 | c482b2f9541b0b4df0aa2762a40e0e207142ed3135ec6232a7ec32c7bc8afce6 |
| SHA512 | 9f848c07a9375ffe53347a4a9efd85a1ec535a5aaecda750799e6d3f35c6ab6868859609468cc7f80d893d9118faae6cccbfaa8455a70e246f520ce7fd53a77e |
C:\Users\Admin\AppData\Roaming\potato-launcher\Network Persistent State~RFe57f5e9.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\prefs-1.js
| MD5 | 09bd6c927d2b0a4606f8ef2a2fca318d |
| SHA1 | 3779eb7872e756afc01bf8dbdb12e30bc6cff28f |
| SHA256 | c3f559a7e85656557244225165f217eea564d89be8e0b8bbaea7fc21739dddb8 |
| SHA512 | c565168e97d72654701fd2bb151bb5b0eac7cf80c614e531a288179e21437cab2ecca59df8b8106dcb4deb512d08d79fb9cc6977d71c599e8fc229ac57f1827f |
C:\Users\Admin\Downloads\ykacfmayoi.exe
| MD5 | 03213db7b881ecaecb014551dbcd2c51 |
| SHA1 | e38087644d35f2c1548621d8567e4c55f48f8c30 |
| SHA256 | 0665b362184ef921b44c4499252fe29c1addc0a69db1d01a374b22ac0e32059c |
| SHA512 | 39fc4c742deadc0365eb159a565d09eefe1e86e0f63728a3f4f498ff3a335afea1f59d90427480f48e3d893b1331628f2faa8ea8a53ea296a0b681d7dc29c456 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 882b77852ba791a6fbffd422372b3ab1 |
| SHA1 | 4a51927ae7fb4dd059ecaafc68ab4dc93f0ba198 |
| SHA256 | 58601279e23e1cc4839520d5a84f9305a270dd0b33b4a652bde56af381fabdbd |
| SHA512 | c4b01acf9f584b0a8bd7f4496452ba10fb5efc21d66a6dfef07de33eb7ef4aa739f547d90836eb92e8030bcd6f2154ae7ef5ad6d18f7d8ec47d91ed3babff1dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | abb7593d9a4674c3f448af0a0c778fa9 |
| SHA1 | cd5e78df03a7150cd099264d8f445bc3730ea698 |
| SHA256 | 55526546af9022aaf5a682084edb0961c4f40a11adf6f4cab7984a874dadcdee |
| SHA512 | 62c8268b2c61e5656034052cf708f55146be45142f33e90c59d527b443d7e12dd19e6764f819287e45c16c0e21c09ef503ef0e381337cc1ef150874d114ec770 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 775d4c506a7ae0d6be3b1c43c798192d |
| SHA1 | cb2b4be42a140953cb74cd80299c56acf09d8596 |
| SHA256 | 88ff14a15d26d23b468609d80223a392660d6afac8e2a7cabc1d84d6b61d4670 |
| SHA512 | 0ea8616540bdf1a5527a222d9dd7174f1fbd459cfdfe40a162e3fe95d06f419ccbf02339d06b16b78ce5d4e363ed5a709062cdb7399b224e6577c0cde527f218 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\25202
| MD5 | 23912c3186218aed6a9e8232ec81fc3e |
| SHA1 | 626a93a70b99ef6103605e59fedae17e78b0a63b |
| SHA256 | 6136d8d2328befc445d5c47394e2f2bd2baadd74f6a98be3353b6a2e195d53bd |
| SHA512 | 6e53457b90fde675cc180ef7ddde96a67a4c67f491d559cbfbd997322f01bf24b3f08900f5ffc80e64dae219ae9135aecf0594bc9fd171f76159e6f8dd7d1818 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 73eea4903ac6ddb4bc276d006dfeb8c8 |
| SHA1 | 87952a3bb2a6bcab7b2d2fa3971fbe1ca0c4612b |
| SHA256 | 34f9df764d58491c5aaeaae4c953f5c40ef2e8b4c9d37d79e3f4870a7f57eb9d |
| SHA512 | e2f8607c56bf6e509b2a1e63b4d97a97ea82658de223f08f8c02180f9d082d962c4bdea0c8170a501ef8d743dc4a68b0d4da17e73ec6cfced8f3b075d8c0f2a8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\6297
| MD5 | 30d292d635e1ffa81b5b4b8852887569 |
| SHA1 | 35c973fa3c6f03a3801fcc9f1b13aab6544bd0e9 |
| SHA256 | 95f7cd565225f0aa5b8417a2f11052d6b69284cd37658c3a1c8c25c33ecaf91f |
| SHA512 | 0f0c7fe2e284efd19a3fb833088624ec93737c0cda1571bec0974d6ce4961f8d36da1648001a0a1cb543ffb0244ef3a2e1e0ccdefa090817878bc997722531d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\32333
| MD5 | 9609f2a82d8cc377c00986e4f2795586 |
| SHA1 | d77874aefd6d8eae1cd9ee95448cf50bf2bfcbbb |
| SHA256 | 20500a54c247e93190eb27164b2189c7c493c6ec0a90c81e6bde45bf2ac69b7c |
| SHA512 | 50220755487c3af0c50d6ab565b754ceddbeb4b945892b672be9b06a0925eeb9714bdf6bec101ac88f5e95fadc9bd6236b7e4362e596b97c88e6cfcef01b940f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\AD525AE91F8D63419653596829AB9B1342CB5750
| MD5 | d46434151086ecac463e49fd7b7f801e |
| SHA1 | 529b59eb13f6495f25fcf58732c7ff7163419b93 |
| SHA256 | a16165690c27b273b62f7c408ebdc33346e572836ac715c3383a93195c0513ee |
| SHA512 | ca3662a7262fd32caab81714f09acc464865a5f3b5e563910b60186c796fc5ccd44430fc0357aa69394c721209e651b32b5ada1a1b616baa2f19f8badd3f65a2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\24153
| MD5 | ea752fc91144ecce641b0c04559f0052 |
| SHA1 | 1351f0bd7cb60d4afcf30ff3148194d57fe56032 |
| SHA256 | be403a30d86942684ccabd043c1f37b87feaf6c552fa10fbaa6fe6b6c9cdf960 |
| SHA512 | 843feddbdcc3433b82646e9b04fe7bb6f877e506fa6d274a210c19b3bf24152bcefff892dcd3ef62087e1d7d89bae39c1943238d38cac7b3b42d7c11372ba87d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\16051
| MD5 | 785253c37c40c532f6074bf42a1c228d |
| SHA1 | c2a3f113f9eb3e4f789e4b6a6b788edd0f265ccb |
| SHA256 | ecb951bfd161ac9dd180686f6311f395e1c43b0483ae013aeb166eb405e1ba20 |
| SHA512 | 1e14d88f534efe6fe7e5c04e5c5023a4c79a22e70640fc0d7bf2e9f830ef3eea2abcdea18355b1a244cf20ff4827b280f7171e16e65db2d157ebae5f95e98eae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\84EF251B40BA146E279B2F8F54726CFD9939CB2E
| MD5 | 8b7f2d43e5bec9be945976a43dc936a2 |
| SHA1 | 883c89d37222ded04fbf10c334cf341333eeaa39 |
| SHA256 | 4d26de08716a811b745c8af129b11082b1642b768e00e701b63c037382c12edb |
| SHA512 | 49468a027ab2cf7684ac2d91fd6244f00a140da701864cf02368a1a8f5bb4e0eaea871092664b211bbafaecd423ebcb18d0cc394f91bd8313f2d5d58b8bfa8a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b5e78459ed11a5c8956f868e2b146d16 |
| SHA1 | ac06f38e7f8fec6d6f63e24c7f244ff4a6684929 |
| SHA256 | b92a62ca4daadbaac62d9d9738a62d45e615a941ad939bb582589e6d6b291f98 |
| SHA512 | e9cef30602acf3a9b55a2594565cd84be06d408ea7bb306d450e82c06c098f831066020955624c489e1059933a422cf8b9885c942aac2fc64f03e28ad49befc7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\prefs-1.js
| MD5 | 8398f0eabc3b1ee1176a8f0982a57d42 |
| SHA1 | 8b7af6d74cdc25678dd0fc7895d6d69909b815b4 |
| SHA256 | db7a83b8b6ac700be1b5b8a1f3e644abfa0d05766ac89de94441243df9bf344f |
| SHA512 | 94ffa66903d4fc2f0625023ee0c32b8e4a1a6f621836272226ca551d57dbb0e7cbbe0555b775593ccaf8f95586919f9fbc2a705f70286e47cc798c18d73290ee |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 7fdd498c7c1bd039196637d3651eac72 |
| SHA1 | 2c941835434b5e31c0384928fa2df124fd0d8678 |
| SHA256 | 200cb427ff133be0f0fa52df0154668aab85bcabc9acd691f4608ccbcc9f7e45 |
| SHA512 | 90b61b6051525c3458463705cfff710b25b1d2f8d520a2883e92c30ae8326283c959086c82a8457efdf5d646b8ea48421efb43ef10713e9c64dae7c79d3a69a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 05f6aa50464d35aed9d3bde5ef3ed02b |
| SHA1 | 88b74c2fac30b9c3843dadd56c0cce590f661ba8 |
| SHA256 | b69700e93ae5aba0329a4fe03832ae688817bc72c36d4d84562fe798d63752c8 |
| SHA512 | 01d37e3b09ecee1089a87a372404a5da7b344877d0e3e2cdcade5d64b567ec8e7b466841c6f89401b0402dd9fd74ca954bcdd84536a2fdf40101cb93eb62f8f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\1825
| MD5 | 140b21b2dc4a6a15900134d4bd44f7d4 |
| SHA1 | d01d85e37053ef7933156d0fa0fbb584092b8fff |
| SHA256 | 2ed95bce5d30302ab91a2085233915a387e1d8e1dbee87101ed79bf40f19f094 |
| SHA512 | 6df5728f278becb02b83689aca3abaa810957204c1a97aa66ffc296275d574cadb6e1393184867357e80880241d354851c005a8047f929437c250f28543300bf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\183866065DE0B4D4F2028127046BEFB581A325DD
| MD5 | 5950c539f10ea6d64e97a55c66223a41 |
| SHA1 | 9ff7f9b53ed0df595ff7e1d17a6d3bf3778d1f95 |
| SHA256 | 93eca6b4d6e8f6384bb165a04af272a44da84112141942d47af8a2918fc3505d |
| SHA512 | fe6e8426bb7655f1c9d3f32fcf5ddec52145246604efdc6e180d5ad847446142b1650b589b0cd0309cac996843a9ea79adeb30020b87cbbbee8ab5de363f7852 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\818D6913D1EF98264BBC58767F6D6D22E497C6EB
| MD5 | 95f65f5e82b78c8ddae72b56c159f1de |
| SHA1 | fb56e3ee9d2ebfe97c1c6ab246ddb699f30aac78 |
| SHA256 | de76356ffe69b10a4d39b21856953379f6abb5be42f72bdfc4903ec4a025d666 |
| SHA512 | b680ddc3a99a19b2e9330c92bde1803293c52d63a5cb88d642f590a399c3c79b84ba484dbe95b9b89f313bf5eb784d4491da306c8b8dd98af51b2ebf4c3e9c68 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\B6CC53B0972D295D54F95FA82A5838EC5616B026
| MD5 | 8a0a7f5bcc19d349086896cc447f09b8 |
| SHA1 | ce6f4611564a8ce278852514bc42c1a86198994c |
| SHA256 | 756e16d13c86b6c37ba353c32404f9192aadac421ea431d132945115318a27e2 |
| SHA512 | 02ff9149b98cf53a321f3b6903bbe9f08075730487d01ce303e26e591ed9f5f5fcd9ebb589481f435e552a83ee9057fcda55e0cd446a6807036e2c5036e7d8df |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\E2195B15E085550C47C77CCD6B686DD370076298
| MD5 | 2f7d527f085da81625258468b371d18c |
| SHA1 | af6d791cc5262b450a5157c45d1edada52dc5b6d |
| SHA256 | 1aded5b08e13571cb31b53ccfd42f62b6a4be870cb6f43b2b1c8ed6bffd3ed46 |
| SHA512 | 846f7fe8c788ee7ba69074adb076b0507ad963db3b9c41a8c1ae85ec80760781acb8c49bc5293032a8579382c01409a7bd6dcb1ed5eeee8526f08a8e02bbb3f7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\F1024191799870B12785EC8CF95ED4019EE3FD36
| MD5 | 1fadd8e87f220274ebf79d5964b23ea4 |
| SHA1 | 0d64e0b37dd5d0a4cfd00b39afa264ed3deb6a4c |
| SHA256 | f745f862c1e691aa718a908f18c0471af90dbe7791a41a813dc9193e15686c85 |
| SHA512 | 75ebf1ddc96fdb200eb3241cb9d3dbcf4e787bcdc26c3248b47bdee1ff3283699d3919d20848389bea2cd8a344a8e4c0042683886a37729632fe1a6d0eeb6872 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\81FCB1D978EB2D7073BE5A110D3E52E057A6A24E
| MD5 | cd6639c52900874181c906d3e1438e78 |
| SHA1 | 068d257c76db8569b3d2ffd9dc5d8872a7c8c131 |
| SHA256 | 4d69155bc576e597fd72e44451fc7869f0deea31031825adacc1d8a4a826eac4 |
| SHA512 | 98427741b9377f15022419b3ba770fee7fb9d0a5e0559c025c13ca87d9825b96e8124e11957fbba856212f6fa5ead87be9ed2280182fb39c418acc5073cc6550 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\19A2007D06A031977C0CFE11585AD11FFD82BAC5
| MD5 | ce93fd08394da517b5ee7f602b372a93 |
| SHA1 | 830ea2e5b265969ed04fd11ff5a9cfa9a9150caf |
| SHA256 | f283b06445af8de307551565340291208eb1421eda0f5c94c82f43bafc2c7dcd |
| SHA512 | fe4073f6a38d188e0180f27a76e57539c2570edb53aecf3b3c24cfe40537ae71b799f752a665e835cabbbdb155b39ea7d94e94e52f7b1f5d5e40fc883adbd177 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\98E7CB868A0E2CCBB49693CA594496B2A4BD01CC
| MD5 | 4c2113f4f2dec8607c5075f2695173bf |
| SHA1 | 1c71dd681ea04a3598d3386ca365b1db3ed70d11 |
| SHA256 | 1e037c896d7bcfbdd30aeb9eac45c06eead256f7ff5afb5961cde9823a948a68 |
| SHA512 | 463026985f7c983196c33402b0c2bb3561368835b393170f7af412726a3fba055e834b92552943635ee0e4f44c463d5b707f2ae2f32d97d6bcfa5a340d679de7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\1311
| MD5 | fb7a59c756da8ae4061ab6b38044b03c |
| SHA1 | 98f7318de2cf0800b34cfe14fcb5c2f68155acbd |
| SHA256 | 8e23a0fdabb2841300c178864668d0b58534a1755654eac90bf61bbd1fd92446 |
| SHA512 | 4249ef4659b2845a20236e1d62a53caf53d91ebc1150a1ac4dbb77d8f7c216500e3df589687df81903f7be99bc372a3052cc8a57a8cab811bf479f0bc1b0aaa7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\32E07532F42C2C216F004B3948A2236BDB9E5798
| MD5 | 3ca3de443fa63eefaa519fd08ff01547 |
| SHA1 | bdd6543e411a33add8ffb8e036d57504d995293c |
| SHA256 | 2bab2b7e221b39517e9bbb0d1c57ffb38e8363da67403ff42f389f84ed1b1d8d |
| SHA512 | 9915a6887bc96bcb709b578ec813876e76320c2c56d4224e59e555a716bf59615d92254a98264a62ee3a5190b0bb57559506dee8eb0868da151c68d50d6ceabb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\D24504E5154C09DB5256506BF09FB4A50CEB16B3
| MD5 | d0856d367a022cf96ccf5ce99398ade7 |
| SHA1 | 982baad99722cd375ee31617d5c3f9b928dc531c |
| SHA256 | d6925cb261da13ca1efdc68c4f569f6efe07b95e299e31e70fd18af5bde1f59f |
| SHA512 | 8215e47efc5e6b65b79b78ce92795e6a4ed6b84af5c1cc2df159077d4251e355b5558afda4db956e7811a146aec3121396ca6393097cc0b5b18046b46980b125 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\4936
| MD5 | fb17ee21f2d8517b7c7aa28bb046e3d8 |
| SHA1 | 051889ef5b24ab4e19f69b59e67cecc45ef66457 |
| SHA256 | 53ddcfddb27e8e6ca698df9293b83d21319efd9833bb090cb741264f361b32ac |
| SHA512 | d7768199af4606c615d8519272e946799e801e00c375f3915c3e503cb863339cef6d25d3f2c989eed582c5495fcc62d0b0ab8440660eac3370bcdf0ad8dd135e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\F061A5374FA4ABDEE9B4C46A1D4B2E0D5D8C77A9
| MD5 | 632d83e236797030accc9d4a710f55f1 |
| SHA1 | 2f9280bfe0e7b2c2f1e7dfd49bf17524b2319fdd |
| SHA256 | 0b3b7daa72013ed6a35c940caf5b3f6a40b1b6afd59131bcf2f70acbe4971559 |
| SHA512 | 0c19e57362505a9e6fa1bdd8cbc544316e33e7c21e40d5af923325359efe0f196b8640658b865e32cba6352cabfeae991c9b855e75b502444c13f365bbe5a0eb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\EB73E7FF0DA31744A2FBB64A65A5138D85179E37
| MD5 | 61927899b3d413651087f9b8fa50eec6 |
| SHA1 | d607d2f37c70d3acd55d96882c9bc75016755037 |
| SHA256 | 320df6e59a2069e1d6967ead6ea7072245648d118c5c4d3529b9077dbc5d77fc |
| SHA512 | f85aa0c00b8481f761a2d43cd22f01e5e6b4d8284ae060687967645547ca1a8ecbeb261fa3a9b3c52e554ff50763f1b2a965fd8dc2a788861d31c47ce77bb0cf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\31869
| MD5 | 9e3d985eb8a0f49bc8b46f2e393c6f7d |
| SHA1 | 33680f73b873e044e05e143a16625cd857ebe537 |
| SHA256 | b12d564fe63cd447c67b8d8378e4885c4f83d440982d0891805010e7bde6a47e |
| SHA512 | a7176f69883b55e4dde4fae58dba5227b75fa1a169efa7d69626292c2f53e590fd3ff250718e5acf8773823ba0045e1b77c2407b15e0cf4500735b6dec9a5b19 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\31532
| MD5 | 1b8b1512c32d05f49a9cb5410a5208ca |
| SHA1 | 05a319e963207ce395a77c2cbf127fd1365825bf |
| SHA256 | 7af4f0df19726d75bd2ab43e9c21a1ecad81152c6529a07eff8b782ed8cb02af |
| SHA512 | e40be602ba9769692e9acfc1563b481a8141243e799a0d166f644211e3328eafc3a4ba9d2e10f0e5127292ec8f3cf1f86cd95ce7e45a145b506be3a6ad3b9120 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\31084
| MD5 | 3809768fdc0845b1ca36a2ed5f485618 |
| SHA1 | 2e2233d2a062ceafcb036c35c86a016a08247603 |
| SHA256 | 9f579206b6c75affe0836e4bc6ed892c0353c85ce539849cbb52a32997154990 |
| SHA512 | ac013f10f7174e244a386e2aa3c79c1946857b8cf9969fdebda4a163ef529ea0a77e0f115d99ad45776ec4cc525149f520591086cb30e5243ca7d0b0ef6460c4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\17572
| MD5 | 54988b6fd755f8a99ac2d2521f59db62 |
| SHA1 | 2e10769f630af63b1a529b9b3e79305a0f2607fb |
| SHA256 | 99499df83598e9fcbe0a091b13bb63b8f0f9f033afaf6956a65b18d16a9ee4db |
| SHA512 | 7ec5641d0e1dcc8e7f40a8312c35543fd3df722e4414da13e06dce24aa0eec8c5eb0f97c6f9b863e4b39686d3e09a68f13bcb2a8ba8b59743248e9f2c795b853 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4acad91397d26d04393763040c6db36b |
| SHA1 | 1896ca543fd45c124693ab00b1327c5e545a9be0 |
| SHA256 | fffbdc0210cc8952e00994a3541008891b596ee053ab51961bb55b21e2fb2fe4 |
| SHA512 | 26562dc96ab435ea41ef6f11e45345568020d906e33e19e819b981ce200c01c4c99897fa20a75bd1b774b02801e8b72de1459a05708de76d4304653bb5b5bd57 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 42bd5cd493d7acb3437e93b0032ee94b |
| SHA1 | 2ef257fc824a28c00bcb9b9cb49568376a408721 |
| SHA256 | 03b107906ba10d60107c37540e0ea8ed64932bf3b0ef5609fc7a25079d63ac5a |
| SHA512 | 832846a1c01a38c5fe1bca419d650bb859b2adb681d3ac3734570967f6a20a266a1eafb7c93cabdb4c721352220b81e014a497b320e5090336043ffe6a335e86 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\202B6DD3AEA22171F941466E5C0D23C87B7741BC
| MD5 | 22b3a8b457ffdb21db6183aa5379557f |
| SHA1 | f2151d34f5659a62b696b75affaad4a0bca04f91 |
| SHA256 | f1679334d9ca74fca650d0496dc555e026e23e602b04ea8eb48a6a40b253b2a9 |
| SHA512 | dea4681d1db53523f0dc88b17c24e6e246b41b92c0cbc77ea47f1f4d5bf476f5e20e7abcf39a7d71f6eaf4a979a7ea18e8f48f7a212f24a2b8e5e853a259905d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 9347bade0e6d351734211b0848b94d2a |
| SHA1 | 17b2bf009ff24921656ebbed32eb50a4ff4729aa |
| SHA256 | 32d8ad65de1c09eb43020f339bb95f231eb402d6a25bd8fa67da8caf0719617f |
| SHA512 | 3d26014ac78399403ec0c6d550e7ef676bed3dfd71153a3c2ea80a9c090891623e99e230ba83c2bf723a048770ddd65e6fd57e40131c309e77dcc4465f812e51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | b1154f4a2beaaa92d259f3e034ec251f |
| SHA1 | 8f15cf2f13b920c27e272aa036969a731fa8a3ff |
| SHA256 | 52accfe3a48876d15e20fd0aa9b4c9bd40603ec5187424182920ec4c4434b137 |
| SHA512 | 99a7bc5bbd13cd36883dae3601c6425a9890e5af96f34ebb3cf1aa2e4aeca7977dd0b594baa4e5fb27ed2cd943e159b8998fea18a8854bf09158c94db81bfc61 |
C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16.VyTs_rmh.zip.part
| MD5 | 33535fc75238d0c1df9861fca660aa11 |
| SHA1 | 0bea1370246c883992a4bbac50091fd548ac26a9 |
| SHA256 | 35a83cac6ba432997726219b82385b384fb838c4cea3bb445479267eb29ddf28 |
| SHA512 | 3cc0d348d7a14680a4110b4443e566dbe71ea958d406f4efdf8a005fe515e4fda569e55bd4b264d66cbb4a4f54cd625ad4849d65e7b39819cfe5190353d8e841 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\F12438933DCAA5300F771BB2C408A2B6AB6F22AA
| MD5 | dea36fd0a63b001be896e894073c31aa |
| SHA1 | 0b55d0a08affc5df7d7fb53b315c6d2338a45deb |
| SHA256 | 37b7ed0ec0ae03337d6a31c25c9f12a94ea730ddafd4db4397c771fe4222b48c |
| SHA512 | 51ac09c5de5efabd2d9448c3b6d3429722f7358cbfb12a17647a699549447a1649a629a65e2619ba7b225a2f3f3d1952090434abd7469ae86cac658d1b2c6f89 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\29922
| MD5 | 43aeed51887e687dc79fa46c6b586a8a |
| SHA1 | 0fed092a10c462c8e1a038ed9b35a3d71ed39532 |
| SHA256 | 0e4db90d2633b7684fb123722a2afe0d3f1699f6e23d3c3cb5151f483f3915b2 |
| SHA512 | 04891c0f55b7c5b2f25374f4d35b368ba0b46cf4b1997986d1a570da043da67b584497647f54953c64557f973e4e33f167c4a435139094dc8b23802d472e1258 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\3349
| MD5 | 620ded41e1b22c26180c816df52d9cba |
| SHA1 | 77de7504e758b2c8bf27206ec6e2ca137514558d |
| SHA256 | 2662b3b74392329736f8169edd8b863af6de6c730befbeda41f4ff8286ce2c86 |
| SHA512 | d34f57e47d30b4b34480d6385977fe61a6ec4365df932af77b9bee64d81822c18f5fe73a45363df1fd2c4c6d73b901cc7fcba9b6fb5b6ad8bb417e352edb5fc9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\22494
| MD5 | 87ed209dd7025d2e5f9bf70807487728 |
| SHA1 | b69cc4f257ea22e2f088ecfd39c9aa9c92fd0eba |
| SHA256 | ade64f3ae5a65bf1d9e73ae80df8bf7e4b2e623339b4205b806bf623d1c6035a |
| SHA512 | 03cbc291edc7e1e7b62df20657424a871f883d50e98abe7f795232f8cdeae1727eb4dee488079aec44d42cd894f2330f2ee955b68c51a0f4c881e5b09a01f7b5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\9880
| MD5 | de8bfcb4d645e9da2cdaf5008938a7e9 |
| SHA1 | a1f759c7b6fb908350d8dd2f205e001610b679aa |
| SHA256 | 389c403ef129d93b9fb6816e69847a3029764769d5727b54e0869726d9fac202 |
| SHA512 | 72997297e3a678001697ddbd5fb46ec7f13e7b049457751e465d54553761bcbd64b935173bb9c800ce60a5d5155c16c87fa89b17153875fae3ad9794b17a1cd6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\storage\default\https+++www.loom.com^partitionKey=%28https%2Csourceforge.net%29\idb\4266997078reegpalraoytS.sqlite
| MD5 | 5245cf6c972b45afb794953cfa041611 |
| SHA1 | 5ec155498df743fafb94b98e2f06be926d8019ec |
| SHA256 | 75a2a29220d14a3910b61176643de7c02492b547d3cdb7472f03782b0a0b2c06 |
| SHA512 | 859c041a41d8fda6df988e17496b13863f3fe207fc151df385fc051f7a4365e8ca02c2bb88671f5e43ef9e0fd158796c9e4db4b4206cca227eb91e0f7bf7076b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6af856b0543d4ee99696201d443e812a |
| SHA1 | c067bc3304ac7b9d09f041360304a470fc2a01ff |
| SHA256 | fc991b47d3885de0d891f85648f06884d5d45bab91b6971509005376bf06fd0c |
| SHA512 | cfb76a9a5916af2b6ecffce6a4befa4c45d8bfbcda1ab61db42bde67d58a47b8bb6354541d7b4ad48cd0fe8f2df2e9fdb08e1092723eef3a53074b27e0d323d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fd2eebdb278eca18090dd846612d0469 |
| SHA1 | 336b60a9bdcd4eabb0975274eff28475ae5ff1f5 |
| SHA256 | 688e8edce3b31744dad098ecdf4e56192ec47afab099eb82a2a195ac67ea597b |
| SHA512 | fa03a82a3de62a8538f03c827cfd3c3340f7c46b5a84a1b6caea246cbad7f4a052f921ce2ef2e70ed29ea769b985f2fb4e3629f1ef0fd555cbf50c78419c1a9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_D7AD35232628FABEF0C3E04565DD2D7A
| MD5 | 9dd5505847b5aa083883a3a6eca5861d |
| SHA1 | 29c0bbaa8578b365380cc717081da1a4b8b3e2d6 |
| SHA256 | 7f80a88ac3c7a669be771915b5af8c12afc951bf3bef805b92aded8ac636ccff |
| SHA512 | 3e43f2372be9c545da0057de92a99a34894e5f48c350241583a843e68f46ee449219bcc863f2b7f86bc0310a1585a36c100fd836f12592fcf0f50e35194adb34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_D7AD35232628FABEF0C3E04565DD2D7A
| MD5 | e9e400ef1a875858d3729af17b7d120b |
| SHA1 | ed3a6fa710c8497e1621554b098f17ab21f3042b |
| SHA256 | 8ce0ffd18e85611f3d498eaff7ade97590595c31abe7c1372740df23c4e9c1c3 |
| SHA512 | 0fc74e4c146255dff3b6b4720126d141f250a8302fbd0d61664f5b669fa4baa37b2d32245f98ab18c52ab4c0e7020eddb1bd430c4437089d803a2bd25eb88c3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
| MD5 | 1cba2a0be94485401d19e6e328c1ac06 |
| SHA1 | d5428f0bf4bbe30f112a1de072b1b5df984f8b85 |
| SHA256 | 42706991f70205ddc4abef19146fa59b6e897a93613dfb98dd76ac8268a1d3bf |
| SHA512 | 7fff1c3f0634287f9d1230595c8a88ab94414a1eb4964204d642ac0812cca6d0b379be303df487d1e277e4fe518d062fcad46d5ae308db5f7bd09899e9fedd9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
| MD5 | 062d94c99ebc7b081ecba3e7e5c56263 |
| SHA1 | 4a8bc6086689485e5f9ed5b30689b04065da9e95 |
| SHA256 | d202367830b1baf42c0bf412e3fd9f1a7ccb2ab67a625af3add11736168c6f9b |
| SHA512 | 9ce173975b533b7425b2d7f1b10422cd0a94168354d9e0d059e87654c21bab31c9814bdc4d2159225bdda8627b00f4d7c49806c9b58ab6fb71bfb66590686558 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
| MD5 | 69b90b4d17ab865eddd4b4d18e2c2db3 |
| SHA1 | 627e1f4ac2a202413ce4f0da6fe052cce5219f65 |
| SHA256 | ca0eaef00c1fdebc0b8e4fb6909ee722f8fac5e44555f628a0041aa7a65be23c |
| SHA512 | f9d3968f9f2b64091b691fc021f0482e9746aca588c9fb6a8c399c6cbb3e72e7f794a05eda34441d8916e424c20b840caa88563fe61eb17cd2ec7bc4d9b3c7fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
| MD5 | 5f6fec337959e018926184bbbbe75036 |
| SHA1 | 8ad8cc99130852faac40a61de7898569fcae6258 |
| SHA256 | 164521bb1c606790c172dfc302f5bae9a96cf772c6f4df986dc510602634604b |
| SHA512 | 65dbd2c3cf7ae229cab29952939bb0b72c70d4d69c603a91e9cf434f8d6ee5cf94a41560a157619ba55e656b1d002c91533725e13e6030a4b2aeb512f9b3d6d4 |
memory/1524-1667-0x000000005E4A0000-0x000000005E9EA000-memory.dmp
memory/1524-1668-0x00007FFEA76D0000-0x00007FFEA7C55000-memory.dmp
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1524-1671-0x000000005EF50000-0x000000005EF65000-memory.dmp
C:\Users\Admin\Downloads\ykacfmayoi.exe
| MD5 | cf19b0e8debfa2158b6fe108e104b463 |
| SHA1 | f3512466a39118fe6f823a3f48bf9bc2aa3fd4a4 |
| SHA256 | 8926b36eedd49b2c530ebefad37e1a21234688f215ce4613bef28e0fe903cce1 |
| SHA512 | 050a02d42b7966e8573958a973938f8550198d5c9eea6cc392b3bac2d2c116e45e560d6bba1b5351477025073fd8f2157a7e05dd1d4301ee7b52e105c51977aa |
\Users\Admin\Downloads\ykacfmayoi.exe
| MD5 | e0720fefcfa2d51b0dc7a04cdb50a9fe |
| SHA1 | 139d825f7985f087b588c46bb67306ed51f78936 |
| SHA256 | 2fb8e52dc5c1bc980267385e0ab8b6024e75e12b7ec1c333afc5d0f66339ad02 |
| SHA512 | ca7f9209c9a5c4d1af016c0439c2ed734a05a99fe7723ae8dd903ef8be87f152c6598325a26f190fc9f48e248f8f5d4e1b67c46239acecee55f989d934e617f8 |
memory/1524-1676-0x0000020FE8A20000-0x0000020FE8A30000-memory.dmp
memory/1524-1675-0x00007FF6C8AC0000-0x00007FF6C97E9000-memory.dmp
memory/4984-1677-0x00007FF6C8AC0000-0x00007FF6C97E9000-memory.dmp
memory/1524-1678-0x000000005EF50000-0x000000005EF65000-memory.dmp
memory/1524-1682-0x00007FF6C8AC0000-0x00007FF6C97E9000-memory.dmp
memory/4984-1683-0x00007FF6C8AC0000-0x00007FF6C97E9000-memory.dmp
memory/1524-1696-0x000000005EF50000-0x000000005EF65000-memory.dmp
memory/1524-1698-0x0000020FE8A20000-0x0000020FE8A30000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | af096e135e38f5ebe1b4fdaffd349eba |
| SHA1 | 0c4c03fbfe375f511dc83bff3511df76fe366bce |
| SHA256 | 2581da2d072a5dd5f13afc06e1f59bb73222b7b535b33b9dbf64f924db9ed899 |
| SHA512 | 6a4489d370eaabdd9d89f65742e3a5ad76f69aaea82720f9f9dd9c66c44875725f2ac770fc6a9c7c816c113c0c9f7257f379cbeefc808359447c37c31a28e911 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\25231
| MD5 | ea9c94a50061ee03969327bba77ac361 |
| SHA1 | 1d552c056da81051312eb5593a635a6bb56ffadb |
| SHA256 | 05c066683f7120af2df8d4e4f9a17dfbcc107d395c24dc0a70311711512b0be9 |
| SHA512 | c12ef2a76799e4ed89d07434ac8eef856362551ce96f69f3a98ec44c0fbd41f4ca046cc2356e2cc2606f2b8d03c58190b7a2bf8d4420843d49795b0a6f5b9332 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\26DCA2A9136AE5A1C8CD4609AF3AF62DAD6D1904
| MD5 | 1d66a0f089b33373bbd622f082c813b0 |
| SHA1 | 4b7fea2caa47668e459a666b6fe693453b6237e8 |
| SHA256 | f148b19a54e59fe1c537a00557af68db5cee1b7873b9c046df0046c3b3daefb2 |
| SHA512 | bc79c300dbc62925a67a62b5d6a9f7b1b7741a58078b0a1d7a9209f5ad1df973016f0564f66f3a6598442d42d0c0af02a87d48de587f1af246e065ba272d184c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\11058
| MD5 | 5faa729a8e1a1a31c916785b3644a965 |
| SHA1 | 0fde180b03bfb13d53410c4009c4a4272e5c01b0 |
| SHA256 | 8432e74017ecedebc3394e8346734ced845d15aa94ae6cfa36a380164f5e82b8 |
| SHA512 | ca923ab719e744f8536ccc8f55c0a787c73c532576557773157ab740766265d9f74ef2e409b0baaa89d100af2ce278551eef547b17cdf3e897b16b588f8575c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cb7cf8034713a45f84212501fed29bd8 |
| SHA1 | 62e9ec3668abda10ac8b20c65b7aca5282f151d9 |
| SHA256 | 028b84fdd78508d8740a120fb5935bb29d83b00aeee2b87b606b245cda5d7415 |
| SHA512 | 91ca767b8069cf8958570a936a6bfa4ac7ccebc86efb339f11a18b37f964f5e6bbb65f1652068bc6f4d3e48ccb945011ca89cc5182f5d9a52c24cf7111209b1c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\83ECE6B23DB03DCCDA2384FAB3C58334CD5B6B6B
| MD5 | 0ce5138d38f3967646b99f5a907e62e1 |
| SHA1 | 46ca1c87107a8bc17b194771d5f8099a8edc0d3b |
| SHA256 | a3632327215f06f5696a64a7a9336060c087c509234e3d36af1779d4dae4d355 |
| SHA512 | f45efbaf0baee31b2c1fdb1aac70a80e398ba0c9d0e76d1e7bf89e5e389fcb50fb7cfdbb69566634bcbee8c22892fea21b08e953971bdbd1aeae8190ee28857d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\12098
| MD5 | b320bc17f975389e72a6e816737f7303 |
| SHA1 | 59e6628c32859110ce6d978876038b5c81469021 |
| SHA256 | 2bb86e1472695c2251d964386c090c78a8daf4ea1cdd8f311ec961b6d56701d9 |
| SHA512 | 0505315afdea34d59f2e8dd7865a2d775b77a19cf44c9890f8eb46de3b122127083a28ff1cae07c630f14b70bfe62e7a4e4e1dcea3b98c5a029f5172da1c1ebf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2bd94a805e499c77099a656b5d79f607 |
| SHA1 | 67112bd056d8701f685bff307c132a6da442a884 |
| SHA256 | d4331d7b957db1721ff750426e7ec2dfd1c16f580b60e8eb5c830321db92cdde |
| SHA512 | a33a26be21f48f8404f28c03854ac656899c5219e0c26aa42a1f05bf03dde0e832eca5ba54a02faf05b3dc0905eff23869f8880bbd54e3ff9b012550f1303f87 |
C:\Users\Admin\Downloads\dnSpy-net-win64.f-HQcQkR.zip.part
| MD5 | f3697e3b670b3e782c1f6fa8ecfc7713 |
| SHA1 | a504034a06944ff7fd95fe235a23b744231b2166 |
| SHA256 | 308ceb28d979501f77d837a80b89179b441f1913eb3f561cb8b699f08bfb8b5d |
| SHA512 | 5334c7d1a84b5d66048cb51c3e513a46ca1d177eb8f1c944deb4b9b936f777327273561903c089dacc5d6c76bf1a9934e4d7ad75d8a59161ed02de91d6f5b8d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fa6a190fe387468e62d37c9c3f9b4bfe |
| SHA1 | 1c6aedd366d2f6ef27c17b1e319465e0462a17bf |
| SHA256 | 3ea24e4f6c3a67d985503787ddbaa35adc6a0219b6ccb4f051b8a9efe3ce8610 |
| SHA512 | fbe6e92bb1337b48dabeb190ed4cb5889b6e87f1b3d75ddbd233e3763ad62b3d175f4caa96fbf240ce9207de49555f0a4f391b2d69adbae2c0a9f6e265068f3b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4a7e15f72cd2aa82753a2664f0966f8b |
| SHA1 | 1e912bab638cfc71af7a79b8e3b45902ff166c97 |
| SHA256 | 6c8caa690405eb31602fc94543f4c0cf22ee1a2088b78770656dc32591511ae0 |
| SHA512 | d00066b5e0b2c93c9f8c9ca3f393be88f917145ec41ab6b530213c79150beadceb83d4576bc2e53388e6e8472a7db28c7f2973bee8c9033ad5f67982ee1a56c4 |
memory/4568-2062-0x00007FFEA88B0000-0x00007FFEA8DB4000-memory.dmp
memory/4568-2129-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp
memory/4568-2130-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp
memory/4568-2140-0x00007FFEA88B0000-0x00007FFEA8DB4000-memory.dmp
memory/4568-2142-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6f05bd6ad59dc6edaaafefbfff4ea391 |
| SHA1 | 90d51a09c81393399c3e09720fe873e76d50f45f |
| SHA256 | 4c8cfc2c10605192734d9d45b27701592454eb15d068cd8f57dc867100264384 |
| SHA512 | 79ff43bb958441b1e1b11940579ce85375d7104e8c77432aad96606f27be1a734605d6d3a6ade18a909dd6c38b1a607ba741563f261a0725a6abd15c9486813c |
memory/4568-2208-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\25327
| MD5 | 1ac98c6bfe3fca4461e7b00b6a1497bd |
| SHA1 | d3e602cd93f7a4ca4ecb16fedea0977ce444c3ae |
| SHA256 | b088a2d8baa3f878d75e5b2ec2aa55c6434e28852bd91fe1fdf5f3ace8b6401e |
| SHA512 | 43fa1ca10aa4e5478dbfddd01ef9e2928532dfe3fba89610dcc723834fbe2f1ce04316a0436c1e92b56ced5ac9003fb16a22be40eec401967b57241c0fcd27dc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\15531
| MD5 | b90f2e9919906b817c0f071387b49e21 |
| SHA1 | e4fe27c28b98deab557423750d4222048bf25d32 |
| SHA256 | f80bf682aade4d97ed966d6b9ef9ab57cdee26d268e2068042ffce59177116fe |
| SHA512 | 6ec7892579b4040d20810eee2e7333038f0d8802f323d0f1881cf02a86f53378b78e7fa4fc155bce53b5ea95f5e9a283d9e36bbe054098c99001891ce55859ff |
memory/4568-2253-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp
memory/4568-2371-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\29969
| MD5 | 14429248cc58293411d8b81eb89b0a25 |
| SHA1 | 8afadc40c1aa0ce23a0f3f09affbed01063c0169 |
| SHA256 | 39a5df1dedcbfe076d57678d9e0ad5d2a55fbd773378a0bed403c8eb4f2aac67 |
| SHA512 | 68e52054b962321d741b84654c2b49f2bdb2805ab883b1470adbe1127a7e9211a6dcb96a033e5ad666d912428a968676319d3716b4ef8b7895122c24fe53f7d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\25581
| MD5 | c7c3f8d72c692ca37cfae9f208b0e130 |
| SHA1 | a7e7c1b5c026f5eb6878e36621208041319bdff7 |
| SHA256 | 6f9f0fc7375878d37d939b4f2b72c9907f1a65bbf958ad2d0aae205f8f76a242 |
| SHA512 | 4590d4d581f8b4bef677434c7705e1e79aeaa684f39354e26316b40d82f90e721b9fa06625381f8d32bb3ddfb6f01ce2d8e1b0ec6b09716807694de4146b7b1b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\29071
| MD5 | a80d280c12144a4d6e63577367f9b479 |
| SHA1 | 6db5afb76e29b3095ee4e1e93099b5ebc3ac3833 |
| SHA256 | 84849e9d9c2ba11cafc225726b98106499004155415add9b5e6bcad472513bf7 |
| SHA512 | 12e198812f7805c59c98e70c4794857ab4f9380c903241e2b87df3ffcb1e2bd1836f89728a12747e8e7589df85dfc40a094190ab4b8f63d48663c65e3af57626 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\26301
| MD5 | e7abd4cdc4f51d930338844a8fe16111 |
| SHA1 | 0cda2e338c4521c3883f3b6a9dfe2fe6e446b69a |
| SHA256 | 38208ca87920164b1b9dd509fa14b043478dae2908471e6a0849e9c1d75247e9 |
| SHA512 | 783710fe052ccf301820dba103153c1668f01bc1865017b767cdcb19fcb5a6f969f6ea5ea55d20de45335cdc8d9bcd6c09235b400949fb7c607ebb014da78e94 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\9861
| MD5 | c43f511a821ca3a2e5bc352d27b77616 |
| SHA1 | ea6a688de2cc7a3f9fc1a0de8ab8a5ff40185512 |
| SHA256 | a4cc6a4903ff9032ec81345ce5d35ffe224660fddb3ec325d34726a2f5512d3c |
| SHA512 | 2082a1cc6b0645d75507254168af9ac59ce680128d6b81f2dc73b53e00dc1eed2ea2479449cc0e95b3a038afc2326745080af021d772d7e7c07355a1759e68ae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\10027
| MD5 | 33d795a2e4e5c54b67444b086170399a |
| SHA1 | b82e6ce2afd2331c461f9de902eb6bf104afa6b4 |
| SHA256 | bd1658829d78e8d107f75bd7df6d536c0d6aaf77939a7496e979ddf638144b0e |
| SHA512 | 3ea9baa15e51fb28c61c06a2d68051a90935be2dd277bde36e83aceb4dbb403eaa0a7bff8f667732a4bfdc0dc08617ff12ce44a5eb6b36d78757ded01c35e68f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\7539
| MD5 | 92c511e5153d44c98663d2708a0dd22d |
| SHA1 | 05db70a55dacf09444784140374277dede4af522 |
| SHA256 | 736b303d9c7a37114a6cf5eb0564d18d7147b51046605a36b28540e4947c010b |
| SHA512 | 56698284604fd6cf892a1571c69b66595dde54c8a7a1be5315b92f8803c3ea1912ce44d567096d9a27f180a997bce837d6653b4e0ebf8f15810d2b579b109c06 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1305fde0b372294d11a1416e26b05943 |
| SHA1 | 15b10229ac1271a3bd71ef981fdb2bf355b3479e |
| SHA256 | 71bcfed5e54a072f38945e397211447ed1aac97c00b591071998239bce56157a |
| SHA512 | 4a994524e3ed3852f924bb5627f51c9d1d50b3e542d10bc25a2832427e603d58bd7e72698e4eabbd28c76dbbcccaf47dbca03c28e4ac57f7454709177683e893 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\31616
| MD5 | de31092794ff58966715f6d5035ad9bf |
| SHA1 | cd79fe7e19dd80df3f13c0fd7404b489ea4535b3 |
| SHA256 | 4a21824a0664c20e593aae0d1fb087e3dee7efae959c1242687fac583f3af633 |
| SHA512 | 6d38163e37eee5663b05c24f1f8b01f65ef78075a4a0fec26aeebd7c9370ac8b10680191e769d406d18c665e6674210d74bb5a071cfe9ca37ead5d5ae5e97777 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\11448
| MD5 | 7c03338d2c8b5275b16a3f710524f9f5 |
| SHA1 | a86eadf0fe7102c57bb9ed673298691f6aa7f677 |
| SHA256 | b3dc795477798d6b59c1481e1bae96da27cb6920454a879d01161667d62c0dc9 |
| SHA512 | bee7afcf38abf5a3c01e4d0945fa0b2f739d49bbae2168be2410fbfcdc8f56dfcfe29eda18d991c605a53c677450d06cbc1c5b3ec3736fcd1d49ac6405c53824 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\27900
| MD5 | 6d064c7ccb63092e223f610956f87fd0 |
| SHA1 | 9d557681e6b3155c12413d279f526fcc48e0b2f3 |
| SHA256 | 6293079546ff210fbc94ea2e97f2f22cccf0f8bdea9f4c4cfdbee9ae381e5026 |
| SHA512 | bf1e5a5485e8e351cea7b2e39c96e59e6cc7040121451e1c76e77d67e4d80df019275949e263d9d74e9ea02b410a0e51bace6ff79f4c89431bf3c9c8c235f45c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\20831
| MD5 | 5ddd3154c8ee14626fe0445b0f18b26c |
| SHA1 | 18314725a1d4790257c878c529e8f7f88e7b6bb5 |
| SHA256 | 12b10fbb84254a1a12f3a8ca08ec93dee186c806e9d11dc69ffd4f0f13c30af4 |
| SHA512 | a2d2a0e898d28ab66e6a9746a363560966f516f8db76e52d895f8233785ec81e56a0317518e3c3fed78520cf28df672f825b7377e48722d4f3d1d262660a609a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\48F9ABA6D46586D394861F5DF3E9D0738D860D74
| MD5 | dbcc6b9b823601b2a8837a71478e4ec1 |
| SHA1 | 485844194db52345af68a61b5bba183d11293bc5 |
| SHA256 | e981b531c7664beb888d2afcd928b736267bc82b991135d54cc67b9fb8dbd84d |
| SHA512 | 3b465f5d5ee934551acf797d6fc5e54e1328b34f51a88c7dba20e094ce1468fd333383f75505654f79b2a4be9d8b5b74e36b8fea90336090f3f0a8212b1fdf1a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\A865932A7C9FC46C4E08AFC8176E9C37A69F6DE1
| MD5 | 72580d237d18bc8d94bc145b9faf4666 |
| SHA1 | 3359c66dcdba4afefd80767e77080179da184c91 |
| SHA256 | af8296b2731616346f77800784441169b9d57c2410c49500024f7881b131dd79 |
| SHA512 | 55f1bf4d803374744d67181b42416e88702028e5500daf650f4fe8cab6f56b38f69039fd91df17e6aa8b17cb1d4786d3321da4b55f24052b3992c06df2afea06 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\B53AEEC9A8A5A8BD1478C7F17B2ACC26050C2FF0
| MD5 | 5aa3a0af9a005b536ca23ca0b0219075 |
| SHA1 | 02d01171b8ea90da7073f1ee4b7b0b021023696f |
| SHA256 | 53cb66cbdbe716a55b843f7f44cee8da38ffc30aad4c8b6a888d8957cc8346c2 |
| SHA512 | 72a17d7e9c57487294e7ba4a5c56d9b328ac566a95c5f0f166f84bfffe0aea344aec2be53a20a04d2009b1b993f0ed97fd0eec68847cec961ad4f05fa29730d0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\6345
| MD5 | a52859df67a0d6732fa368df6259becb |
| SHA1 | ecf776f454b74bd9beae7260b4fd1d5c4329ac01 |
| SHA256 | b777bdbbb77f68e439e92cfc55fa0dc69d4a74ca4a53be093a150520d2b2ee05 |
| SHA512 | 9301e832ba1f745bf81b2c4209449762633a83e4c7b05189121fd541112e049a821f0eb1a40c623f7489891825a9cc5aa055ae8bc88d884ea684885b346fc53a |
C:\Users\Admin\Downloads\de4dot.bE04XoxK.rar.part
| MD5 | aeadb99baf5602130e892fb78ab4a9f5 |
| SHA1 | 3f4e24d62d614a27aa3926a642276972e63d9520 |
| SHA256 | ddeab3e272d5189aa415a3997b95660d2475fbf01957b6a39b7ce87a0bd9a63b |
| SHA512 | bd25fac35336509886fb56cdbea6a072c746614a8ca0e5604767e5f9ad9b12c26ef6b3e6b055e1d470f08dbc0594474d9aa65b3e781ac47c6ab4918bb8250549 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 411fef4a194b2c72293da56b53a2d6f1 |
| SHA1 | 3b9609de23e35d02b0811cbf922fff382f7077bc |
| SHA256 | 2c732194807c139ff63b8b6853d5e43f5e3cf33ac76cbbfa58ac1c78cd226fc9 |
| SHA512 | 8f05745c9c4ae0700ae3bd03349ee77856eaea7d59c86675cdc5c87483f1c3f714a16fab75b039b23c72a3b8d8ed65b5daff65750357ec347865c1781f3896be |
C:\Users\Admin\Downloads\de4dot.rar
| MD5 | 736094dad0400173aaa33747f41f57e2 |
| SHA1 | fda3cb01cf9ec5b31c1540bc999bc7148b213fc3 |
| SHA256 | be1bd9603b958f40ef05021150f131497ec50cde232e0979fc55a2ddb7860137 |
| SHA512 | c5c0ce9e2f5790d9f994fdbefbdf7c3ad52df18e330234e83844d52c8099590fb5a3170a53031b3889aa199a49c3a1c804d72971067f5e35e2277aef27158215 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 19152941ed8c1fa301626817a871555d |
| SHA1 | 6a737f8472cb89c84cbcdbb40c1949e0c0ba704a |
| SHA256 | 548d18be271984dfbddf10a961662a17ec463e1061decf7ca04ea7808e6e4cfa |
| SHA512 | f9f99e372a44ae85c66651d2a5477ac5315f10f8ee1dac8dab980c88a19174d3a23ff177d96980b6302025cc0312a1ddfa0520ce29a929a110f730fb0e706638 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\jumpListCache\UBAaxxKeqiyl7owKJJMhHA==.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\Downloads\de4dot.exe
| MD5 | 1a876733326543cdfbc95a8cd5f2538b |
| SHA1 | 101ba15e9b2eb36f06e753cfcc6089e03ae35cac |
| SHA256 | dff03ff478b8426113e8a7b66baaf42fb1281c88356390b6e99c0f578bea473e |
| SHA512 | d2b52f44fd8504428e7a911eea840c53f67aa247cf9a08e0747a08a4c2edd006a2c0ef748ba39cfce1a665aa92beb6b50faf33ede0e5840e87157dccfc9066a7 |
memory/1376-2840-0x0000000000D80000-0x0000000000D88000-memory.dmp
memory/1376-2841-0x0000000073780000-0x0000000073E6E000-memory.dmp
memory/1376-2842-0x0000000073780000-0x0000000073E6E000-memory.dmp
memory/5624-2844-0x0000000073820000-0x0000000073F0E000-memory.dmp
memory/5624-2845-0x0000000073820000-0x0000000073F0E000-memory.dmp
C:\Users\Admin\Downloads\de4dot\de4dot.exe.config
| MD5 | 7d85bf81018e3346cc1360ab54891b53 |
| SHA1 | 39a189f5eb68c9d7ddc83eff779bf0097f4a485a |
| SHA256 | 6ac7546263b4c4805085897b4d871e46dfbe9b2e52a19b0e23ae7bc37f473bc1 |
| SHA512 | ab6c2dc32b926b4b1c5a683caa5c2971bac6860907fb5204b6a30c49d1decb0d41d0d1f3f9e4b1aa6e3096e25691d285440c3c74172d20b148ad527dc91132e2 |
memory/768-2926-0x0000000000B80000-0x0000000000B92000-memory.dmp
\Users\Admin\Downloads\de4dot\de4dot.cui.dll
| MD5 | 69c8530706b137226dfddf0d98419134 |
| SHA1 | 780dd05986bf0d415f87c50cda0a59de79605d13 |
| SHA256 | 2c5cc14b3cd69255b3b673699e11a7d719c38212ed40cb0d5efa42398f06afb5 |
| SHA512 | b174d2c84aba6c273d3926ac02eafb6978dd3f1fa666c9d8016034a395b3965fc4192d6d4217fc0f4d7f9b2735fd23049b6ae740c4cec95a848bcd74144c741c |
memory/768-2931-0x0000000073780000-0x0000000073E6E000-memory.dmp
memory/768-2930-0x0000000004B60000-0x0000000004C9A000-memory.dmp
\Users\Admin\Downloads\de4dot\de4dot.code.dll
| MD5 | fb8ca456765305ccc9d10a7861c4f595 |
| SHA1 | ec1d33b3494616b44f500fe82bef73dfdf3fd98d |
| SHA256 | 99478c6e4d803f3506bbdaade4e11db368302dcdd4ba612bbbb3e100fd4b9625 |
| SHA512 | 3e15b8d2b99c487a3db24c84cd3d06f0332c0e89cc12da7a3ee7148fb19ff4130da83a9a9dcd8af3103176105f1db06bacd301efd93b49648536977e926c872e |
\Users\Admin\Downloads\de4dot\de4dot.code.dll
| MD5 | 9dc34c27af45d1939c92ed276fbc4fb0 |
| SHA1 | 4b6a4dc912f5a392889cbbbf18f04cc43c432723 |
| SHA256 | 535a5188cb0e13c8537a93e2b455b4cfd3c7364a45a20312844776430b7a28a2 |
| SHA512 | 528dc1b92c4d7255b8b7e5d105acbe4e294a046ed567e9117e2ec85fa7a62fda14c36228641d00d1b309666a539ab133808d0d6392ba069ffbe63bf9bc609c31 |
memory/768-2935-0x0000000004CA0000-0x0000000004DBE000-memory.dmp
\Users\Admin\Downloads\de4dot\dnlib.dll
| MD5 | 5c4dadec4d5f073acb1a49f71e5e78a4 |
| SHA1 | 475adb49047bc2468ea326b3626c767b8bc19bcb |
| SHA256 | 7ca1add7220ba60c2d77046681355e89ca0f1fb197eab57d8e67acf77e335d67 |
| SHA512 | 5a16546029a4961c73aa252498f794027d165d8de6f27f3777b58a2533ec3e437856b0d2eab5545d1176065012121d142e1f75f826cba2e9b38d17b9ca92df4b |
\Users\Admin\Downloads\de4dot\dnlib.dll
| MD5 | ef7a44337be8bb4294f4c03bc5b4858c |
| SHA1 | 6125ee2d7f2345306e332fc789edcaeede350843 |
| SHA256 | c473ed1c8929c4dc5e40c3d812be4c86c6a0371b2f11ae00815609a5cb83c366 |
| SHA512 | 3e3c28bf14ce424fc058d3abf834552b7d4e15015c04a6c5bca2934a91dc2a1b10c5f8b78d3d91e3e8658d7b94ea6e8ba11585c0d9fdc865742ec287181a21ac |
C:\Users\Admin\Downloads\de4dot\dnlib.dll
| MD5 | 1db0b7b1eb8892edb23e0ecbcf149264 |
| SHA1 | 9e30ae5f0649c7f30bacb92eed563927b9baca77 |
| SHA256 | 3441edfcca199c92914e26b88d2834984099e7d71b2478fa9dfe1a85ad23b597 |
| SHA512 | bf3c372d6944a6414967f5694e512feeef1d0f70c55de6010503649317fe9355dd0f09026067d3a15318b831b0ca224a3c5159b94cc469fe87eb8d9215251c01 |
memory/768-2939-0x0000000004A20000-0x0000000004A36000-memory.dmp
\Users\Admin\Downloads\de4dot\AssemblyData.dll
| MD5 | 3ed661d23851778a85cedd462a75171f |
| SHA1 | ffdaab3c44e8d6a4df7bc8b9e930e5e18c2dbf57 |
| SHA256 | 954a58d0b31866ad5ad6760d1e7ae57663beb7f800df96f8af3b47316aac82c6 |
| SHA512 | 6edc133018fcff9eacf94cf039e16b6e9a6da614af424942f95e03710ab4a2c674cabfcb47938249e40bf2ac1215b8a57a7f7c12205b4625d38b8edf4a831a71 |
memory/768-2940-0x0000000004A70000-0x0000000004A9E000-memory.dmp
memory/768-2942-0x0000000073780000-0x0000000073E6E000-memory.dmp
memory/2008-2943-0x00007FF688F50000-0x00007FF689C79000-memory.dmp
memory/5560-2944-0x00007FF688F50000-0x00007FF689C79000-memory.dmp
memory/2008-2946-0x00007FF688F50000-0x00007FF689C79000-memory.dmp
memory/5560-2947-0x00007FF688F50000-0x00007FF689C79000-memory.dmp
memory/2008-2963-0x00007FF688F50000-0x00007FF689C79000-memory.dmp
memory/1852-2964-0x00007FF688F50000-0x00007FF689C79000-memory.dmp
memory/6104-2965-0x0000029E89D70000-0x0000029E89D76000-memory.dmp
memory/6104-2966-0x0000029E8BA10000-0x0000029E8BA22000-memory.dmp
memory/6104-2967-0x0000029EA42B0000-0x0000029EA43EA000-memory.dmp
memory/6104-2968-0x0000029EA4510000-0x0000029EA462E000-memory.dmp
memory/6104-2969-0x00007FFEA0A60000-0x00007FFEA144C000-memory.dmp
memory/6104-2970-0x0000029E8BA50000-0x0000029E8BA66000-memory.dmp
memory/6104-2971-0x0000029EA4170000-0x0000029EA419E000-memory.dmp
memory/6104-2973-0x00007FFEA0A60000-0x00007FFEA144C000-memory.dmp
memory/1304-2974-0x00000163D1040000-0x00000163D1048000-memory.dmp
memory/1304-2976-0x00007FFEA0A60000-0x00007FFEA144C000-memory.dmp
memory/1852-2977-0x00007FF688F50000-0x00007FF689C79000-memory.dmp
memory/1304-2978-0x00007FFEA0A60000-0x00007FFEA144C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6ef634e4c20016c230f7b3dfc3705df3 |
| SHA1 | 7003700fd9bac4af0c5a417f9bfed32e2a6eab9d |
| SHA256 | 1a643c0561ca770b9ab7c0cfd5f3a22a985936057caa6b20282c9203ca139cdc |
| SHA512 | c17bc70cb14341b66e4db7f9550f32e465e501988e2b9b63affb913098e278b58d797fc40760e5963e72aa61309f98940fe4a3e8d02f3f0cc00d289bb42fd8f7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\2128E5C83AB05DFCE300963562A7479D2266A85F
| MD5 | 793c60507f10d01bf240a8162a639ec5 |
| SHA1 | 9c5c7191c1c97b949badb73c087cb7209c509abe |
| SHA256 | 0db9432159350dbad5038a6db06153c880b985da8441c40ee7590a678b6bb0e6 |
| SHA512 | 44dc2a5053677809a4191707087656b670ae90040069461fd63019afe868c15d3b2e591e00c190aa7b8299d5a060c82649876dbad29b8f052f5ac1b67aaca80a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\7607F4D0FACEFBE612B764D65903E5830BF1A48B
| MD5 | 69f1a1fcb2632903a757199d1b280c3b |
| SHA1 | a746ca0543d54fa47ee7a4a84380210da7d16085 |
| SHA256 | 687061a4021a314ebfd0e065d2715a38cd9f64b90f589b1eeafe9be88eb7166d |
| SHA512 | 05af9d4b360b8276499ec97364294040e8305d3bd49369f4b9b4b94a5f86cfbd6ede8218ba5ad7611d353eb39ebb8c4c314ce5688914716a9ac359741072aa2e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\C877D66E1FEE4A8F461A686ABF9C6C60C7D3DFA5
| MD5 | e8728eb46418af6b00a1ff26e5620e2a |
| SHA1 | bc6a9e2968ab27c79c50b3dd78ba6b9da7b7b5b3 |
| SHA256 | 660092a94a1c7b65cf5c577aec745361df465e31ecd07b947b74e397bdf3f36c |
| SHA512 | 578d78c962c727180e46c4a575cc96732b8db0349655551ef618ac26a68bfe6fe349c2a528777d1f3de2d0f870e409277e0e6c42851f57d5d7a5a8086124aef1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\15471
| MD5 | ce44115f899f48aac8eaa05a57bfe0eb |
| SHA1 | fbc081fe176207064211f35b5e446bddd7dae8bc |
| SHA256 | 8ddba12e69cf7d54c82c9e507f21918268bd78f9f0485bf9a0b8fe4e9f44b6bf |
| SHA512 | 0defa95ebfac874ecf0d0376654526a266010bdb634ec60cd8ea5b293443faaff8e9c7fbcfe5e974b8916ed762bd70a1afb03db7bb83166149984d411d758742 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\585E00D3262C8017022B7FA78232B4B5569806B4
| MD5 | 783b2784074efb19d34ea90a916ca86c |
| SHA1 | 0cfa59bfc721276f09c043f4311128519488d7c8 |
| SHA256 | 29e7bd8499fc92ce22e0e6f19ac9d3a429df11928a52d65959642dae8fa9528f |
| SHA512 | a75faa3c2924741595a7f8e25b99019151838fc99eca6aa037a0fe718ce55c44c046b1652261071bb69461dc623393a6e8849f50032950bcbf4f455d76eb3186 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f8e952d37f045fb292c1c1dd8e94cc64 |
| SHA1 | 51614eac47ecbb54caadb3e73b957bbc16642844 |
| SHA256 | d294dbf2029473b0fce6f1d785fdec515c545bc056febd615f97b9ae6a9cb7c6 |
| SHA512 | eaf9d3ff98a3ac791899691d999c7c3ff0369cfb3263674e46f209a7755b3e64aa518dcba943f4c7a39ac8d44ef7fa61e336988b3d8689a1d58b5d8716adf20f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F
| MD5 | eb28401af664fc5397cd6698e5ebcbe0 |
| SHA1 | 3fbdfd0177e97e8931a047b43d5e4854f47028bb |
| SHA256 | 9eef138add01b52828de7efcd1f05dcd13ce4d4c5ba7b5a9c6a45122e7a37de8 |
| SHA512 | 5f82990d0bf6a6ffc5b91c371d8bf1e048c105e419a81214e145b19ae00cd0b192369a9e58858d085be9998403958dbe87a7d5c672f9605e3090b02f38a7e016 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\D19F83F547D6E48BCA1F1AA5812687915A2DECC9
| MD5 | 2cd072886a5db5f1b1842d9db451b47d |
| SHA1 | 4faa38cc9d4bbcfd038e54c09fe89d2b79f6c570 |
| SHA256 | bd1e1ddd153c92f53f1201a43da16c8c3dd8061356d5e34e21685361df8c96aa |
| SHA512 | 110edb7bcec369662015777290a58bd729ff4c68ed2995ecd0839e91315d5bdf5bb04ff637761dfd17f89f971b4d8ef4628aaa1b826c402dc87dc7ea2580d1da |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\8646
| MD5 | 1f0375548209210ca87a596e8d4d39f5 |
| SHA1 | 47b52b200942879024d8367a366d3947a5871e6c |
| SHA256 | 7c566acf528c494c49195f805a48b290b776af6b422c43e85c0f98b6409a581c |
| SHA512 | 66976c50a5888c9981531330dd86b9d1e906ac0444462130bddc38eb6438f46524bf95f902d2fe509c0c180e41145cf62e6749bd679486f71c5941446be90c01 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\7645BA9A5991241C71BED9E97BE632F5642F56E9
| MD5 | 27b6109059e497121a095d46d9d74ed1 |
| SHA1 | d2915ff9af82c6fa24c065ac1473e336c25cf432 |
| SHA256 | f86ace128ff7dd141ec4be8332c84cb205eb441daef278854424ab7f1d5d4093 |
| SHA512 | dbe9156d84d0073dafe12f8b3b51d76800bb018e023e8c503a994e17ebca6cf9c96fd12e38b8279726afdf54809c53b6addf1515e37a7dc3579af591dca9cf72 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\D4081CAA1D56818A5F58430117C0DEC888E85243
| MD5 | 2a574713eb38a1d2292339a8020e18d9 |
| SHA1 | b8ed525b74649e875ac637bc4ebf0ed8c469ab1a |
| SHA256 | 844e12f6a874fa76ffb39a4adabd44772095a51f661479dfc4c8e5c89c1d0d99 |
| SHA512 | cfbe8a3a0d58168cee4fb760766a17df44c7052318410db54148018ae64a2ab258cf6c74e334bc714a3bc4ec17035f53449c61e3b35af639fa94fdf6e80a7e85 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\13578
| MD5 | 30e99dfd8d035af8cb2ed47a780722a4 |
| SHA1 | 22718f4aefa20c742ab986a14674f9fe758370f4 |
| SHA256 | ce7aa20856607925c4b5469e0bf05044b11bca28546ecf5a3041016aca733778 |
| SHA512 | cf771b9754f6f21c71d5974df54bb6cd2ed413914013ed64ae7d9dde301bf7395f21f44367d3c7c56299c6a561aaf413ac9ef27a786e47d1b81911cb46690468 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2222
| MD5 | 8a4f56fc229e309d3648d108686647f0 |
| SHA1 | 230c54384a1e2b111d99b684ae13b9c005d8b76a |
| SHA256 | be9acc44dce07c5af066febafa984dc07c034676e1132b0c93acd9b908c1ffe7 |
| SHA512 | d33fe9631b90b443831287e659ea443e54e64173ea783c28485e6146f33c120315c63cd8a6acbfea7886d199198f8f300f1a3a19b16d5133aee06f0e29c24028 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\27271
| MD5 | a907c14a789d10d3c8354445d7ee3791 |
| SHA1 | 3caeede1df984f0edfce89681f31b92bce3d2f12 |
| SHA256 | 07f307d4c24129b782c74e127e09b01670761a80e84a4e538001eb7f194b3fb6 |
| SHA512 | e64489f478a8d5b6766fe62a83d7155b4b6ed4dc63e1a10be26e86e1d4b15eb4caca62656bdb78cfc8bd65bf11373a3e3afa7e8f806570b5f7c2bea5b9ed9adf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\14893
| MD5 | f3f4eeaed9ca4bf2e315f68364986c52 |
| SHA1 | 80f18d6548ab1dad892e0e49125f9dbdb32fd454 |
| SHA256 | 7121233aac3ff676ca4f966a211537d0daa0bb0b30437dd53bcfa2088806890a |
| SHA512 | ce89c22f0f4f9c64a5b1f081d583bba37067086f883585500156ecd47fbfe3fe5ec34b3beff1417ddaa7d64408d24ed73ef37fb3b425afa21cae514a3934e64a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\720
| MD5 | 2f8c868c8f1d6b5eec97d7c85d596589 |
| SHA1 | ed0ef4d21a68008290f20c6db2731371226c43f7 |
| SHA256 | 4f920f16998c12b78e7d8797b76dc0c66fcf8d468de6d63b8363225a119df345 |
| SHA512 | 5151b0ba7a5d77b1e8d54bb343bff7644a3521fb2724c9b0ddf4bfedfc042187ee4b9cbca7170c3031b6c97a91d39302ab970c40125cc257669e6365168c1c98 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\23692
| MD5 | 93e3a97e96963c3b4d3f483719282a29 |
| SHA1 | 5633aa10964e694a47b048482215b1075fd2f500 |
| SHA256 | a031f362d7b4229058d75f94c8e6e6f6986a9ec948e80e5ba6edc2a6d200f4d5 |
| SHA512 | e96be6f11caf31e37ae58f92974f29d782503996e7bc26cdb69252da97277017ac9570f3efa3afa738fb9c2b0669d3ffd07252c787094cf9bee03755eaac2ae6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\13334
| MD5 | cb46e43545d551692a5d196e491238fd |
| SHA1 | ceffa0fb5bf569a4f52e03b3c4cf7a336d3d2ea0 |
| SHA256 | 6e08462f82f0ff9ba710841ba232d6fc0c28cdc9fcbdd68005e344165222692e |
| SHA512 | 2c79b7a44fcb00f32bdd3714030453b4e019e34dbf14e85dc52510219953a8d53fd2724065bc72fc93f54535680d863d81a4627eec641e3bcf81cd25409c3006 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\26508
| MD5 | 317fe07bf1b251fea3324dc6ec678a36 |
| SHA1 | e54862ca0fa8554e153b5ca233ce5f84d297988a |
| SHA256 | 8a5a47aded4a8e0779aa429a763331178242e0fc16907838ea5c03c3edeca896 |
| SHA512 | 63e216e42cfd53a4420b76d69e8bcfea2806f39693a47ec8ebe70c0a971784008959ef72fcaa2a7d6d521c1efca234e2e0421edbf414013920f97f03592f5397 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\26060
| MD5 | f5f704cf9e38446b3a601a56e9e930a7 |
| SHA1 | 503ca2a48cda8f03ac6f32b4b383a2d652dfd4c1 |
| SHA256 | 31acab1f0e896865fc7b493f62584a345778fabdef19df10964949f94df753af |
| SHA512 | 9e670c71fa03aeb91884ad375bee86bcc734ef6eb0d7ada73b2f98d664e426876363964b1d1535fe3cf263b74e93d50b2ece411dd6b999abd8b3b143b41d3320 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 966dde544a978cf58b86b893484fa857 |
| SHA1 | 89bef3b6f2b54fa8388ea6257bf788953b6ff322 |
| SHA256 | 09ec8e3a92c34c2f223c55f0211c64b320f05f12d75b3087fc2941f6b3a8161b |
| SHA512 | 453d7f8a06dfb3312a5c7743d979ef4ce951287009664c740e2190b32f981048ca25f19922b91dfde9bda780a16819ea2f6f73ad7472fffbc19ebaed1b3d35fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\53D0AFDE96279A270A658FD181CE631D7F0BECE0
| MD5 | 802abde43b15963486c58a70279156c7 |
| SHA1 | 1f398b53f21077ee2736f4338a3ce4761d7b9b24 |
| SHA256 | c900c104b14a10c5a21cc7f5c6b6a6700113179dc13d425809a557081dd96b80 |
| SHA512 | 881447167822f1b584a783cb3e136483a7903b8fcd5f6441b37f2c70aa24cb34e35704cc319b4d5e4edec28dd775fe4f8b8de697962c8b962e49129813624a5f |
C:\Users\Admin\Downloads\FileGrab.LHvciGoi.exe.part
| MD5 | 27f87ebebb071afec1891e00fd0700a4 |
| SHA1 | fbfc0a10ecf83da88df02356568bcac2399b3b9d |
| SHA256 | 11b8cdd387370de1d162516b82376ecf28d321dc8f46ebcce389dccc2a5a4cc9 |
| SHA512 | 5386cae4eef9b767082d1143962851727479295b75321e07927bf7ebd60c5e051aeb78d6fa306ed6ef1c1d0182a16f1132a23263aefe9ed5d9d446b70b43a25d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e362144d559abe2f431d8debf39e3bd1 |
| SHA1 | cb23667d491633a43dac47632dab03f79ea782ad |
| SHA256 | cca29ab2c17936c778fe58e0bd4ac24f6171e9e8ad546553aaf2a2c299954d46 |
| SHA512 | 20c482cb5fff8605139f1b6bac1956cbd94d2c13050640d747b10eb22ab4f706ab0e3f9934ef9484711161c6c43890e0f32206511e061f89d367670c095047d9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\jumpListCache\EdeAh8EjTXR3gH_ndbih7g==.ico
| MD5 | 24530283f34397a4de6889aea4f30c79 |
| SHA1 | d59cf231fd1273d0ff4c8cf71d3763e2900a2b1e |
| SHA256 | a6e9fa991a2544ab1711f7aacec40f94771ff1ae56a5879fc93f29ab4419742e |
| SHA512 | d05b50d98a3de5193b3b1c7febf45dd585b93c5c52f8d5095f53515dd2efe62f6fe14500bafd0fcaf13aa11dde1af853389108e524d05367aebde9120310adff |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\22449
| MD5 | 29d0fb34c8bafa3324f3de200e368a5e |
| SHA1 | d07f295866bef9363a9498cf000a7ac138a5aa45 |
| SHA256 | 438f907567421861983099f762c1c0bd014bc028a01c85f2a0292234a8ac7d27 |
| SHA512 | ae1482f180a3c8c859557b5d0a7e2a180ef71be5c47b59721f3be33628e6a447c3383c78361b0aaedb84e19903d8ce89aaf0199ae1a7bdc9788f12679eac9b1b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\9275
| MD5 | e47168dfc8473f74dbc4e4e3f12a0512 |
| SHA1 | 480072402a50209a352d118a3cf4be71a5719eba |
| SHA256 | 26a4d305e70e247ce2d14f6f47bfd360b3fab0d2a32bac3d63372df0f0005c40 |
| SHA512 | f690839f4a4ef8809c9d1729437084d1ff18283059e3a2fb98aaea14ac2a7c5be1e82133227e2094f890d9b95060d5d7698e76f8f91018548f685410f71bf4aa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\14471
| MD5 | 6e06eda2c754d8933ae344b781352546 |
| SHA1 | c716d970a66bce269fb6aa5b717f772bc46cc2aa |
| SHA256 | e28569ad7a72e1fb367404d1f9e92cdfab58126ced5d700c0db006aff69e9e38 |
| SHA512 | 8d2b8001e4e3674ca2c21cd71498eeef3d02e151aa24a81936603da0cd970f122b3b161b3388828104cffdb3a24fbf3b137d47a2905c026f63f130d2130f76ef |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\410
| MD5 | 9d327fa4f17784bdb3393e6afc675ed8 |
| SHA1 | 0c481bb0ccf58ebe9132f883d51c6c5afd684ba2 |
| SHA256 | 1920ec1dc8787f8da4656b54ea7c52c363cd72119bc494edbfea8584e6bcc026 |
| SHA512 | f9334a99c53300a6f3c9ad2bd496e37274a6005e9960b6bac0f70879cc06c6ca1801652d9bdcd8d4057eb3dd6ece031d8788ac6ee002abef409b992afa4598d8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\29913
| MD5 | 5517e3838c3def6469ae697bcd8a4b70 |
| SHA1 | 5c94088904a5e0c6860a836c98c757b0c8d8c1f6 |
| SHA256 | ed5de995f9efd50f7589b10801ee412a1b4d2e338a1d4bd63b6ef60f0903db1a |
| SHA512 | c77f938217f1e182afcb891eb8a80daea4515f53a37b9316ae2906b112c0a594b5cdade7e25562f3caad6dd82a4af69e3af84dd242b5cead2ba436cf7c2b8d76 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\18994
| MD5 | 211557c58968aea3f35a9d2b05516c20 |
| SHA1 | a54c541a4e12807e4c5baf5d3aa5cf7f4637e5fa |
| SHA256 | 93140ab0cb800fadb69eccbe836aade00542df8e522dd37c345ea64b824bd20a |
| SHA512 | e4ea6282ac93858acca95e856a9534d5ca6dc0b9f7b1ca7c2133665bcd41d33bdc7a40f61d815bb3e1de7095712625edc3b48d3d3ed6ba4267401d4d1155bd6d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\19903
| MD5 | 18807376ad6daf651ed8b769232c7f46 |
| SHA1 | 20b4efdd0d7c3cccc4e5de270edd3fa286657385 |
| SHA256 | 569821cf9f3e51620097b5ffdfd0dc7595d2389eeee84ace5e007418b44f4c2e |
| SHA512 | e690298b88e668180f83cb3f319a333277860fbdb70dac2defb767148f63d00c716a4f7892b1917357dc88051bc230e6f2d86e63ba1db135b3717e96bd2185b9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\7290
| MD5 | 286904b8082baa3daa836b2692a4eefe |
| SHA1 | 3adff4d4bceaf3a8fdf29f812a3c36ce0b179736 |
| SHA256 | 61c49f3f91b47c2c4fac89057801562f89494fead3b97daf45519df65bf16f7a |
| SHA512 | f3059a23bb360d48ffd11d0969662fd17da92a6ac59597d9b577233af321adcb5a49592cfd16f58005cfd0ff907d26a4eb63df2a0493e744b13eb0e21c413887 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\19324
| MD5 | b9b9f7895f5c70044e5d6055c5bfb94c |
| SHA1 | c43420fa9e9bde425129fa274f06999768818aa7 |
| SHA256 | 314584f1ae3f3ef09b7d284c7f906826240125f179fd54e00d96924254ed7447 |
| SHA512 | 7e99c1ea11fc1e54327dd242a38a4621678137f9c395de4f759466e457b1288c816e98d92e0689119fbef0cc4c04bcf25015cd1de10b6e88ecea567ee02bb921 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\5E71D78BFAA26DA769900D52DFE7D0B03066FCB7
| MD5 | ade521b7e73a88d6a61e5c126f05c455 |
| SHA1 | 71237c4e97f7692fd44a883f9ee70ba9d5e674e9 |
| SHA256 | 01d443116cc73d56cba67f2397d4b01e58ee546204e7ade300c2f7a42a738850 |
| SHA512 | d0289a8653962d5ea34e81ff5087abbd61d66c90369031d02a15ec6dfd32352a2cee3501c831c812d0054ae0374d15c5461bd4a615686225fa0a1ccb32b67cbd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\19235
| MD5 | 2e83018f9bfe00f08c5400632961f80e |
| SHA1 | e89f3c28bc9515efe1ad87ad349e1dc5fd076fef |
| SHA256 | 1f3a5a193a47f5ed42f424a58ed16c9f66b2134cccca9ebc034cffdabbe8eeb4 |
| SHA512 | 082483cc8c107441bc136ac6fe24e590d5eac90e10e58b4aa79861b6ca71b307e500b4c0901f8c07eeec2b9eee2a39dc9d3aa285131db61121c59d0f5ef50776 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\18899
| MD5 | 8035f9dfa172a3615ef551424dcf2c6b |
| SHA1 | 203a67b4858f5b1f81e0c5037a2859295fcb28be |
| SHA256 | 2ace89861addd90cae0026a0ff8677e4f5e412e72bf9456792c5ee8d828e3ddc |
| SHA512 | 2544361901f51e0a28b901653957e21fc82fc9df0c81a94510fbf73c584f3ad90157811b5aef128c483e16b0303ca84e6fd0369e77bd9e772ef4c5945c6a58e5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\22400
| MD5 | 836d075d67ad581aa9f5aac6c70d97ca |
| SHA1 | c3e22d2937c889a6165cd665481273ff9934ee81 |
| SHA256 | fa893a568e6bb0b079d334ccd6eee600c14e061aa6d610aab2161ea14de3cfed |
| SHA512 | 395394caa535342c8f046cd36b3caecf0b8a6ea9f7e822a229b49db5b5c8ae23677b43396f25c8f12a66ce95e06d72140c322be74a7a9f509bf8346252fc6c25 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\3828
| MD5 | 2e5cce64cf2f5a3f4f568e80f9cfd148 |
| SHA1 | de0894abc05f5f3b574995f24ea7175656e9387d |
| SHA256 | 3bce430a164403690e13f73bba260c7070b93714c66ec127d499b62e6bf4193d |
| SHA512 | 60f26eb222ba9436d4350c49512bc94bd92a1d6f7b738b086c640e508251fdcbd41cf56d4404c7b6a4e2585457b49f6a827fdddc57c8105e68fe8c27f9cb464e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\6757
| MD5 | 26a6e039c3a73343657bbfa24bd9e018 |
| SHA1 | d84d6549d631235851af32e89b4c338ca750e277 |
| SHA256 | c4abc5c6d0c870a17dd329cdd981ec849f7d21519c9114b172cf9e22df10f827 |
| SHA512 | e413a8fa8877201129a81312b8eddf980308faee98f1a2e2031423f72e8dcc14c50b2cb96b18f57c5b8151938c67a9ed47d44a1c6d3ece73a2e9b2d8625cf779 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\20268
| MD5 | bb164ae6fdc51ca0840620b0470d51fe |
| SHA1 | 3f4fee4c38a9ca3a9d5d7319d8088232c8763135 |
| SHA256 | 874ae38823e225a35fed310d1b7b92018152172cd7a7ca4d859800f57f6adf84 |
| SHA512 | e43895f772a83db89922a8b66256589405a85adb1b13146a67128176cb6d5f39f1b84c222c6443bc6ddd178214b7117a3bbcfcd97f0bb8ad2813f06b10f6b910 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\18709
| MD5 | 3da2cf0f753dfd619047ebee8a72fe52 |
| SHA1 | c0075e3f646f8dcb39d197ea8781759f5950ae9e |
| SHA256 | add9d66b36435babedda3e011ee9372908e09c1c9f7fe4754df8a7ef665a1f87 |
| SHA512 | c8eada6774908d317b4a8d77a3e7b7d391595f85806ef12af85c2452b86f976d2a4e557c6e69f9f329071ec972f7a0f569e2a936479c478853c727828a08a8ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2381
| MD5 | 96881025093a8c3bee66a48565284c97 |
| SHA1 | e3046592d95aa96e770f347163c252919624547f |
| SHA256 | 4b6dca5b6e6d4d700d809444de16c90142b2ef54283a98acc7a4bcade2c7e9f1 |
| SHA512 | 95ba7c6603edb6872c0225062d2da242e34ef37b83ee489d163ae909a7ff7516602c7ce0799c6617c431b955f33c7e48376c0401ee831767b52b9341b52698f3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2168
| MD5 | 1fa0478d23a80c99956cae59e31e8122 |
| SHA1 | c8cd4a28e0424ea46d0fefaf28fbd22b4cda6236 |
| SHA256 | 27aa87d4130ef2c4fb5f088fced3a289d1d0e5ba21cccbc080eff1047f54c0f0 |
| SHA512 | 678b16d9b8ab6959d39cfa5bc864f9a2230139a941772f732efd28500bc4eb8a8644f09bdc2b8fd6b11ae121163aae91be65af564976f0bd0fd0e429fd7b8621 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\11404
| MD5 | c45ff61a5a6e45454ece1045c2a711f4 |
| SHA1 | 0f3d5d00ba6629b8f49cc801d3196839d524617c |
| SHA256 | cc77399bc2086b4924dcbb7c9adb731adf3815d46a0fba3443566699c7f0265d |
| SHA512 | 09430382172428bb404cec554486a607819c318aa10f74f96ace34c4a4037cca1d5c85ec3d29af8d62184bbf780b3c8ece7b55bf8ec973ddb9dce388164dfa86 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | af0612b15e2a819861e8b2d10154e959 |
| SHA1 | 2a84a21b21babcbc70ec4c67dfddc11498c2880f |
| SHA256 | b5c74941fe9d72dacecc69589fd0c245cc307acb8172e94a53485f8cd8849a1d |
| SHA512 | 3426e4d9f61c44af17a7891261e7aafa5800c4c8b672f7e311b74da62014c73ac737b625c79a05e626a9f1973afa437a87bf22d0a1c377ad3e36fd7e2ce0620f |
memory/4420-3832-0x00000000738C0000-0x0000000073E70000-memory.dmp
memory/4420-3835-0x00000000738C0000-0x0000000073E70000-memory.dmp
memory/4420-3836-0x0000000002580000-0x0000000002590000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2952
| MD5 | 83809a473a19cd12dbe0ba9d472091dd |
| SHA1 | d2b0e352f796c1a221baf5a4fe8cc3a5f0fd03e8 |
| SHA256 | b8059b523b327f637497ef886cadef93fa546c5dc1bacc42a6b2877bfe8e9741 |
| SHA512 | 03f70a4220d0274691f073cbf1dcc2ce2f02889c93a7c73650a74daaae0fe7babb096898cf2e3cddb826850729a4b9fff388679699137835c460312c2df91a08 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2503
| MD5 | f698e0eaab3976f84d2781e8523a9651 |
| SHA1 | f54610dce7fc5546211ab2797bc9bdd66c19cb4a |
| SHA256 | 4fed19eb63e338c3c4239afcc462591c6381794176fea4b9c5f4fcc48c66f4a0 |
| SHA512 | dbbb4ba02a185ee23a078f4acdf308718717eab442264976f6066fcc6fe2a765e977ec1b4f26a3ec8c530e71b0a49bc9b564cb5b93ccd0f3c0166dc389a42f11 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\18607
| MD5 | 3804f48aa17d8d1e85e2ef5d7611ff7d |
| SHA1 | 1ea20e6ad87a867110eb0a8810812ddbf65a6104 |
| SHA256 | 500d22720478791367b4462765ab045bdaa385c453af6ea13143a7d8674bb30a |
| SHA512 | 4165200ae75ef3097ccbc9a6cdc3892f9a02f224d70722f0729f8b951ff8bcc491bb978b42553a3a41244904cf90fb29517985be0e7df3ea826a3fe0f0765061 |
memory/4420-3874-0x0000000002580000-0x0000000002590000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\storage\default\https+++sourceforge.net\ls\usage
| MD5 | 99a2a2332c4b837128cbcd0fd1724e77 |
| SHA1 | 0da4726486e799c3c40ec88c551f5da2be7c8279 |
| SHA256 | 4140055dac3aed8accc2b28d5e623076e0d25c912d92a64d4964b28da4101313 |
| SHA512 | f49572010e83967dcd0917b54cdff3dbc48602745a68b7692d390cb8479fcbf296ae7e53591ae03ee939b35c5f66e2c01e2c0ac9c10db71bdb7c4e57e8977381 |
memory/4420-3890-0x00000000738C0000-0x0000000073E70000-memory.dmp
memory/4420-3891-0x00000000738C0000-0x0000000073E70000-memory.dmp
memory/4420-3892-0x0000000002580000-0x0000000002590000-memory.dmp
memory/4420-3893-0x0000000002580000-0x0000000002590000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d0df378072da01fb9654f23666d99179 |
| SHA1 | d0a03b93b7568e9fba03a28acd4300f734a2893f |
| SHA256 | 239b165d944f5c804ac57ddad12c65b881420f6b644aa2cacc13ccfddc080bf4 |
| SHA512 | a2c6c3bb50b8200490cfe1be206be7f2998372c1b6fc8b09d6d58a1f71bcedd1fc7a669e99ef41e8e40b510c521dd4aeb01786aa1fbb6b7489b527cb7df80212 |
memory/4420-3913-0x00000000738C0000-0x0000000073E70000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionCheckpoints.json.tmp
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore.jsonlz4
| MD5 | 5b22bdba224355cd446c81e6cd84af98 |
| SHA1 | 913aa266e94e0a35fdb11755cbfa2abb65001765 |
| SHA256 | 0fc20cccff64cac5a90885f25419cb204485769fd3dd2efe2c458196ec269a1b |
| SHA512 | 7c1b0155f7e7ef90a169ef5d1135b4e78cc23acc42d1b917fe519ab6b62ba0a2b8f1af8b512ae8715b3b67f0cf95116264d7e8e74780d64507df043bdbeb1353 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\prefs-1.js
| MD5 | 9ee25519570bdad2b51efbe1d889c9dc |
| SHA1 | 8b6dd2d5c6bab9004a1225f5baf7719e171f5202 |
| SHA256 | a2b3aae80a5b285bef41c83170f32f5ea721d776609c316dfa6890abe3465628 |
| SHA512 | 07126480c1091a14dec3e2926d5691cb819ef1f92009dd097fc0e61b6ad0b645310c03a59976e5d1025a05509e20f214d4f08e090dce621a0be142d24bd45627 |
memory/1852-4030-0x00007FF688F50000-0x00007FF689C79000-memory.dmp
Analysis: behavioral10
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
311s
Max time network
1609s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:36
Platform
win10-20240221-en
Max time kernel
521s
Max time network
1587s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1044 wrote to memory of 1844 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1044 wrote to memory of 1844 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1044 wrote to memory of 1844 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 640
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:36
Platform
win10-20240221-en
Max time kernel
651s
Max time network
1591s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2924 wrote to memory of 1908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2924 wrote to memory of 1908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2924 wrote to memory of 1908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 616
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
312s
Max time network
1606s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4800 wrote to memory of 4584 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4800 wrote to memory of 4584 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4800 wrote to memory of 4584 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
308s
Max time network
1595s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
999s
Max time network
1595s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.178.17.96.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
313s
Max time network
1596s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 924 wrote to memory of 2608 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 924 wrote to memory of 2608 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 924 wrote to memory of 2608 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 620
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
312s
Max time network
1601s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3360 wrote to memory of 1664 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3360 wrote to memory of 1664 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3360 wrote to memory of 1664 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 636
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 153.191.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
1213s
Max time network
1588s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4140 wrote to memory of 4428 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4140 wrote to memory of 4428 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4140 wrote to memory of 4428 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-03-04 18:05
Reported
2024-03-04 18:37
Platform
win10-20240221-en
Max time kernel
308s
Max time network
1607s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 201.64.52.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.178.17.96.in-addr.arpa | udp |