Malware Analysis Report

2024-11-30 19:22

Sample ID 240304-wn6fjaaa72
Target potato-launcher.Setup.2.2.6.exe
SHA256 c5fd5691f4eec136f0bdbfbc3f84c0f70cb0b39d03ea4402eace25b90a699c82
Tags
agilenet discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c5fd5691f4eec136f0bdbfbc3f84c0f70cb0b39d03ea4402eace25b90a699c82

Threat Level: Likely malicious

The file potato-launcher.Setup.2.2.6.exe was found to be: Likely malicious.

Malicious Activity Summary

agilenet discovery

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Obfuscated with Agile.Net obfuscator

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in Windows directory

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

NTFS ADS

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-04 18:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

312s

Max time network

1600s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 181.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

469s

Max time network

1591s

Command Line

"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe
PID 4924 wrote to memory of 3932 N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe

"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe"

C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe

"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe" --type=gpu-process --field-trial-handle=1452,12232941864867033136,7730113696170313515,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1460 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe

"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,12232941864867033136,7730113696170313515,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1668 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe

"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe" --type=renderer --field-trial-handle=1452,12232941864867033136,7730113696170313515,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe

"C:\Users\Admin\AppData\Local\Temp\potato-launcher.exe" --type=gpu-process --field-trial-handle=1452,12232941864867033136,7730113696170313515,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2372 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.github.com udp
GB 142.250.180.10:80 fonts.googleapis.com tcp
DE 140.82.121.5:443 api.github.com tcp
GB 142.250.179.227:80 fonts.gstatic.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 181.178.17.96.in-addr.arpa udp

Files

memory/5076-8-0x00007FF9E6F00000-0x00007FF9E6F01000-memory.dmp

C:\Users\Admin\AppData\Roaming\potato-launcher\Network Persistent State~RFe58f596.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\potato-launcher\Network Persistent State

MD5 4bf4de22b9ec2623df888602ec206927
SHA1 cca259876d216ce68ea6501dc497859fd30df5fa
SHA256 c482b2f9541b0b4df0aa2762a40e0e207142ed3135ec6232a7ec32c7bc8afce6
SHA512 9f848c07a9375ffe53347a4a9efd85a1ec535a5aaecda750799e6d3f35c6ab6868859609468cc7f80d893d9118faae6cccbfaa8455a70e246f520ce7fd53a77e

Analysis: behavioral13

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

309s

Max time network

1606s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

314s

Max time network

1597s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Uninstall potato-launcher.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\Uninstall potato-launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Uninstall potato-launcher.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.6.0.0.0.0.0.0.0.e.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

MD5 ff2c08bb78a189ee17ca0ec6ae4e9c9e
SHA1 b6b33df1e39e77fef225c4216652ba1734236323
SHA256 1e90aaa075e22679d5ceab5392ca34ed02f8c0559d8b3b7e39092d798c5e7439
SHA512 5e1756bb6ec1417f95c7c7ba6dc3b07adc67b8468ef7ac7f7463dff3e4f2dd5fed3cbedbaf0497a920551b8e0d41775b0c423c751773d2c8e2bf7ea483a21a24

\Users\Admin\AppData\Local\Temp\nsh664C.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsh664C.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nsh664C.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

\Users\Admin\AppData\Local\Temp\nsh664C.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Analysis: behavioral23

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:36

Platform

win10-20240221-en

Max time kernel

315s

Max time network

1582s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4680 wrote to memory of 4548 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4680 wrote to memory of 4548 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4680 wrote to memory of 4548 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

1212s

Max time network

1589s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5060 wrote to memory of 3328 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5060 wrote to memory of 3328 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5060 wrote to memory of 3328 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 628

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.80.50.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

1799s

Max time network

1596s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = de292ac35e6eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000bce1ab6b8ee94c0a0edef60b81dc8109444db6f702b7486dbb45f22d913503a204921795b5f8b43990503d4f98e182175be2e34af1708bb7f166 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e19f9fd55e6eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 344fb0d55e6eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e5db1bc35e6eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f44837c75e6eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 30876228916eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = d03c8bc21c75da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "416340597" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4276 wrote to memory of 2228 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4276 wrote to memory of 2228 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4276 wrote to memory of 2228 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4276 wrote to memory of 2228 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4276 wrote to memory of 2228 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4276 wrote to memory of 2228 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4276 wrote to memory of 2228 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4276 wrote to memory of 2228 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.164:443 www.bing.com tcp
GB 92.123.128.164:443 www.bing.com tcp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp

Files

memory/5112-0-0x0000024F00320000-0x0000024F00330000-memory.dmp

memory/5112-16-0x0000024F00900000-0x0000024F00910000-memory.dmp

memory/5112-35-0x0000024F00BD0000-0x0000024F00BD2000-memory.dmp

memory/2228-56-0x0000017703AE0000-0x0000017703AE2000-memory.dmp

memory/2228-59-0x00000177043A0000-0x00000177043A2000-memory.dmp

memory/2228-61-0x00000177043C0000-0x00000177043C2000-memory.dmp

memory/2228-63-0x00000177043E0000-0x00000177043E2000-memory.dmp

memory/2228-65-0x00000177156D0000-0x00000177156D2000-memory.dmp

memory/2228-67-0x00000177156F0000-0x00000177156F2000-memory.dmp

memory/2228-69-0x00000177160A0000-0x00000177160A2000-memory.dmp

memory/2228-71-0x00000177160C0000-0x00000177160C2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZP3JQEV6\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/5112-90-0x0000024F06D60000-0x0000024F06D61000-memory.dmp

memory/5112-91-0x0000024F06D70000-0x0000024F06D71000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WFH0F0I5\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral8

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

313s

Max time network

1608s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 198.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:36

Platform

win10-20240221-en

Max time kernel

375s

Max time network

1608s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3452 wrote to memory of 4940 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3452 wrote to memory of 4940 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3452 wrote to memory of 4940 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 616

Network

Country Destination Domain Proto
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

310s

Max time network

1602s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

397s

Max time network

1614s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

315s

Max time network

1587s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4620 wrote to memory of 4760 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4620 wrote to memory of 4760 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4620 wrote to memory of 4760 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 620

Network

Country Destination Domain Proto
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

314s

Max time network

1608s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4448 wrote to memory of 1412 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4448 wrote to memory of 1412 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4448 wrote to memory of 1412 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 616

Network

Country Destination Domain Proto
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:36

Platform

win10-20240221-en

Max time kernel

316s

Max time network

1596s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 220 wrote to memory of 364 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 220 wrote to memory of 364 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 220 wrote to memory of 364 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 636

Network

Country Destination Domain Proto
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

1247s

Max time network

1606s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\de4dot.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1524 set thread context of 4984 N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe C:\Users\Admin\Downloads\ykacfmayoi.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "8" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Users\Admin\Downloads\FileGrab.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1531961169-1615826105-2188682873-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Users\Admin\Downloads\FileGrab.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\ykacfmayoi.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\dnSpy-net-win64.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\de4dot.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\FileGrab.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\FileGrab.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
N/A N/A C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5020 wrote to memory of 4092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 4092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 376 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5020 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.0.902446050\1255198404" -parentBuildID 20221007134813 -prefsHandle 1724 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {091dbbe6-867b-4a3d-a040-398110fe1953} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 1816 22e110e6f58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.1.216691906\1541837410" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b13f223-a32a-40dc-a198-cf677207eba1} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 2152 22e10ffc858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.2.1186576990\1275767965" -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 2892 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c45c63fc-30f6-4a88-af0f-208c5ae72750} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 2820 22e152de658 tab

C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe

"C:\Users\Admin\AppData\Local\Temp\potato-launcher.Setup.2.2.6.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.3.1655919174\1963909405" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e8bec9f-9c26-4d5a-a909-09ccbab08048} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 3460 22e16023858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.4.498438098\2004072813" -childID 3 -isForBrowser -prefsHandle 3840 -prefMapHandle 3852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52360a58-536e-4048-818e-100889540c2f} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 3516 22e1736d658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.5.732299100\1966135769" -childID 4 -isForBrowser -prefsHandle 4768 -prefMapHandle 4832 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {464775c8-9a0b-4505-b247-fec312afc867} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 4836 22e173df858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.6.1715769756\1076552588" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5060 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1acd2a60-ed22-4b7f-87d2-ff06cabf173c} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 5076 22e176dde58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.7.1477757766\118136183" -childID 6 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaa435ea-a140-41a3-b731-4401ab44a74f} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 5156 22e17fcb358 tab

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

"C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe"

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

"C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=gpu-process --field-trial-handle=1488,1580137055281438259,15850614484432545607,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1500 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

"C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,1580137055281438259,15850614484432545607,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1652 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

"C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe" --type=renderer --field-trial-handle=1488,1580137055281438259,15850614484432545607,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\potato-launcher\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.8.552412676\1889696638" -childID 7 -isForBrowser -prefsHandle 2628 -prefMapHandle 3224 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0e5ffc7-dd32-4cd0-8840-21088f6a1891} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 2632 22e18cb1958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.9.980040610\1410839059" -childID 8 -isForBrowser -prefsHandle 6040 -prefMapHandle 6036 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e19c44d8-3266-4315-8239-9a58158bc456} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6052 22e1b2a8b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.10.464148661\926493694" -childID 9 -isForBrowser -prefsHandle 5112 -prefMapHandle 5104 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1949beb1-2597-4f7d-8805-e8c75904a2fa} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 4952 22e1c59a258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.11.805179620\1617052593" -childID 10 -isForBrowser -prefsHandle 6420 -prefMapHandle 6424 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4e277ec-0af7-439f-ae11-40344f798b4e} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6412 22e1c59ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.12.717730959\238503580" -childID 11 -isForBrowser -prefsHandle 6532 -prefMapHandle 6540 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3e62a9b-36be-4170-b7c4-2de9491b99c3} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6548 22e1c879858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.13.1814813698\810075442" -childID 12 -isForBrowser -prefsHandle 6660 -prefMapHandle 6664 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba648ee7-c572-4e12-a33a-a53eb1b13a88} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6748 22e1c87a458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.14.12828556\1418551294" -childID 13 -isForBrowser -prefsHandle 10408 -prefMapHandle 10456 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fea9eb7a-9925-47ab-a76f-8db2dcf25a6b} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10420 22e1c6f1c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.15.1408023894\226739417" -childID 14 -isForBrowser -prefsHandle 10400 -prefMapHandle 10376 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fab9413-21c5-4905-8b39-df60fb67ece4} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10284 22e1c6f2e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.16.1568148804\609045761" -childID 15 -isForBrowser -prefsHandle 6164 -prefMapHandle 6284 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c71c2b7d-f8d0-4bfe-9f57-a90d0af691c4} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6316 22e1be30858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.17.44418159\407764456" -childID 16 -isForBrowser -prefsHandle 10468 -prefMapHandle 6228 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41d36287-b3d0-47f0-b42b-61087144e1d6} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6716 22e1ddde558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.18.1615189506\1946633056" -childID 17 -isForBrowser -prefsHandle 6676 -prefMapHandle 6652 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c76f7b8-0516-4f42-aeee-ae48309cfaa4} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6576 22e1dde0658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.19.1503704651\271167758" -childID 18 -isForBrowser -prefsHandle 10384 -prefMapHandle 10008 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {963e39f4-b37f-49da-b266-2bb553386d24} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10404 22e1d3a0058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.20.1327338082\271385749" -childID 19 -isForBrowser -prefsHandle 10304 -prefMapHandle 10372 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60c79f14-aa08-4f74-a0c5-952602901f49} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10328 22e1ca4d658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.21.66579853\1726286254" -childID 20 -isForBrowser -prefsHandle 10380 -prefMapHandle 6412 -prefsLen 27499 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {113641e5-cfad-4df1-959f-045b250b6c8d} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9620 22e1e2dcc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.22.1303438434\502520719" -childID 21 -isForBrowser -prefsHandle 4332 -prefMapHandle 1636 -prefsLen 27582 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50c975b4-efe7-4b67-97cc-0b724681ce1d} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 4864 22e1fab2f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.23.1217251386\1122646727" -childID 22 -isForBrowser -prefsHandle 9340 -prefMapHandle 9356 -prefsLen 27582 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {282d7608-120f-46d6-b2b5-f7effae9225a} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9336 22e1fab2058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.24.733113898\744806611" -parentBuildID 20221007134813 -prefsHandle 10492 -prefMapHandle 4864 -prefsLen 27582 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67f96a4a-6c58-4d33-ab4b-68285c0c71cf} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 5112 22e1e26e758 rdd

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.25.1410167178\1548051207" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10372 -prefMapHandle 10304 -prefsLen 27582 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf522b6-588c-40c2-9c09-54c7694cc6ce} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10492 22e2023bd58 utility

C:\Users\Admin\AppData\Local\Temp\Temp1_snapshot_2024-02-19_03-16.zip\release\x64\x64dbg.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_snapshot_2024-02-19_03-16.zip\release\x64\x64dbg.exe"

C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16\release\x64\x64dbg.exe"

C:\Users\Admin\Downloads\ykacfmayoi.exe

"C:\Users\Admin\Downloads\ykacfmayoi.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.26.797334712\1687275804" -childID 23 -isForBrowser -prefsHandle 6304 -prefMapHandle 10044 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {280b6f5b-d3aa-45a9-aab8-6c03143557e1} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9208 22e2021da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.27.504087261\1862344685" -childID 24 -isForBrowser -prefsHandle 9544 -prefMapHandle 9600 -prefsLen 27600 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40e514f0-f253-41d6-bb53-671e0adea7a6} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9532 22e1e3cde58 tab

C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe

"C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.28.2060290270\127262810" -childID 25 -isForBrowser -prefsHandle 9496 -prefMapHandle 9152 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0659ed59-2aa7-4b2a-9026-16ef7c061c51} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9168 22e20b40558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.29.1295004441\25740834" -childID 26 -isForBrowser -prefsHandle 8832 -prefMapHandle 8836 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0123d03e-0d57-4d46-9421-9f99cee15d46} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9896 22e216a8f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.30.125054096\197938918" -childID 27 -isForBrowser -prefsHandle 4208 -prefMapHandle 10416 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b63c730a-e1be-496e-9b8f-05e178e05b20} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 1636 22e79963558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.31.551921995\2046074197" -childID 28 -isForBrowser -prefsHandle 8972 -prefMapHandle 8976 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cba3f8c-a8c8-420f-99ca-3490721080da} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 8964 22e215ade58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.32.901892339\515692914" -childID 29 -isForBrowser -prefsHandle 9392 -prefMapHandle 10112 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a65bf0a9-bd74-4944-a610-7f32349e2f27} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 10016 22e19279258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.33.1311314018\1400615942" -childID 30 -isForBrowser -prefsHandle 9980 -prefMapHandle 8988 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87220832-14a9-4562-a14a-b9b846f17d4d} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 2680 22e21d75858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.34.499726465\1536392202" -childID 31 -isForBrowser -prefsHandle 8928 -prefMapHandle 6600 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ade20dce-4173-4643-acd9-65e40c39d4db} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9128 22e223c2e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.35.1991522776\351175528" -childID 32 -isForBrowser -prefsHandle 8884 -prefMapHandle 8932 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbc367c-591c-4788-a72e-35e977c224bb} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6196 22e2280b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.36.1228667097\156941634" -childID 33 -isForBrowser -prefsHandle 8896 -prefMapHandle 10044 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57204f13-2f90-44f5-b400-9bce24b16963} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 4308 22e2280be58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.37.1006171936\1961222164" -childID 34 -isForBrowser -prefsHandle 8628 -prefMapHandle 8632 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c6cd973-bc3e-4584-bb1e-a4ea82a23f91} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 8640 22e21e98158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.38.69926484\1751009316" -childID 35 -isForBrowser -prefsHandle 8680 -prefMapHandle 8664 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59b3557b-559f-4611-b37e-d7ca69f3f5c1} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6060 22e21939258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.39.1112120142\821907828" -childID 36 -isForBrowser -prefsHandle 9080 -prefMapHandle 9044 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7429d78-91e1-4958-b4f8-5273137832ea} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 9600 22e21939e58 tab

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\de4dot.rar"

C:\Users\Admin\Downloads\de4dot.exe

"C:\Users\Admin\Downloads\de4dot.exe" C:\Users\Admin\Downloads\ykacfmayoi.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 800

C:\Users\Admin\Downloads\de4dot.exe

"C:\Users\Admin\Downloads\de4dot.exe" C:\Users\Admin\Downloads\ykacfmayoi.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 780

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\de4dot.rar"

C:\Users\Admin\Downloads\de4dot\de4dot.exe

"C:\Users\Admin\Downloads\de4dot\de4dot.exe" C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe

C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe

"C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe"

C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe

"C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe"

C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe

"C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe"

C:\Users\Admin\Downloads\de4dot\de4dot-x64.exe

"C:\Users\Admin\Downloads\de4dot\de4dot-x64.exe" C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe

C:\Users\Admin\Downloads\de4dot\Test.Rename.exe

"C:\Users\Admin\Downloads\de4dot\Test.Rename.exe" C:\Users\Admin\Downloads\de4dot\ykacfmayoi.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.40.360273674\2146446163" -childID 37 -isForBrowser -prefsHandle 9528 -prefMapHandle 8876 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fc13957-b450-4b50-9087-877fadf418ac} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 5476 22e2237d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.41.1686557881\1101875345" -childID 38 -isForBrowser -prefsHandle 9972 -prefMapHandle 8628 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c1c5047-65fc-4e80-b3a3-762572f098f2} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 6776 22e226f6b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.42.568205044\1784096422" -childID 39 -isForBrowser -prefsHandle 8252 -prefMapHandle 8256 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b5c7d83-1607-4c5a-958b-02f55fdf1d40} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 8244 22e1c2b3d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5020.43.549542700\867581756" -childID 40 -isForBrowser -prefsHandle 6332 -prefMapHandle 8556 -prefsLen 27658 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31c3e1b0-e3ea-490f-a5f3-090da556c8b5} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" 8496 22e22eaa558 tab

C:\Users\Admin\Downloads\FileGrab.exe

"C:\Users\Admin\Downloads\FileGrab.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe

dw20.exe -x -s 1656

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 1652

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 54.218.225.239:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 239.225.218.54.in-addr.arpa udp
N/A 127.0.0.1:49769 tcp
N/A 127.0.0.1:49775 tcp
US 8.8.8.8:53 api.github.com udp
GB 142.250.180.10:80 fonts.googleapis.com tcp
DE 140.82.121.6:443 api.github.com tcp
GB 142.250.179.227:80 fonts.gstatic.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 51.178.66.33:443 gofile.io tcp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 store1.gofile.io udp
FR 45.112.123.227:443 store1.gofile.io tcp
US 8.8.8.8:53 store1.gofile.io udp
US 8.8.8.8:53 store1.gofile.io udp
US 8.8.8.8:53 227.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 sourceforge.net udp
US 8.8.8.8:53 sourceforge.net udp
US 104.18.37.111:443 sourceforge.net tcp
US 8.8.8.8:53 sourceforge.net udp
US 104.18.37.111:443 sourceforge.net udp
US 8.8.8.8:53 a.fsdn.com udp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net tcp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 111.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 209.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
GB 195.181.164.14:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 c.sf-syn.com udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 172.64.154.159:443 c.sf-syn.com tcp
US 8.8.8.8:53 c.sf-syn.com udp
US 172.64.154.159:443 c.sf-syn.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 76.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 14.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 159.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 ml314.com udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
GB 172.217.169.34:443 securepubads46.g.doubleclick.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
US 34.117.77.79:443 ml314.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 9.38.105.216.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 79.77.117.34.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 34.117.77.79:443 ml314.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 1066099395ff28dd7509d911324a4329.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 1066099395ff28dd7509d911324a4329.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
GB 216.58.204.65:443 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 loadus.exelator.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 ps.eyeota.net udp
NL 185.89.211.12:443 ib.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
IE 34.254.143.3:443 loadus.exelator.com tcp
US 8.8.8.8:53 load-euw1.exelator.com udp
DE 3.121.27.153:443 ps.eyeota.net tcp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 load-euw1.exelator.com udp
US 151.101.1.44:443 trc.taboola.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 753cd15c5ca82b27936002e6dbcfa8d2.safeframe.googlesyndication.com udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
GB 216.58.204.65:443 753cd15c5ca82b27936002e6dbcfa8d2.safeframe.googlesyndication.com tcp
GB 216.58.204.65:443 753cd15c5ca82b27936002e6dbcfa8d2.safeframe.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 12.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 3.143.254.34.in-addr.arpa udp
US 8.8.8.8:53 153.27.121.3.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 8.8.8.8:53 deac-fra.dl.sourceforge.net udp
US 8.8.8.8:53 105.111.68.204.in-addr.arpa udp
DE 37.203.33.33:443 deac-fra.dl.sourceforge.net tcp
US 8.8.8.8:53 deac-fra.dl.sourceforge.net udp
US 8.8.8.8:53 deac-fra.dl.sourceforge.net udp
US 8.8.8.8:53 33.33.203.37.in-addr.arpa udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 ml314.com udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 be74f7474b1674bee5cb49eb8f7a5858.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 be74f7474b1674bee5cb49eb8f7a5858.safeframe.googlesyndication.com tcp
GB 216.58.204.65:443 be74f7474b1674bee5cb49eb8f7a5858.safeframe.googlesyndication.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
IE 63.35.74.224:443 sync.crwdcntrl.net tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
DE 3.121.27.153:443 ps.eyeota.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 224.74.35.63.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.212.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednde.gvt1.com udp
DE 74.125.162.134:443 r1.sn-4g5ednde.gvt1.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 134.162.125.74.in-addr.arpa udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 172.64.154.159:443 c.sf-syn.com udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 ml314.com udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 020f15b59b52191349d6a5f2e5f1210c.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 020f15b59b52191349d6a5f2e5f1210c.safeframe.googlesyndication.com tcp
GB 216.58.204.65:443 020f15b59b52191349d6a5f2e5f1210c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
NL 185.89.211.12:443 ib.anycast.adnxs.com tcp
DE 3.121.27.153:443 ps.eyeota.net tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
GB 142.250.180.1:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 ml314.com udp
US 34.117.77.79:443 ml314.com udp
US 8.8.8.8:53 ml314.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 sourceforge.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 ps.eyeota.net udp
US 104.18.37.111:443 sourceforge.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 sourceforge.net udp
US 8.8.8.8:53 sourceforge.net udp
US 8.8.8.8:53 a.fsdn.com udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 b.sf-syn.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 b.sf-syn.com udp
US 104.18.33.97:443 b.sf-syn.com tcp
GB 89.187.167.3:443 cdn.consentmanager.net tcp
US 104.18.33.97:443 b.sf-syn.com tcp
US 8.8.8.8:53 www.loom.com udp
US 8.8.8.8:53 b.sf-syn.com udp
GB 18.172.88.103:443 www.loom.com tcp
US 8.8.8.8:53 www.loom.com udp
US 8.8.8.8:53 www.loom.com udp
GB 18.172.88.103:443 www.loom.com tcp
US 8.8.8.8:53 97.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 103.88.172.18.in-addr.arpa udp
US 104.18.33.97:443 b.sf-syn.com udp
GB 18.172.88.103:443 www.loom.com udp
US 8.8.8.8:53 cdn.loom.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
GB 13.224.81.18:443 cdn.loom.com tcp
GB 13.224.81.18:443 cdn.loom.com tcp
GB 13.224.81.18:443 cdn.loom.com tcp
US 8.8.8.8:53 cdn.loom.com udp
GB 13.224.81.18:443 cdn.loom.com tcp
GB 13.224.81.18:443 cdn.loom.com tcp
GB 13.224.81.18:443 cdn.loom.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.loom.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
GB 13.224.81.18:443 cdn.loom.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 18.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 o398470.ingest.sentry.io udp
US 34.120.195.249:443 o398470.ingest.sentry.io tcp
US 8.8.8.8:53 o398470.ingest.sentry.io udp
US 8.8.8.8:53 o398470.ingest.sentry.io udp
US 34.120.195.249:443 o398470.ingest.sentry.io udp
GB 18.172.88.103:443 www.loom.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 34.117.77.79:443 ml314.com udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 evs.sgmt.loom.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 trc.taboola.com udp
GB 18.165.160.111:443 evs.sgmt.loom.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
IE 34.254.143.3:443 load-euw1.exelator.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
DE 3.122.214.165:443 ps.eyeota.net tcp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 151.101.1.44:443 dualstack.tls13.taboola.map.fastly.net tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 evs.sgmt.loom.com udp
US 8.8.8.8:53 cdn.segment.com udp
FR 99.86.90.76:443 cdn.segment.com tcp
US 8.8.8.8:53 d296je7bbdd650.cloudfront.net udp
US 8.8.8.8:53 s.adroll.com udp
US 8.8.8.8:53 d296je7bbdd650.cloudfront.net udp
US 8.8.8.8:53 111.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 53.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 165.214.122.3.in-addr.arpa udp
US 8.8.8.8:53 d1qug1xf2dk5z6.cloudfront.net udp
US 8.8.8.8:53 d1qug1xf2dk5z6.cloudfront.net udp
GB 54.230.10.13:443 d1qug1xf2dk5z6.cloudfront.net tcp
GB 54.230.10.13:443 d1qug1xf2dk5z6.cloudfront.net tcp
FR 99.86.90.76:443 cdn.segment.com tcp
FR 99.86.90.76:443 cdn.segment.com tcp
GB 54.230.10.13:443 d1qug1xf2dk5z6.cloudfront.net tcp
US 8.8.8.8:53 d.adroll.com udp
IE 54.247.123.165:443 d.adroll.com tcp
US 8.8.8.8:53 adserver-vpc-alb-0-1578609942.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 adserver-vpc-alb-0-1578609942.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 cdn.sprig.com udp
US 8.8.8.8:53 cdn.sprig.com udp
GB 18.165.160.11:443 cdn.sprig.com tcp
US 8.8.8.8:53 cdn.sprig.com udp
US 8.8.8.8:53 api.sprig.com udp
US 8.8.8.8:53 api.sgmt.loom.com udp
US 54.235.101.7:443 api.sprig.com tcp
US 8.8.8.8:53 api.sprig.com udp
US 54.235.101.7:443 api.sprig.com tcp
US 54.69.21.216:443 api.sgmt.loom.com tcp
US 54.69.21.216:443 api.sgmt.loom.com tcp
US 8.8.8.8:53 api.sprig.com udp
US 8.8.8.8:53 api.sgmt.loom.com udp
US 8.8.8.8:53 76.90.86.99.in-addr.arpa udp
US 8.8.8.8:53 13.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 165.123.247.54.in-addr.arpa udp
US 8.8.8.8:53 11.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.sgmt.loom.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 7.101.235.54.in-addr.arpa udp
US 8.8.8.8:53 216.21.69.54.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
BE 66.102.1.154:443 stats.g.doubleclick.net tcp
BE 66.102.1.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 luna.loom.com udp
US 54.69.21.216:443 api.sgmt.loom.com tcp
GB 13.224.81.26:443 luna.loom.com tcp
US 8.8.8.8:53 luna.loom.com udp
US 8.8.8.8:53 luna.loom.com udp
GB 13.224.81.26:443 luna.loom.com udp
GB 13.224.81.26:443 luna.loom.com udp
US 8.8.8.8:53 154.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 26.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 api.sgmt.loom.com udp
US 8.8.8.8:53 api.sgmt.loom.com udp
US 8.8.8.8:53 api.sgmt.loom.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.178.14:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.178.14:443 consent.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.14:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
GB 216.58.213.14:443 plus.l.google.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.239.216.242:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 242.216.239.44.in-addr.arpa udp
US 8.8.8.8:53 www.loom.com udp
US 8.8.8.8:53 www.loom.com udp
GB 18.172.88.103:443 www.loom.com tcp
US 8.8.8.8:53 www.loom.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.178.3:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.178.3:443 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
GB 142.250.179.246:443 i.ytimg.com udp
GB 216.58.213.14:443 plus.l.google.com udp
US 8.8.8.8:53 adservice.google.co.uk udp
GB 142.250.187.194:443 adservice.google.co.uk tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.230:443 static.doubleclick.net udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 workupload.com udp
DE 144.76.176.119:443 workupload.com tcp
US 8.8.8.8:53 workupload.com udp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
US 8.8.8.8:53 t.workupload.com udp
DE 213.239.194.3:443 t.workupload.com tcp
US 8.8.8.8:53 t.workupload.com udp
US 8.8.8.8:53 t.workupload.com udp
US 8.8.8.8:53 119.176.76.144.in-addr.arpa udp
US 8.8.8.8:53 3.194.239.213.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 172.217.169.34:443 securepubads46.g.doubleclick.net tcp
GB 172.217.169.34:443 securepubads46.g.doubleclick.net udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 22497d28d2d8a4cd564bd3f05282bca3.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 22497d28d2d8a4cd564bd3f05282bca3.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 pagead-googlehosted.l.google.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
GB 142.250.180.1:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 e6115.g.akamaiedge.net udp
US 13.107.246.64:443 adsdk.microsoft.com tcp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 e6115.g.akamaiedge.net udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
GB 92.123.128.168:443 www.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 92.123.128.168:443 www.bing.com tcp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
NL 185.89.210.82:443 ams3-ib.adnxs.com tcp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
GB 92.123.128.168:443 www.bing.com udp
GB 96.16.108.246:443 e6115.g.akamaiedge.net tcp
US 8.8.8.8:53 168.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 246.108.16.96.in-addr.arpa udp
DE 144.76.176.119:443 workupload.com tcp
US 8.8.8.8:53 t.workupload.com udp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 144.76.176.119:443 workupload.com tcp
DE 213.239.194.3:443 t.workupload.com tcp
DE 213.239.194.3:443 t.workupload.com tcp
US 8.8.8.8:53 0adac7b895b176358b2cb393030d0744.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 0adac7b895b176358b2cb393030d0744.safeframe.googlesyndication.com tcp
GB 216.58.204.65:443 0adac7b895b176358b2cb393030d0744.safeframe.googlesyndication.com udp
US 8.8.8.8:53 f62.workupload.com udp
DE 195.201.166.168:443 f62.workupload.com tcp
US 8.8.8.8:53 f62.workupload.com udp
US 8.8.8.8:53 f62.workupload.com udp
US 8.8.8.8:53 168.166.201.195.in-addr.arpa udp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
NL 5.206.227.87:8888 tcp
US 8.8.8.8:53 87.227.206.5.in-addr.arpa udp
NL 5.206.227.87:8888 tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.3:443 id.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
GB 216.58.213.14:443 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 185.199.109.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 sourceforge.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 sourceforge.net udp
US 104.18.37.111:443 sourceforge.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 sourceforge.net udp
US 8.8.8.8:53 a.fsdn.com udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 a.fsdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 c.sf-syn.com udp
GB 195.181.164.18:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 c.sf-syn.com udp
US 8.8.8.8:53 c.sf-syn.com udp
US 8.8.8.8:53 18.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 btloader.com udp
GB 172.217.169.34:443 securepubads46.g.doubleclick.net udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 btloader.com udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 34.117.77.79:443 ml314.com udp
US 8.8.8.8:53 b068f8c8aef908d75644c88ef243c8b5.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 b068f8c8aef908d75644c88ef243c8b5.safeframe.googlesyndication.com tcp
GB 216.58.204.65:443 b068f8c8aef908d75644c88ef243c8b5.safeframe.googlesyndication.com udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 ps.eyeota.net udp
US 151.101.1.44:443 dualstack.tls13.taboola.map.fastly.net tcp
IE 108.128.158.24:443 sync.crwdcntrl.net tcp
DE 52.57.150.20:443 ps.eyeota.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 20.150.57.52.in-addr.arpa udp
US 172.64.154.159:443 c.sf-syn.com udp
US 8.8.8.8:53 18303fe4086cb168c322bc79bfeda575.safeframe.googlesyndication.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
GB 216.58.204.65:443 18303fe4086cb168c322bc79bfeda575.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
GB 216.58.204.65:443 18303fe4086cb168c322bc79bfeda575.safeframe.googlesyndication.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
IE 108.128.158.24:443 sync.crwdcntrl.net tcp
US 35.244.174.68:443 idsync.rlcdn.com udp
DE 52.57.150.20:443 ps.eyeota.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
GB 216.58.204.65:443 18303fe4086cb168c322bc79bfeda575.safeframe.googlesyndication.com udp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 8.8.8.8:53 deac-ams.dl.sourceforge.net udp
NL 185.34.27.55:443 deac-ams.dl.sourceforge.net tcp
US 8.8.8.8:53 deac-ams.dl.sourceforge.net udp
US 8.8.8.8:53 deac-ams.dl.sourceforge.net udp
US 8.8.8.8:53 55.27.34.185.in-addr.arpa udp
US 8.8.8.8:53 ps.eyeota.net udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
GB 195.181.164.18:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 4bbd7b764cc41e28a19cee890ac7fd2f.safeframe.googlesyndication.com udp
GB 216.58.204.65:443 4bbd7b764cc41e28a19cee890ac7fd2f.safeframe.googlesyndication.com tcp
GB 216.58.204.65:443 4bbd7b764cc41e28a19cee890ac7fd2f.safeframe.googlesyndication.com udp
US 151.101.1.44:443 dualstack.tls13.taboola.map.fastly.net tcp
DE 52.57.150.20:443 ps.eyeota.net tcp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
US 104.18.40.209:443 a.fsdn.com.cdn.cloudflare.net udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
GB 89.187.167.6:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 8.8.8.8:53 1376624012.rsc.cdn77.org udp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 8.8.8.8:53 6.167.187.89.in-addr.arpa udp
IE 34.254.143.3:443 load-euw1.exelator.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 trc.taboola.com udp
DE 52.57.150.20:443 ps.eyeota.net tcp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 c26ad11a5073aff9dac396cace6232c7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
GB 216.58.204.65:443 c26ad11a5073aff9dac396cace6232c7.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
GB 216.58.204.65:443 c26ad11a5073aff9dac396cace6232c7.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 cdn-content.ampproject.org udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\datareporting\glean\db\data.safe.bin

MD5 6eb27d9581849804b7a3d7aeb088a5bb
SHA1 22d3816763bf0e480282629ddd79a7951cf19afd
SHA256 08fb1fc3dfaf16bba8d420deed376c656cd7c5b824a6711cde0ef5a88af51f59
SHA512 a31e8e74d706589231c77b5d1cf8d72587bd1631ea139b1620dd8c9f03a984873072b3ac97a3797d8f846d09359ddcda9b97f19881ff6719a4ced98b70f1a0ea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\datareporting\glean\pending_pings\7a963a6f-a07a-4936-86e5-3b5b000f7fdb

MD5 56c99eed0f25ad6827a8e5beda1c8878
SHA1 ba2ced5b119e08f833d51da22bc99f207da49197
SHA256 7d24b07f8d082d8665cb795c15604a1a3382dc6d36574151f74ac865bdb60f0a
SHA512 272aa2d64a26af2e4b3f392a299ea4f32fc5a61baff518d6f386856cb0038c81fec159e048f9401204fb548a222e8129f899273f49fa28a1fd4383a5ca9f73c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\datareporting\glean\pending_pings\e8abd4ca-eac3-4777-bf7b-2baa2145e8a3

MD5 fd0c83773210db269418312ebac7b601
SHA1 f65a7e7ac83ffe86ae3ea82e3cbd31b5a297fea1
SHA256 b1da165557d40ed684011e491081aad0cdaf0c0ff110e00b4a16ee973e002320
SHA512 12f275cba7dcc91ecc34fb7c94f0d198bbae68b54a89966ebd68c150dbd21bdfbeefdceb6c98b1fb6d48df09ca04e353b7ced7235411f778c1f72461f82513cf

\Users\Admin\AppData\Local\Temp\nsrA346.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsrA346.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsrA346.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

\Users\Admin\AppData\Local\Temp\nsrA346.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

\Users\Admin\AppData\Local\Temp\nsrA346.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\prefs-1.js

MD5 1480523b630b5d30e72e9d22d335d959
SHA1 925ccc1f3142d547b58961e863ecb31be58b283f
SHA256 4af10146bb47500b732fa5dfb175eb90b361cbfbf53d065b1ffb457963098123
SHA512 0e1d9f606935f3a1c833382fbf03ae7f6407ea6514550db2e97521d73371a918b2c51312845a967848a3880d4d4c655229927bd93365bbb2a5535155aacbde95

\Users\Admin\AppData\Local\Temp\nsrA346.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

MD5 38aeb551100559a4c77dbca29b74f648
SHA1 e62a87541f79f569f327260a09948d8fd8a8ccb3
SHA256 b6d0e4c82986531ffb1a809b12fcc567f0ec65e1f6949c08e20e2cb4596adb69
SHA512 50ce1341e5b10c425a88e18cfbbaebd31d0e12f496599f93ea43a712aa9487a1b9d3e82038f2cfc3f03516d3e8144a412068cf8317632d0db9a7028cc1cec854

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

MD5 235744205ac61903f0a7fd84ad4a8fee
SHA1 63cb6c68eda4f291c80571e88ecbee8c28fcab45
SHA256 ada3494995585ae82ee2641d97e919a09bdf1e37ed3addbd6d66d52891ba42d2
SHA512 532c8534b9c46f4e9d2981bbcb04bfa499b393abbb538efee343a1edde68b48aa07ff896bc076ccd594f2aa0f842864f5e27435855d37f73a19d487f246432b4

\Users\Admin\AppData\Local\Programs\potato-launcher\ffmpeg.dll

MD5 07beb1a2ce49b436d04b5c8f46719ed9
SHA1 69ee074834d2185b433cc27d3110a9ea3e4f3e21
SHA256 16ffe9225175bd9064756d3a004431617a2a422c40aa2aee7b9ea1dce7f73f93
SHA512 a6ab53585a67f52b04b5e487e8fc3e6c0a6530a0f1881b215b35672c350a6b8eae2c605d13b489cd740f2d32b81eb1d081081c7956faf1351264d7ac504aa898

C:\Users\Admin\AppData\Local\Programs\potato-launcher\v8_context_snapshot.bin

MD5 7b6ade66348357808456d7996e1af0f0
SHA1 013237c38350d7aed4eda2b8c0b5bbfaf59875a5
SHA256 6afa7482544150b1dccc82d13c5caceebadbb31cccc76dc8908966c86fc6e3dd
SHA512 fe4efbe9ffaac8fde0aec6095f787dcfd3e9a4a0a04956e652b55cd1af46e166b5bb6fbec9f386ac96e50095d0924ba3f80946191f99a3446225a0073d780f29

C:\Users\Admin\AppData\Local\Programs\potato-launcher\icudtl.dat

MD5 320bff408819a935df74cd0c6ba9507a
SHA1 ab3766023fa82078145139cf5338523ddb4bf529
SHA256 578e2a2f1499a2b97c33a1f885cabda036a71e4b725a7d7cd030ef542fc3644a
SHA512 8aa0b699c90d97a997a0a5782fce6db8dbc07d8f241dbb73a19f28b323f03d9a6dcdcb5aeea70856bf924dc1769b57e18f780365c67eac9bcb6860218ea1540e

C:\Users\Admin\AppData\Local\Programs\potato-launcher\resources\app.asar

MD5 5e8e1ad188d656f0dc5af25141641a5f
SHA1 0c59067f10251ac7b2c678190f8fc863643d4390
SHA256 95676c5afe520ac8de766044d6fa03e244af3a171658ef9d2c9c8e8cb5ea7d0a
SHA512 0825a6214d306905e75eaa4327b2df13c6e3b03022468187af90a18cb69660a710e7fdd201016eb514357aa7a82bf6beee6571566f64104cb78586e655613ff0

C:\Users\Admin\AppData\Local\Programs\potato-launcher\resources.pak

MD5 2d3b06c8b1fed663ed4e54adf72fee29
SHA1 15d30554dcb24d1535a9abf7e7ff09281fac96a2
SHA256 739493e9eb010738e3c7b2020af5cb0400092a708784f2faf868c2facf2f730f
SHA512 a1d5a16bcbd7c5b7118123eda996d763253017a9c04d0522daa9354a23735f2dbd815e7fb5fc6298ec4650689d083898f0eda0bbb9295cef357cce26c933a571

C:\Users\Admin\AppData\Local\Programs\potato-launcher\locales\en-US.pak

MD5 6bbeeb72daebc3b0cbd9c39e820c87a9
SHA1 bd9ebec2d3fc03a2b27f128cf2660b33a3344f43
SHA256 ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b
SHA512 66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

C:\Users\Admin\AppData\Local\Programs\potato-launcher\chrome_200_percent.pak

MD5 1985b8fc603db4d83df72cfaeeac7c50
SHA1 5b02363de1c193827062bfa628261b1ec16bd8cf
SHA256 7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b
SHA512 27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

C:\Users\Admin\AppData\Local\Programs\potato-launcher\chrome_100_percent.pak

MD5 a59ea69d64bf4f748401dc5a46a65854
SHA1 111c4cc792991faf947a33386a5862e3205b0cff
SHA256 f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9
SHA512 12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

memory/4072-303-0x00007FFEC4000000-0x00007FFEC4001000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

MD5 8b2fd654f34497e0299bdb5e5e592e74
SHA1 fcc174288e964cb23c24eeb077da5fae73455a50
SHA256 214501812e3f92f04ba7cc4fcc2ecd969689d6185f58621b74a4d3252f494b1b
SHA512 a45f9c1c0c00f919cc7e1bbd081a3145683301569fd7ff46faa5fda355c682247eea562820753d6ed4181f169657b39f9634f5d0ac754f188614c3186d2594dc

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

MD5 e4d4e9c9a11de75c845dd41f2ca4f3cd
SHA1 98a1874a1537a827e6b604415eea1a16725d7fec
SHA256 0fa70b0efac29526caf424e7b64c211e313921d9c529375f0eeafd008cf59104
SHA512 335fd4c3ad229a78cee34e84fc426c468ca0e0f56a0dcee31f34b6efbfb37926f80adb546e256f39fb970d6442b6cb644bbd1abd72adced5340220cac62a9fe2

\Users\Admin\AppData\Local\Programs\potato-launcher\ffmpeg.dll

MD5 cb2b7209387691bf4a10cce9f8a1542b
SHA1 55db922720aeeb6006e4a64d1f2196f3a6e5847b
SHA256 f1ea9857a6a8d2ecfef57148f118a6dd3dc0311a1de362456e6d42fc3c8afa0e
SHA512 8c7b9c1637ea5e08f4b9d914921638c0d20aa8621e0e588822f9499c01c697a2e81ad170f1d1c2029d5810e76ed6710b8ab3f976bcdcd698dffa1fa175d2f3f6

\Users\Admin\AppData\Local\Programs\potato-launcher\ffmpeg.dll

MD5 663b4bde38c12716bdeca5e59fb37655
SHA1 505ec04282fb2e6886cedc656fd173c38e80a7d1
SHA256 e3dab76169476d16c3a6f3b1082457e568dc2be1b1c2c83d29f7064860cdf382
SHA512 f08fe1ba4a5de0eafd424c8452249ac4d402ce878704f3392ee6809934365fcd5131d7e1c061245ec7a661ed8d361dfeeb106352d5d33322bfc00b188900d78b

\Users\Admin\AppData\Local\Programs\potato-launcher\libEGL.dll

MD5 58b262243d3fc20bd2be53dc5a916704
SHA1 e5d327d0ae3dd8c6d8703d1a948ca149af05a804
SHA256 3c7bb3af62b10503e4b7365b36f417940cf905062f67b44f6a720ecbb8fa1cd6
SHA512 1d100b64003f4899b88588c0542ba1a11838755aa39aeda8590e3f54f4a107fc394ccb076a3f51f9366cc8df02452c1437304efd1ef97cb1b673cb096e7457e9

\Users\Admin\AppData\Local\Programs\potato-launcher\libGLESv2.dll

MD5 8af6cfb7e749353c87ddffe42321418a
SHA1 e1627bc7da4f596cf9de2f91b2be2a31cfd2c204
SHA256 c49c15228a2aba5fcad32943a09168ad0872d87b66413d669bc0ca9d95a69c65
SHA512 141dec1196f41df2bd9238114715c4f1761c945c5958c51c629bd0fcc6bdc70fe407a06d852d16d5c838211827e813f21aa2c4028eeabd46ef27ec4738d9bada

C:\Users\Admin\AppData\Local\Programs\potato-launcher\libglesv2.dll

MD5 7ddabfe40991fe82bf14f9d12f5caf61
SHA1 988d368e33fd806c953174f186b76dddd8d09979
SHA256 6ba7e4915cf9cdcafbb9775ddba89b3dc8e08ea4dd9a564e2e1d409ab6587741
SHA512 37fe876cec9771d579812df413ffac0b6e60ac374f36da719e371115b623fcc2b2678eb73f7741cb60d8303b009287323168183826687e0e9cf2f28ead529f73

\Users\Admin\AppData\Local\Programs\potato-launcher\d3dcompiler_47.dll

MD5 ce37826b135e8ffac65adbe08fe90b03
SHA1 d2fdf0e4a67986c7adfac0387641c6e6e872b227
SHA256 f0c073064d42b6b8b1be8ab4fbe740649cd696150371b8ba0d0f28cdf44ab602
SHA512 91e83dd73809f6b7ddc7dec2577232c1c683acf0d31152ffbb607941429cabef8580b40707ffa02c721d36b5ef8654d6b8c7af8ab687ddc5608b69be8c438468

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

MD5 d39ca92adba0a620839ce632be8ff8f6
SHA1 bba488fe34db795b7e21988692ff71e0a58ef606
SHA256 af81f7f4f31cf09ff533be0347185aa9bd2ab1dbec07366ab10dc63c1e1240b5
SHA512 979d511dfca6fa273b776d6d2489c70776ee34326e3079823e9656eb5d9d485ec4bb95b23e5ea79e8451bd2c047bb33f0c35f1644165ddf624264ee9439b4987

\Users\Admin\AppData\Local\Programs\potato-launcher\ffmpeg.dll

MD5 c5b34d19b228e9d2e8e6e5ba98bab418
SHA1 623f4dab054214efec2a536ae398b0656007f1fb
SHA256 b1e189a42e7f6a39304ff55ccc2d8b10a0442993e96f354a6d2fc4b691872593
SHA512 2b635c8baa377b06cdcbaac111f1a7c0730228b7580bcf402dcdd64d03946a2d4da26a4f6976ab12ee5d0ccd8b0ff19ed811b48a5d464467f638029c8bfa0ae2

C:\Users\Admin\AppData\Local\Programs\potato-launcher\potato-launcher.exe

MD5 4bb7e7771e96155d180adc5f09b4efa6
SHA1 7f0ed0b8718d5e40a051124a262ade22fb90fbb0
SHA256 be4ba03e0eb188de60ed16ffe831c6d89b6680f86f3e25561f4cdd6ae98cc704
SHA512 7a9ec330c78fd38c78647a7b2e528c011580018d6cf50d45348ba8bbbc4cc1646606830881472c59a2464ff4c6228376bd661000f8f508eb94efda6b1e67d64b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d703c01a380ae154b3b6c1ebbb6763ba
SHA1 52b85a19007333f092cdbdaaa61301b92f9a529e
SHA256 a597448f3c507ad0ae58822f13f8c9cc8dbfbe7b760d048bb607bcb4d4c0144a
SHA512 eba9481ca50045761b02afc24c97ab16ff935270c3056ee1f0339ffc26b1b728c307dd84c025bc3cad823ccb8a98e70312013bacbc767d7c936b6c742a497fba

memory/4072-412-0x000002751CE70000-0x000002751CF11000-memory.dmp

C:\Users\Admin\AppData\Roaming\potato-launcher\Network Persistent State

MD5 4bf4de22b9ec2623df888602ec206927
SHA1 cca259876d216ce68ea6501dc497859fd30df5fa
SHA256 c482b2f9541b0b4df0aa2762a40e0e207142ed3135ec6232a7ec32c7bc8afce6
SHA512 9f848c07a9375ffe53347a4a9efd85a1ec535a5aaecda750799e6d3f35c6ab6868859609468cc7f80d893d9118faae6cccbfaa8455a70e246f520ce7fd53a77e

C:\Users\Admin\AppData\Roaming\potato-launcher\Network Persistent State~RFe57f5e9.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\prefs-1.js

MD5 09bd6c927d2b0a4606f8ef2a2fca318d
SHA1 3779eb7872e756afc01bf8dbdb12e30bc6cff28f
SHA256 c3f559a7e85656557244225165f217eea564d89be8e0b8bbaea7fc21739dddb8
SHA512 c565168e97d72654701fd2bb151bb5b0eac7cf80c614e531a288179e21437cab2ecca59df8b8106dcb4deb512d08d79fb9cc6977d71c599e8fc229ac57f1827f

C:\Users\Admin\Downloads\ykacfmayoi.exe

MD5 03213db7b881ecaecb014551dbcd2c51
SHA1 e38087644d35f2c1548621d8567e4c55f48f8c30
SHA256 0665b362184ef921b44c4499252fe29c1addc0a69db1d01a374b22ac0e32059c
SHA512 39fc4c742deadc0365eb159a565d09eefe1e86e0f63728a3f4f498ff3a335afea1f59d90427480f48e3d893b1331628f2faa8ea8a53ea296a0b681d7dc29c456

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 882b77852ba791a6fbffd422372b3ab1
SHA1 4a51927ae7fb4dd059ecaafc68ab4dc93f0ba198
SHA256 58601279e23e1cc4839520d5a84f9305a270dd0b33b4a652bde56af381fabdbd
SHA512 c4b01acf9f584b0a8bd7f4496452ba10fb5efc21d66a6dfef07de33eb7ef4aa739f547d90836eb92e8030bcd6f2154ae7ef5ad6d18f7d8ec47d91ed3babff1dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 abb7593d9a4674c3f448af0a0c778fa9
SHA1 cd5e78df03a7150cd099264d8f445bc3730ea698
SHA256 55526546af9022aaf5a682084edb0961c4f40a11adf6f4cab7984a874dadcdee
SHA512 62c8268b2c61e5656034052cf708f55146be45142f33e90c59d527b443d7e12dd19e6764f819287e45c16c0e21c09ef503ef0e381337cc1ef150874d114ec770

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 775d4c506a7ae0d6be3b1c43c798192d
SHA1 cb2b4be42a140953cb74cd80299c56acf09d8596
SHA256 88ff14a15d26d23b468609d80223a392660d6afac8e2a7cabc1d84d6b61d4670
SHA512 0ea8616540bdf1a5527a222d9dd7174f1fbd459cfdfe40a162e3fe95d06f419ccbf02339d06b16b78ce5d4e363ed5a709062cdb7399b224e6577c0cde527f218

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\25202

MD5 23912c3186218aed6a9e8232ec81fc3e
SHA1 626a93a70b99ef6103605e59fedae17e78b0a63b
SHA256 6136d8d2328befc445d5c47394e2f2bd2baadd74f6a98be3353b6a2e195d53bd
SHA512 6e53457b90fde675cc180ef7ddde96a67a4c67f491d559cbfbd997322f01bf24b3f08900f5ffc80e64dae219ae9135aecf0594bc9fd171f76159e6f8dd7d1818

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 73eea4903ac6ddb4bc276d006dfeb8c8
SHA1 87952a3bb2a6bcab7b2d2fa3971fbe1ca0c4612b
SHA256 34f9df764d58491c5aaeaae4c953f5c40ef2e8b4c9d37d79e3f4870a7f57eb9d
SHA512 e2f8607c56bf6e509b2a1e63b4d97a97ea82658de223f08f8c02180f9d082d962c4bdea0c8170a501ef8d743dc4a68b0d4da17e73ec6cfced8f3b075d8c0f2a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\6297

MD5 30d292d635e1ffa81b5b4b8852887569
SHA1 35c973fa3c6f03a3801fcc9f1b13aab6544bd0e9
SHA256 95f7cd565225f0aa5b8417a2f11052d6b69284cd37658c3a1c8c25c33ecaf91f
SHA512 0f0c7fe2e284efd19a3fb833088624ec93737c0cda1571bec0974d6ce4961f8d36da1648001a0a1cb543ffb0244ef3a2e1e0ccdefa090817878bc997722531d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\32333

MD5 9609f2a82d8cc377c00986e4f2795586
SHA1 d77874aefd6d8eae1cd9ee95448cf50bf2bfcbbb
SHA256 20500a54c247e93190eb27164b2189c7c493c6ec0a90c81e6bde45bf2ac69b7c
SHA512 50220755487c3af0c50d6ab565b754ceddbeb4b945892b672be9b06a0925eeb9714bdf6bec101ac88f5e95fadc9bd6236b7e4362e596b97c88e6cfcef01b940f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\AD525AE91F8D63419653596829AB9B1342CB5750

MD5 d46434151086ecac463e49fd7b7f801e
SHA1 529b59eb13f6495f25fcf58732c7ff7163419b93
SHA256 a16165690c27b273b62f7c408ebdc33346e572836ac715c3383a93195c0513ee
SHA512 ca3662a7262fd32caab81714f09acc464865a5f3b5e563910b60186c796fc5ccd44430fc0357aa69394c721209e651b32b5ada1a1b616baa2f19f8badd3f65a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\24153

MD5 ea752fc91144ecce641b0c04559f0052
SHA1 1351f0bd7cb60d4afcf30ff3148194d57fe56032
SHA256 be403a30d86942684ccabd043c1f37b87feaf6c552fa10fbaa6fe6b6c9cdf960
SHA512 843feddbdcc3433b82646e9b04fe7bb6f877e506fa6d274a210c19b3bf24152bcefff892dcd3ef62087e1d7d89bae39c1943238d38cac7b3b42d7c11372ba87d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\16051

MD5 785253c37c40c532f6074bf42a1c228d
SHA1 c2a3f113f9eb3e4f789e4b6a6b788edd0f265ccb
SHA256 ecb951bfd161ac9dd180686f6311f395e1c43b0483ae013aeb166eb405e1ba20
SHA512 1e14d88f534efe6fe7e5c04e5c5023a4c79a22e70640fc0d7bf2e9f830ef3eea2abcdea18355b1a244cf20ff4827b280f7171e16e65db2d157ebae5f95e98eae

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\84EF251B40BA146E279B2F8F54726CFD9939CB2E

MD5 8b7f2d43e5bec9be945976a43dc936a2
SHA1 883c89d37222ded04fbf10c334cf341333eeaa39
SHA256 4d26de08716a811b745c8af129b11082b1642b768e00e701b63c037382c12edb
SHA512 49468a027ab2cf7684ac2d91fd6244f00a140da701864cf02368a1a8f5bb4e0eaea871092664b211bbafaecd423ebcb18d0cc394f91bd8313f2d5d58b8bfa8a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b5e78459ed11a5c8956f868e2b146d16
SHA1 ac06f38e7f8fec6d6f63e24c7f244ff4a6684929
SHA256 b92a62ca4daadbaac62d9d9738a62d45e615a941ad939bb582589e6d6b291f98
SHA512 e9cef30602acf3a9b55a2594565cd84be06d408ea7bb306d450e82c06c098f831066020955624c489e1059933a422cf8b9885c942aac2fc64f03e28ad49befc7

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\prefs-1.js

MD5 8398f0eabc3b1ee1176a8f0982a57d42
SHA1 8b7af6d74cdc25678dd0fc7895d6d69909b815b4
SHA256 db7a83b8b6ac700be1b5b8a1f3e644abfa0d05766ac89de94441243df9bf344f
SHA512 94ffa66903d4fc2f0625023ee0c32b8e4a1a6f621836272226ca551d57dbb0e7cbbe0555b775593ccaf8f95586919f9fbc2a705f70286e47cc798c18d73290ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 7fdd498c7c1bd039196637d3651eac72
SHA1 2c941835434b5e31c0384928fa2df124fd0d8678
SHA256 200cb427ff133be0f0fa52df0154668aab85bcabc9acd691f4608ccbcc9f7e45
SHA512 90b61b6051525c3458463705cfff710b25b1d2f8d520a2883e92c30ae8326283c959086c82a8457efdf5d646b8ea48421efb43ef10713e9c64dae7c79d3a69a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 05f6aa50464d35aed9d3bde5ef3ed02b
SHA1 88b74c2fac30b9c3843dadd56c0cce590f661ba8
SHA256 b69700e93ae5aba0329a4fe03832ae688817bc72c36d4d84562fe798d63752c8
SHA512 01d37e3b09ecee1089a87a372404a5da7b344877d0e3e2cdcade5d64b567ec8e7b466841c6f89401b0402dd9fd74ca954bcdd84536a2fdf40101cb93eb62f8f8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\1825

MD5 140b21b2dc4a6a15900134d4bd44f7d4
SHA1 d01d85e37053ef7933156d0fa0fbb584092b8fff
SHA256 2ed95bce5d30302ab91a2085233915a387e1d8e1dbee87101ed79bf40f19f094
SHA512 6df5728f278becb02b83689aca3abaa810957204c1a97aa66ffc296275d574cadb6e1393184867357e80880241d354851c005a8047f929437c250f28543300bf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\183866065DE0B4D4F2028127046BEFB581A325DD

MD5 5950c539f10ea6d64e97a55c66223a41
SHA1 9ff7f9b53ed0df595ff7e1d17a6d3bf3778d1f95
SHA256 93eca6b4d6e8f6384bb165a04af272a44da84112141942d47af8a2918fc3505d
SHA512 fe6e8426bb7655f1c9d3f32fcf5ddec52145246604efdc6e180d5ad847446142b1650b589b0cd0309cac996843a9ea79adeb30020b87cbbbee8ab5de363f7852

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\818D6913D1EF98264BBC58767F6D6D22E497C6EB

MD5 95f65f5e82b78c8ddae72b56c159f1de
SHA1 fb56e3ee9d2ebfe97c1c6ab246ddb699f30aac78
SHA256 de76356ffe69b10a4d39b21856953379f6abb5be42f72bdfc4903ec4a025d666
SHA512 b680ddc3a99a19b2e9330c92bde1803293c52d63a5cb88d642f590a399c3c79b84ba484dbe95b9b89f313bf5eb784d4491da306c8b8dd98af51b2ebf4c3e9c68

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\B6CC53B0972D295D54F95FA82A5838EC5616B026

MD5 8a0a7f5bcc19d349086896cc447f09b8
SHA1 ce6f4611564a8ce278852514bc42c1a86198994c
SHA256 756e16d13c86b6c37ba353c32404f9192aadac421ea431d132945115318a27e2
SHA512 02ff9149b98cf53a321f3b6903bbe9f08075730487d01ce303e26e591ed9f5f5fcd9ebb589481f435e552a83ee9057fcda55e0cd446a6807036e2c5036e7d8df

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\E2195B15E085550C47C77CCD6B686DD370076298

MD5 2f7d527f085da81625258468b371d18c
SHA1 af6d791cc5262b450a5157c45d1edada52dc5b6d
SHA256 1aded5b08e13571cb31b53ccfd42f62b6a4be870cb6f43b2b1c8ed6bffd3ed46
SHA512 846f7fe8c788ee7ba69074adb076b0507ad963db3b9c41a8c1ae85ec80760781acb8c49bc5293032a8579382c01409a7bd6dcb1ed5eeee8526f08a8e02bbb3f7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\F1024191799870B12785EC8CF95ED4019EE3FD36

MD5 1fadd8e87f220274ebf79d5964b23ea4
SHA1 0d64e0b37dd5d0a4cfd00b39afa264ed3deb6a4c
SHA256 f745f862c1e691aa718a908f18c0471af90dbe7791a41a813dc9193e15686c85
SHA512 75ebf1ddc96fdb200eb3241cb9d3dbcf4e787bcdc26c3248b47bdee1ff3283699d3919d20848389bea2cd8a344a8e4c0042683886a37729632fe1a6d0eeb6872

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\81FCB1D978EB2D7073BE5A110D3E52E057A6A24E

MD5 cd6639c52900874181c906d3e1438e78
SHA1 068d257c76db8569b3d2ffd9dc5d8872a7c8c131
SHA256 4d69155bc576e597fd72e44451fc7869f0deea31031825adacc1d8a4a826eac4
SHA512 98427741b9377f15022419b3ba770fee7fb9d0a5e0559c025c13ca87d9825b96e8124e11957fbba856212f6fa5ead87be9ed2280182fb39c418acc5073cc6550

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\19A2007D06A031977C0CFE11585AD11FFD82BAC5

MD5 ce93fd08394da517b5ee7f602b372a93
SHA1 830ea2e5b265969ed04fd11ff5a9cfa9a9150caf
SHA256 f283b06445af8de307551565340291208eb1421eda0f5c94c82f43bafc2c7dcd
SHA512 fe4073f6a38d188e0180f27a76e57539c2570edb53aecf3b3c24cfe40537ae71b799f752a665e835cabbbdb155b39ea7d94e94e52f7b1f5d5e40fc883adbd177

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\98E7CB868A0E2CCBB49693CA594496B2A4BD01CC

MD5 4c2113f4f2dec8607c5075f2695173bf
SHA1 1c71dd681ea04a3598d3386ca365b1db3ed70d11
SHA256 1e037c896d7bcfbdd30aeb9eac45c06eead256f7ff5afb5961cde9823a948a68
SHA512 463026985f7c983196c33402b0c2bb3561368835b393170f7af412726a3fba055e834b92552943635ee0e4f44c463d5b707f2ae2f32d97d6bcfa5a340d679de7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\1311

MD5 fb7a59c756da8ae4061ab6b38044b03c
SHA1 98f7318de2cf0800b34cfe14fcb5c2f68155acbd
SHA256 8e23a0fdabb2841300c178864668d0b58534a1755654eac90bf61bbd1fd92446
SHA512 4249ef4659b2845a20236e1d62a53caf53d91ebc1150a1ac4dbb77d8f7c216500e3df589687df81903f7be99bc372a3052cc8a57a8cab811bf479f0bc1b0aaa7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\32E07532F42C2C216F004B3948A2236BDB9E5798

MD5 3ca3de443fa63eefaa519fd08ff01547
SHA1 bdd6543e411a33add8ffb8e036d57504d995293c
SHA256 2bab2b7e221b39517e9bbb0d1c57ffb38e8363da67403ff42f389f84ed1b1d8d
SHA512 9915a6887bc96bcb709b578ec813876e76320c2c56d4224e59e555a716bf59615d92254a98264a62ee3a5190b0bb57559506dee8eb0868da151c68d50d6ceabb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\D24504E5154C09DB5256506BF09FB4A50CEB16B3

MD5 d0856d367a022cf96ccf5ce99398ade7
SHA1 982baad99722cd375ee31617d5c3f9b928dc531c
SHA256 d6925cb261da13ca1efdc68c4f569f6efe07b95e299e31e70fd18af5bde1f59f
SHA512 8215e47efc5e6b65b79b78ce92795e6a4ed6b84af5c1cc2df159077d4251e355b5558afda4db956e7811a146aec3121396ca6393097cc0b5b18046b46980b125

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\4936

MD5 fb17ee21f2d8517b7c7aa28bb046e3d8
SHA1 051889ef5b24ab4e19f69b59e67cecc45ef66457
SHA256 53ddcfddb27e8e6ca698df9293b83d21319efd9833bb090cb741264f361b32ac
SHA512 d7768199af4606c615d8519272e946799e801e00c375f3915c3e503cb863339cef6d25d3f2c989eed582c5495fcc62d0b0ab8440660eac3370bcdf0ad8dd135e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\F061A5374FA4ABDEE9B4C46A1D4B2E0D5D8C77A9

MD5 632d83e236797030accc9d4a710f55f1
SHA1 2f9280bfe0e7b2c2f1e7dfd49bf17524b2319fdd
SHA256 0b3b7daa72013ed6a35c940caf5b3f6a40b1b6afd59131bcf2f70acbe4971559
SHA512 0c19e57362505a9e6fa1bdd8cbc544316e33e7c21e40d5af923325359efe0f196b8640658b865e32cba6352cabfeae991c9b855e75b502444c13f365bbe5a0eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\EB73E7FF0DA31744A2FBB64A65A5138D85179E37

MD5 61927899b3d413651087f9b8fa50eec6
SHA1 d607d2f37c70d3acd55d96882c9bc75016755037
SHA256 320df6e59a2069e1d6967ead6ea7072245648d118c5c4d3529b9077dbc5d77fc
SHA512 f85aa0c00b8481f761a2d43cd22f01e5e6b4d8284ae060687967645547ca1a8ecbeb261fa3a9b3c52e554ff50763f1b2a965fd8dc2a788861d31c47ce77bb0cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\31869

MD5 9e3d985eb8a0f49bc8b46f2e393c6f7d
SHA1 33680f73b873e044e05e143a16625cd857ebe537
SHA256 b12d564fe63cd447c67b8d8378e4885c4f83d440982d0891805010e7bde6a47e
SHA512 a7176f69883b55e4dde4fae58dba5227b75fa1a169efa7d69626292c2f53e590fd3ff250718e5acf8773823ba0045e1b77c2407b15e0cf4500735b6dec9a5b19

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\31532

MD5 1b8b1512c32d05f49a9cb5410a5208ca
SHA1 05a319e963207ce395a77c2cbf127fd1365825bf
SHA256 7af4f0df19726d75bd2ab43e9c21a1ecad81152c6529a07eff8b782ed8cb02af
SHA512 e40be602ba9769692e9acfc1563b481a8141243e799a0d166f644211e3328eafc3a4ba9d2e10f0e5127292ec8f3cf1f86cd95ce7e45a145b506be3a6ad3b9120

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\31084

MD5 3809768fdc0845b1ca36a2ed5f485618
SHA1 2e2233d2a062ceafcb036c35c86a016a08247603
SHA256 9f579206b6c75affe0836e4bc6ed892c0353c85ce539849cbb52a32997154990
SHA512 ac013f10f7174e244a386e2aa3c79c1946857b8cf9969fdebda4a163ef529ea0a77e0f115d99ad45776ec4cc525149f520591086cb30e5243ca7d0b0ef6460c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\17572

MD5 54988b6fd755f8a99ac2d2521f59db62
SHA1 2e10769f630af63b1a529b9b3e79305a0f2607fb
SHA256 99499df83598e9fcbe0a091b13bb63b8f0f9f033afaf6956a65b18d16a9ee4db
SHA512 7ec5641d0e1dcc8e7f40a8312c35543fd3df722e4414da13e06dce24aa0eec8c5eb0f97c6f9b863e4b39686d3e09a68f13bcb2a8ba8b59743248e9f2c795b853

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4acad91397d26d04393763040c6db36b
SHA1 1896ca543fd45c124693ab00b1327c5e545a9be0
SHA256 fffbdc0210cc8952e00994a3541008891b596ee053ab51961bb55b21e2fb2fe4
SHA512 26562dc96ab435ea41ef6f11e45345568020d906e33e19e819b981ce200c01c4c99897fa20a75bd1b774b02801e8b72de1459a05708de76d4304653bb5b5bd57

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 42bd5cd493d7acb3437e93b0032ee94b
SHA1 2ef257fc824a28c00bcb9b9cb49568376a408721
SHA256 03b107906ba10d60107c37540e0ea8ed64932bf3b0ef5609fc7a25079d63ac5a
SHA512 832846a1c01a38c5fe1bca419d650bb859b2adb681d3ac3734570967f6a20a266a1eafb7c93cabdb4c721352220b81e014a497b320e5090336043ffe6a335e86

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\202B6DD3AEA22171F941466E5C0D23C87B7741BC

MD5 22b3a8b457ffdb21db6183aa5379557f
SHA1 f2151d34f5659a62b696b75affaad4a0bca04f91
SHA256 f1679334d9ca74fca650d0496dc555e026e23e602b04ea8eb48a6a40b253b2a9
SHA512 dea4681d1db53523f0dc88b17c24e6e246b41b92c0cbc77ea47f1f4d5bf476f5e20e7abcf39a7d71f6eaf4a979a7ea18e8f48f7a212f24a2b8e5e853a259905d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 9347bade0e6d351734211b0848b94d2a
SHA1 17b2bf009ff24921656ebbed32eb50a4ff4729aa
SHA256 32d8ad65de1c09eb43020f339bb95f231eb402d6a25bd8fa67da8caf0719617f
SHA512 3d26014ac78399403ec0c6d550e7ef676bed3dfd71153a3c2ea80a9c090891623e99e230ba83c2bf723a048770ddd65e6fd57e40131c309e77dcc4465f812e51

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b1154f4a2beaaa92d259f3e034ec251f
SHA1 8f15cf2f13b920c27e272aa036969a731fa8a3ff
SHA256 52accfe3a48876d15e20fd0aa9b4c9bd40603ec5187424182920ec4c4434b137
SHA512 99a7bc5bbd13cd36883dae3601c6425a9890e5af96f34ebb3cf1aa2e4aeca7977dd0b594baa4e5fb27ed2cd943e159b8998fea18a8854bf09158c94db81bfc61

C:\Users\Admin\Downloads\snapshot_2024-02-19_03-16.VyTs_rmh.zip.part

MD5 33535fc75238d0c1df9861fca660aa11
SHA1 0bea1370246c883992a4bbac50091fd548ac26a9
SHA256 35a83cac6ba432997726219b82385b384fb838c4cea3bb445479267eb29ddf28
SHA512 3cc0d348d7a14680a4110b4443e566dbe71ea958d406f4efdf8a005fe515e4fda569e55bd4b264d66cbb4a4f54cd625ad4849d65e7b39819cfe5190353d8e841

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\F12438933DCAA5300F771BB2C408A2B6AB6F22AA

MD5 dea36fd0a63b001be896e894073c31aa
SHA1 0b55d0a08affc5df7d7fb53b315c6d2338a45deb
SHA256 37b7ed0ec0ae03337d6a31c25c9f12a94ea730ddafd4db4397c771fe4222b48c
SHA512 51ac09c5de5efabd2d9448c3b6d3429722f7358cbfb12a17647a699549447a1649a629a65e2619ba7b225a2f3f3d1952090434abd7469ae86cac658d1b2c6f89

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\29922

MD5 43aeed51887e687dc79fa46c6b586a8a
SHA1 0fed092a10c462c8e1a038ed9b35a3d71ed39532
SHA256 0e4db90d2633b7684fb123722a2afe0d3f1699f6e23d3c3cb5151f483f3915b2
SHA512 04891c0f55b7c5b2f25374f4d35b368ba0b46cf4b1997986d1a570da043da67b584497647f54953c64557f973e4e33f167c4a435139094dc8b23802d472e1258

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\3349

MD5 620ded41e1b22c26180c816df52d9cba
SHA1 77de7504e758b2c8bf27206ec6e2ca137514558d
SHA256 2662b3b74392329736f8169edd8b863af6de6c730befbeda41f4ff8286ce2c86
SHA512 d34f57e47d30b4b34480d6385977fe61a6ec4365df932af77b9bee64d81822c18f5fe73a45363df1fd2c4c6d73b901cc7fcba9b6fb5b6ad8bb417e352edb5fc9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\22494

MD5 87ed209dd7025d2e5f9bf70807487728
SHA1 b69cc4f257ea22e2f088ecfd39c9aa9c92fd0eba
SHA256 ade64f3ae5a65bf1d9e73ae80df8bf7e4b2e623339b4205b806bf623d1c6035a
SHA512 03cbc291edc7e1e7b62df20657424a871f883d50e98abe7f795232f8cdeae1727eb4dee488079aec44d42cd894f2330f2ee955b68c51a0f4c881e5b09a01f7b5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\9880

MD5 de8bfcb4d645e9da2cdaf5008938a7e9
SHA1 a1f759c7b6fb908350d8dd2f205e001610b679aa
SHA256 389c403ef129d93b9fb6816e69847a3029764769d5727b54e0869726d9fac202
SHA512 72997297e3a678001697ddbd5fb46ec7f13e7b049457751e465d54553761bcbd64b935173bb9c800ce60a5d5155c16c87fa89b17153875fae3ad9794b17a1cd6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\storage\default\https+++www.loom.com^partitionKey=%28https%2Csourceforge.net%29\idb\4266997078reegpalraoytS.sqlite

MD5 5245cf6c972b45afb794953cfa041611
SHA1 5ec155498df743fafb94b98e2f06be926d8019ec
SHA256 75a2a29220d14a3910b61176643de7c02492b547d3cdb7472f03782b0a0b2c06
SHA512 859c041a41d8fda6df988e17496b13863f3fe207fc151df385fc051f7a4365e8ca02c2bb88671f5e43ef9e0fd158796c9e4db4b4206cca227eb91e0f7bf7076b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6af856b0543d4ee99696201d443e812a
SHA1 c067bc3304ac7b9d09f041360304a470fc2a01ff
SHA256 fc991b47d3885de0d891f85648f06884d5d45bab91b6971509005376bf06fd0c
SHA512 cfb76a9a5916af2b6ecffce6a4befa4c45d8bfbcda1ab61db42bde67d58a47b8bb6354541d7b4ad48cd0fe8f2df2e9fdb08e1092723eef3a53074b27e0d323d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fd2eebdb278eca18090dd846612d0469
SHA1 336b60a9bdcd4eabb0975274eff28475ae5ff1f5
SHA256 688e8edce3b31744dad098ecdf4e56192ec47afab099eb82a2a195ac67ea597b
SHA512 fa03a82a3de62a8538f03c827cfd3c3340f7c46b5a84a1b6caea246cbad7f4a052f921ce2ef2e70ed29ea769b985f2fb4e3629f1ef0fd555cbf50c78419c1a9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_D7AD35232628FABEF0C3E04565DD2D7A

MD5 9dd5505847b5aa083883a3a6eca5861d
SHA1 29c0bbaa8578b365380cc717081da1a4b8b3e2d6
SHA256 7f80a88ac3c7a669be771915b5af8c12afc951bf3bef805b92aded8ac636ccff
SHA512 3e43f2372be9c545da0057de92a99a34894e5f48c350241583a843e68f46ee449219bcc863f2b7f86bc0310a1585a36c100fd836f12592fcf0f50e35194adb34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_D7AD35232628FABEF0C3E04565DD2D7A

MD5 e9e400ef1a875858d3729af17b7d120b
SHA1 ed3a6fa710c8497e1621554b098f17ab21f3042b
SHA256 8ce0ffd18e85611f3d498eaff7ade97590595c31abe7c1372740df23c4e9c1c3
SHA512 0fc74e4c146255dff3b6b4720126d141f250a8302fbd0d61664f5b669fa4baa37b2d32245f98ab18c52ab4c0e7020eddb1bd430c4437089d803a2bd25eb88c3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

MD5 1cba2a0be94485401d19e6e328c1ac06
SHA1 d5428f0bf4bbe30f112a1de072b1b5df984f8b85
SHA256 42706991f70205ddc4abef19146fa59b6e897a93613dfb98dd76ac8268a1d3bf
SHA512 7fff1c3f0634287f9d1230595c8a88ab94414a1eb4964204d642ac0812cca6d0b379be303df487d1e277e4fe518d062fcad46d5ae308db5f7bd09899e9fedd9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

MD5 062d94c99ebc7b081ecba3e7e5c56263
SHA1 4a8bc6086689485e5f9ed5b30689b04065da9e95
SHA256 d202367830b1baf42c0bf412e3fd9f1a7ccb2ab67a625af3add11736168c6f9b
SHA512 9ce173975b533b7425b2d7f1b10422cd0a94168354d9e0d059e87654c21bab31c9814bdc4d2159225bdda8627b00f4d7c49806c9b58ab6fb71bfb66590686558

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

MD5 69b90b4d17ab865eddd4b4d18e2c2db3
SHA1 627e1f4ac2a202413ce4f0da6fe052cce5219f65
SHA256 ca0eaef00c1fdebc0b8e4fb6909ee722f8fac5e44555f628a0041aa7a65be23c
SHA512 f9d3968f9f2b64091b691fc021f0482e9746aca588c9fb6a8c399c6cbb3e72e7f794a05eda34441d8916e424c20b840caa88563fe61eb17cd2ec7bc4d9b3c7fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

MD5 5f6fec337959e018926184bbbbe75036
SHA1 8ad8cc99130852faac40a61de7898569fcae6258
SHA256 164521bb1c606790c172dfc302f5bae9a96cf772c6f4df986dc510602634604b
SHA512 65dbd2c3cf7ae229cab29952939bb0b72c70d4d69c603a91e9cf434f8d6ee5cf94a41560a157619ba55e656b1d002c91533725e13e6030a4b2aeb512f9b3d6d4

memory/1524-1667-0x000000005E4A0000-0x000000005E9EA000-memory.dmp

memory/1524-1668-0x00007FFEA76D0000-0x00007FFEA7C55000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1524-1671-0x000000005EF50000-0x000000005EF65000-memory.dmp

C:\Users\Admin\Downloads\ykacfmayoi.exe

MD5 cf19b0e8debfa2158b6fe108e104b463
SHA1 f3512466a39118fe6f823a3f48bf9bc2aa3fd4a4
SHA256 8926b36eedd49b2c530ebefad37e1a21234688f215ce4613bef28e0fe903cce1
SHA512 050a02d42b7966e8573958a973938f8550198d5c9eea6cc392b3bac2d2c116e45e560d6bba1b5351477025073fd8f2157a7e05dd1d4301ee7b52e105c51977aa

\Users\Admin\Downloads\ykacfmayoi.exe

MD5 e0720fefcfa2d51b0dc7a04cdb50a9fe
SHA1 139d825f7985f087b588c46bb67306ed51f78936
SHA256 2fb8e52dc5c1bc980267385e0ab8b6024e75e12b7ec1c333afc5d0f66339ad02
SHA512 ca7f9209c9a5c4d1af016c0439c2ed734a05a99fe7723ae8dd903ef8be87f152c6598325a26f190fc9f48e248f8f5d4e1b67c46239acecee55f989d934e617f8

memory/1524-1676-0x0000020FE8A20000-0x0000020FE8A30000-memory.dmp

memory/1524-1675-0x00007FF6C8AC0000-0x00007FF6C97E9000-memory.dmp

memory/4984-1677-0x00007FF6C8AC0000-0x00007FF6C97E9000-memory.dmp

memory/1524-1678-0x000000005EF50000-0x000000005EF65000-memory.dmp

memory/1524-1682-0x00007FF6C8AC0000-0x00007FF6C97E9000-memory.dmp

memory/4984-1683-0x00007FF6C8AC0000-0x00007FF6C97E9000-memory.dmp

memory/1524-1696-0x000000005EF50000-0x000000005EF65000-memory.dmp

memory/1524-1698-0x0000020FE8A20000-0x0000020FE8A30000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 af096e135e38f5ebe1b4fdaffd349eba
SHA1 0c4c03fbfe375f511dc83bff3511df76fe366bce
SHA256 2581da2d072a5dd5f13afc06e1f59bb73222b7b535b33b9dbf64f924db9ed899
SHA512 6a4489d370eaabdd9d89f65742e3a5ad76f69aaea82720f9f9dd9c66c44875725f2ac770fc6a9c7c816c113c0c9f7257f379cbeefc808359447c37c31a28e911

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\25231

MD5 ea9c94a50061ee03969327bba77ac361
SHA1 1d552c056da81051312eb5593a635a6bb56ffadb
SHA256 05c066683f7120af2df8d4e4f9a17dfbcc107d395c24dc0a70311711512b0be9
SHA512 c12ef2a76799e4ed89d07434ac8eef856362551ce96f69f3a98ec44c0fbd41f4ca046cc2356e2cc2606f2b8d03c58190b7a2bf8d4420843d49795b0a6f5b9332

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\26DCA2A9136AE5A1C8CD4609AF3AF62DAD6D1904

MD5 1d66a0f089b33373bbd622f082c813b0
SHA1 4b7fea2caa47668e459a666b6fe693453b6237e8
SHA256 f148b19a54e59fe1c537a00557af68db5cee1b7873b9c046df0046c3b3daefb2
SHA512 bc79c300dbc62925a67a62b5d6a9f7b1b7741a58078b0a1d7a9209f5ad1df973016f0564f66f3a6598442d42d0c0af02a87d48de587f1af246e065ba272d184c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\11058

MD5 5faa729a8e1a1a31c916785b3644a965
SHA1 0fde180b03bfb13d53410c4009c4a4272e5c01b0
SHA256 8432e74017ecedebc3394e8346734ced845d15aa94ae6cfa36a380164f5e82b8
SHA512 ca923ab719e744f8536ccc8f55c0a787c73c532576557773157ab740766265d9f74ef2e409b0baaa89d100af2ce278551eef547b17cdf3e897b16b588f8575c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cb7cf8034713a45f84212501fed29bd8
SHA1 62e9ec3668abda10ac8b20c65b7aca5282f151d9
SHA256 028b84fdd78508d8740a120fb5935bb29d83b00aeee2b87b606b245cda5d7415
SHA512 91ca767b8069cf8958570a936a6bfa4ac7ccebc86efb339f11a18b37f964f5e6bbb65f1652068bc6f4d3e48ccb945011ca89cc5182f5d9a52c24cf7111209b1c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\83ECE6B23DB03DCCDA2384FAB3C58334CD5B6B6B

MD5 0ce5138d38f3967646b99f5a907e62e1
SHA1 46ca1c87107a8bc17b194771d5f8099a8edc0d3b
SHA256 a3632327215f06f5696a64a7a9336060c087c509234e3d36af1779d4dae4d355
SHA512 f45efbaf0baee31b2c1fdb1aac70a80e398ba0c9d0e76d1e7bf89e5e389fcb50fb7cfdbb69566634bcbee8c22892fea21b08e953971bdbd1aeae8190ee28857d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\12098

MD5 b320bc17f975389e72a6e816737f7303
SHA1 59e6628c32859110ce6d978876038b5c81469021
SHA256 2bb86e1472695c2251d964386c090c78a8daf4ea1cdd8f311ec961b6d56701d9
SHA512 0505315afdea34d59f2e8dd7865a2d775b77a19cf44c9890f8eb46de3b122127083a28ff1cae07c630f14b70bfe62e7a4e4e1dcea3b98c5a029f5172da1c1ebf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2bd94a805e499c77099a656b5d79f607
SHA1 67112bd056d8701f685bff307c132a6da442a884
SHA256 d4331d7b957db1721ff750426e7ec2dfd1c16f580b60e8eb5c830321db92cdde
SHA512 a33a26be21f48f8404f28c03854ac656899c5219e0c26aa42a1f05bf03dde0e832eca5ba54a02faf05b3dc0905eff23869f8880bbd54e3ff9b012550f1303f87

C:\Users\Admin\Downloads\dnSpy-net-win64.f-HQcQkR.zip.part

MD5 f3697e3b670b3e782c1f6fa8ecfc7713
SHA1 a504034a06944ff7fd95fe235a23b744231b2166
SHA256 308ceb28d979501f77d837a80b89179b441f1913eb3f561cb8b699f08bfb8b5d
SHA512 5334c7d1a84b5d66048cb51c3e513a46ca1d177eb8f1c944deb4b9b936f777327273561903c089dacc5d6c76bf1a9934e4d7ad75d8a59161ed02de91d6f5b8d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fa6a190fe387468e62d37c9c3f9b4bfe
SHA1 1c6aedd366d2f6ef27c17b1e319465e0462a17bf
SHA256 3ea24e4f6c3a67d985503787ddbaa35adc6a0219b6ccb4f051b8a9efe3ce8610
SHA512 fbe6e92bb1337b48dabeb190ed4cb5889b6e87f1b3d75ddbd233e3763ad62b3d175f4caa96fbf240ce9207de49555f0a4f391b2d69adbae2c0a9f6e265068f3b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4a7e15f72cd2aa82753a2664f0966f8b
SHA1 1e912bab638cfc71af7a79b8e3b45902ff166c97
SHA256 6c8caa690405eb31602fc94543f4c0cf22ee1a2088b78770656dc32591511ae0
SHA512 d00066b5e0b2c93c9f8c9ca3f393be88f917145ec41ab6b530213c79150beadceb83d4576bc2e53388e6e8472a7db28c7f2973bee8c9033ad5f67982ee1a56c4

memory/4568-2062-0x00007FFEA88B0000-0x00007FFEA8DB4000-memory.dmp

memory/4568-2129-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp

memory/4568-2130-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp

memory/4568-2140-0x00007FFEA88B0000-0x00007FFEA8DB4000-memory.dmp

memory/4568-2142-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6f05bd6ad59dc6edaaafefbfff4ea391
SHA1 90d51a09c81393399c3e09720fe873e76d50f45f
SHA256 4c8cfc2c10605192734d9d45b27701592454eb15d068cd8f57dc867100264384
SHA512 79ff43bb958441b1e1b11940579ce85375d7104e8c77432aad96606f27be1a734605d6d3a6ade18a909dd6c38b1a607ba741563f261a0725a6abd15c9486813c

memory/4568-2208-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\25327

MD5 1ac98c6bfe3fca4461e7b00b6a1497bd
SHA1 d3e602cd93f7a4ca4ecb16fedea0977ce444c3ae
SHA256 b088a2d8baa3f878d75e5b2ec2aa55c6434e28852bd91fe1fdf5f3ace8b6401e
SHA512 43fa1ca10aa4e5478dbfddd01ef9e2928532dfe3fba89610dcc723834fbe2f1ce04316a0436c1e92b56ced5ac9003fb16a22be40eec401967b57241c0fcd27dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\15531

MD5 b90f2e9919906b817c0f071387b49e21
SHA1 e4fe27c28b98deab557423750d4222048bf25d32
SHA256 f80bf682aade4d97ed966d6b9ef9ab57cdee26d268e2068042ffce59177116fe
SHA512 6ec7892579b4040d20810eee2e7333038f0d8802f323d0f1881cf02a86f53378b78e7fa4fc155bce53b5ea95f5e9a283d9e36bbe054098c99001891ce55859ff

memory/4568-2253-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp

memory/4568-2371-0x000001C7CBE30000-0x000001C7CBE40000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\29969

MD5 14429248cc58293411d8b81eb89b0a25
SHA1 8afadc40c1aa0ce23a0f3f09affbed01063c0169
SHA256 39a5df1dedcbfe076d57678d9e0ad5d2a55fbd773378a0bed403c8eb4f2aac67
SHA512 68e52054b962321d741b84654c2b49f2bdb2805ab883b1470adbe1127a7e9211a6dcb96a033e5ad666d912428a968676319d3716b4ef8b7895122c24fe53f7d5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\25581

MD5 c7c3f8d72c692ca37cfae9f208b0e130
SHA1 a7e7c1b5c026f5eb6878e36621208041319bdff7
SHA256 6f9f0fc7375878d37d939b4f2b72c9907f1a65bbf958ad2d0aae205f8f76a242
SHA512 4590d4d581f8b4bef677434c7705e1e79aeaa684f39354e26316b40d82f90e721b9fa06625381f8d32bb3ddfb6f01ce2d8e1b0ec6b09716807694de4146b7b1b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\29071

MD5 a80d280c12144a4d6e63577367f9b479
SHA1 6db5afb76e29b3095ee4e1e93099b5ebc3ac3833
SHA256 84849e9d9c2ba11cafc225726b98106499004155415add9b5e6bcad472513bf7
SHA512 12e198812f7805c59c98e70c4794857ab4f9380c903241e2b87df3ffcb1e2bd1836f89728a12747e8e7589df85dfc40a094190ab4b8f63d48663c65e3af57626

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\26301

MD5 e7abd4cdc4f51d930338844a8fe16111
SHA1 0cda2e338c4521c3883f3b6a9dfe2fe6e446b69a
SHA256 38208ca87920164b1b9dd509fa14b043478dae2908471e6a0849e9c1d75247e9
SHA512 783710fe052ccf301820dba103153c1668f01bc1865017b767cdcb19fcb5a6f969f6ea5ea55d20de45335cdc8d9bcd6c09235b400949fb7c607ebb014da78e94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\9861

MD5 c43f511a821ca3a2e5bc352d27b77616
SHA1 ea6a688de2cc7a3f9fc1a0de8ab8a5ff40185512
SHA256 a4cc6a4903ff9032ec81345ce5d35ffe224660fddb3ec325d34726a2f5512d3c
SHA512 2082a1cc6b0645d75507254168af9ac59ce680128d6b81f2dc73b53e00dc1eed2ea2479449cc0e95b3a038afc2326745080af021d772d7e7c07355a1759e68ae

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\10027

MD5 33d795a2e4e5c54b67444b086170399a
SHA1 b82e6ce2afd2331c461f9de902eb6bf104afa6b4
SHA256 bd1658829d78e8d107f75bd7df6d536c0d6aaf77939a7496e979ddf638144b0e
SHA512 3ea9baa15e51fb28c61c06a2d68051a90935be2dd277bde36e83aceb4dbb403eaa0a7bff8f667732a4bfdc0dc08617ff12ce44a5eb6b36d78757ded01c35e68f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\7539

MD5 92c511e5153d44c98663d2708a0dd22d
SHA1 05db70a55dacf09444784140374277dede4af522
SHA256 736b303d9c7a37114a6cf5eb0564d18d7147b51046605a36b28540e4947c010b
SHA512 56698284604fd6cf892a1571c69b66595dde54c8a7a1be5315b92f8803c3ea1912ce44d567096d9a27f180a997bce837d6653b4e0ebf8f15810d2b579b109c06

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1305fde0b372294d11a1416e26b05943
SHA1 15b10229ac1271a3bd71ef981fdb2bf355b3479e
SHA256 71bcfed5e54a072f38945e397211447ed1aac97c00b591071998239bce56157a
SHA512 4a994524e3ed3852f924bb5627f51c9d1d50b3e542d10bc25a2832427e603d58bd7e72698e4eabbd28c76dbbcccaf47dbca03c28e4ac57f7454709177683e893

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\31616

MD5 de31092794ff58966715f6d5035ad9bf
SHA1 cd79fe7e19dd80df3f13c0fd7404b489ea4535b3
SHA256 4a21824a0664c20e593aae0d1fb087e3dee7efae959c1242687fac583f3af633
SHA512 6d38163e37eee5663b05c24f1f8b01f65ef78075a4a0fec26aeebd7c9370ac8b10680191e769d406d18c665e6674210d74bb5a071cfe9ca37ead5d5ae5e97777

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\11448

MD5 7c03338d2c8b5275b16a3f710524f9f5
SHA1 a86eadf0fe7102c57bb9ed673298691f6aa7f677
SHA256 b3dc795477798d6b59c1481e1bae96da27cb6920454a879d01161667d62c0dc9
SHA512 bee7afcf38abf5a3c01e4d0945fa0b2f739d49bbae2168be2410fbfcdc8f56dfcfe29eda18d991c605a53c677450d06cbc1c5b3ec3736fcd1d49ac6405c53824

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\27900

MD5 6d064c7ccb63092e223f610956f87fd0
SHA1 9d557681e6b3155c12413d279f526fcc48e0b2f3
SHA256 6293079546ff210fbc94ea2e97f2f22cccf0f8bdea9f4c4cfdbee9ae381e5026
SHA512 bf1e5a5485e8e351cea7b2e39c96e59e6cc7040121451e1c76e77d67e4d80df019275949e263d9d74e9ea02b410a0e51bace6ff79f4c89431bf3c9c8c235f45c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\20831

MD5 5ddd3154c8ee14626fe0445b0f18b26c
SHA1 18314725a1d4790257c878c529e8f7f88e7b6bb5
SHA256 12b10fbb84254a1a12f3a8ca08ec93dee186c806e9d11dc69ffd4f0f13c30af4
SHA512 a2d2a0e898d28ab66e6a9746a363560966f516f8db76e52d895f8233785ec81e56a0317518e3c3fed78520cf28df672f825b7377e48722d4f3d1d262660a609a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\48F9ABA6D46586D394861F5DF3E9D0738D860D74

MD5 dbcc6b9b823601b2a8837a71478e4ec1
SHA1 485844194db52345af68a61b5bba183d11293bc5
SHA256 e981b531c7664beb888d2afcd928b736267bc82b991135d54cc67b9fb8dbd84d
SHA512 3b465f5d5ee934551acf797d6fc5e54e1328b34f51a88c7dba20e094ce1468fd333383f75505654f79b2a4be9d8b5b74e36b8fea90336090f3f0a8212b1fdf1a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\A865932A7C9FC46C4E08AFC8176E9C37A69F6DE1

MD5 72580d237d18bc8d94bc145b9faf4666
SHA1 3359c66dcdba4afefd80767e77080179da184c91
SHA256 af8296b2731616346f77800784441169b9d57c2410c49500024f7881b131dd79
SHA512 55f1bf4d803374744d67181b42416e88702028e5500daf650f4fe8cab6f56b38f69039fd91df17e6aa8b17cb1d4786d3321da4b55f24052b3992c06df2afea06

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\B53AEEC9A8A5A8BD1478C7F17B2ACC26050C2FF0

MD5 5aa3a0af9a005b536ca23ca0b0219075
SHA1 02d01171b8ea90da7073f1ee4b7b0b021023696f
SHA256 53cb66cbdbe716a55b843f7f44cee8da38ffc30aad4c8b6a888d8957cc8346c2
SHA512 72a17d7e9c57487294e7ba4a5c56d9b328ac566a95c5f0f166f84bfffe0aea344aec2be53a20a04d2009b1b993f0ed97fd0eec68847cec961ad4f05fa29730d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\6345

MD5 a52859df67a0d6732fa368df6259becb
SHA1 ecf776f454b74bd9beae7260b4fd1d5c4329ac01
SHA256 b777bdbbb77f68e439e92cfc55fa0dc69d4a74ca4a53be093a150520d2b2ee05
SHA512 9301e832ba1f745bf81b2c4209449762633a83e4c7b05189121fd541112e049a821f0eb1a40c623f7489891825a9cc5aa055ae8bc88d884ea684885b346fc53a

C:\Users\Admin\Downloads\de4dot.bE04XoxK.rar.part

MD5 aeadb99baf5602130e892fb78ab4a9f5
SHA1 3f4e24d62d614a27aa3926a642276972e63d9520
SHA256 ddeab3e272d5189aa415a3997b95660d2475fbf01957b6a39b7ce87a0bd9a63b
SHA512 bd25fac35336509886fb56cdbea6a072c746614a8ca0e5604767e5f9ad9b12c26ef6b3e6b055e1d470f08dbc0594474d9aa65b3e781ac47c6ab4918bb8250549

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 411fef4a194b2c72293da56b53a2d6f1
SHA1 3b9609de23e35d02b0811cbf922fff382f7077bc
SHA256 2c732194807c139ff63b8b6853d5e43f5e3cf33ac76cbbfa58ac1c78cd226fc9
SHA512 8f05745c9c4ae0700ae3bd03349ee77856eaea7d59c86675cdc5c87483f1c3f714a16fab75b039b23c72a3b8d8ed65b5daff65750357ec347865c1781f3896be

C:\Users\Admin\Downloads\de4dot.rar

MD5 736094dad0400173aaa33747f41f57e2
SHA1 fda3cb01cf9ec5b31c1540bc999bc7148b213fc3
SHA256 be1bd9603b958f40ef05021150f131497ec50cde232e0979fc55a2ddb7860137
SHA512 c5c0ce9e2f5790d9f994fdbefbdf7c3ad52df18e330234e83844d52c8099590fb5a3170a53031b3889aa199a49c3a1c804d72971067f5e35e2277aef27158215

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 19152941ed8c1fa301626817a871555d
SHA1 6a737f8472cb89c84cbcdbb40c1949e0c0ba704a
SHA256 548d18be271984dfbddf10a961662a17ec463e1061decf7ca04ea7808e6e4cfa
SHA512 f9f99e372a44ae85c66651d2a5477ac5315f10f8ee1dac8dab980c88a19174d3a23ff177d96980b6302025cc0312a1ddfa0520ce29a929a110f730fb0e706638

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\jumpListCache\UBAaxxKeqiyl7owKJJMhHA==.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\Downloads\de4dot.exe

MD5 1a876733326543cdfbc95a8cd5f2538b
SHA1 101ba15e9b2eb36f06e753cfcc6089e03ae35cac
SHA256 dff03ff478b8426113e8a7b66baaf42fb1281c88356390b6e99c0f578bea473e
SHA512 d2b52f44fd8504428e7a911eea840c53f67aa247cf9a08e0747a08a4c2edd006a2c0ef748ba39cfce1a665aa92beb6b50faf33ede0e5840e87157dccfc9066a7

memory/1376-2840-0x0000000000D80000-0x0000000000D88000-memory.dmp

memory/1376-2841-0x0000000073780000-0x0000000073E6E000-memory.dmp

memory/1376-2842-0x0000000073780000-0x0000000073E6E000-memory.dmp

memory/5624-2844-0x0000000073820000-0x0000000073F0E000-memory.dmp

memory/5624-2845-0x0000000073820000-0x0000000073F0E000-memory.dmp

C:\Users\Admin\Downloads\de4dot\de4dot.exe.config

MD5 7d85bf81018e3346cc1360ab54891b53
SHA1 39a189f5eb68c9d7ddc83eff779bf0097f4a485a
SHA256 6ac7546263b4c4805085897b4d871e46dfbe9b2e52a19b0e23ae7bc37f473bc1
SHA512 ab6c2dc32b926b4b1c5a683caa5c2971bac6860907fb5204b6a30c49d1decb0d41d0d1f3f9e4b1aa6e3096e25691d285440c3c74172d20b148ad527dc91132e2

memory/768-2926-0x0000000000B80000-0x0000000000B92000-memory.dmp

\Users\Admin\Downloads\de4dot\de4dot.cui.dll

MD5 69c8530706b137226dfddf0d98419134
SHA1 780dd05986bf0d415f87c50cda0a59de79605d13
SHA256 2c5cc14b3cd69255b3b673699e11a7d719c38212ed40cb0d5efa42398f06afb5
SHA512 b174d2c84aba6c273d3926ac02eafb6978dd3f1fa666c9d8016034a395b3965fc4192d6d4217fc0f4d7f9b2735fd23049b6ae740c4cec95a848bcd74144c741c

memory/768-2931-0x0000000073780000-0x0000000073E6E000-memory.dmp

memory/768-2930-0x0000000004B60000-0x0000000004C9A000-memory.dmp

\Users\Admin\Downloads\de4dot\de4dot.code.dll

MD5 fb8ca456765305ccc9d10a7861c4f595
SHA1 ec1d33b3494616b44f500fe82bef73dfdf3fd98d
SHA256 99478c6e4d803f3506bbdaade4e11db368302dcdd4ba612bbbb3e100fd4b9625
SHA512 3e15b8d2b99c487a3db24c84cd3d06f0332c0e89cc12da7a3ee7148fb19ff4130da83a9a9dcd8af3103176105f1db06bacd301efd93b49648536977e926c872e

\Users\Admin\Downloads\de4dot\de4dot.code.dll

MD5 9dc34c27af45d1939c92ed276fbc4fb0
SHA1 4b6a4dc912f5a392889cbbbf18f04cc43c432723
SHA256 535a5188cb0e13c8537a93e2b455b4cfd3c7364a45a20312844776430b7a28a2
SHA512 528dc1b92c4d7255b8b7e5d105acbe4e294a046ed567e9117e2ec85fa7a62fda14c36228641d00d1b309666a539ab133808d0d6392ba069ffbe63bf9bc609c31

memory/768-2935-0x0000000004CA0000-0x0000000004DBE000-memory.dmp

\Users\Admin\Downloads\de4dot\dnlib.dll

MD5 5c4dadec4d5f073acb1a49f71e5e78a4
SHA1 475adb49047bc2468ea326b3626c767b8bc19bcb
SHA256 7ca1add7220ba60c2d77046681355e89ca0f1fb197eab57d8e67acf77e335d67
SHA512 5a16546029a4961c73aa252498f794027d165d8de6f27f3777b58a2533ec3e437856b0d2eab5545d1176065012121d142e1f75f826cba2e9b38d17b9ca92df4b

\Users\Admin\Downloads\de4dot\dnlib.dll

MD5 ef7a44337be8bb4294f4c03bc5b4858c
SHA1 6125ee2d7f2345306e332fc789edcaeede350843
SHA256 c473ed1c8929c4dc5e40c3d812be4c86c6a0371b2f11ae00815609a5cb83c366
SHA512 3e3c28bf14ce424fc058d3abf834552b7d4e15015c04a6c5bca2934a91dc2a1b10c5f8b78d3d91e3e8658d7b94ea6e8ba11585c0d9fdc865742ec287181a21ac

C:\Users\Admin\Downloads\de4dot\dnlib.dll

MD5 1db0b7b1eb8892edb23e0ecbcf149264
SHA1 9e30ae5f0649c7f30bacb92eed563927b9baca77
SHA256 3441edfcca199c92914e26b88d2834984099e7d71b2478fa9dfe1a85ad23b597
SHA512 bf3c372d6944a6414967f5694e512feeef1d0f70c55de6010503649317fe9355dd0f09026067d3a15318b831b0ca224a3c5159b94cc469fe87eb8d9215251c01

memory/768-2939-0x0000000004A20000-0x0000000004A36000-memory.dmp

\Users\Admin\Downloads\de4dot\AssemblyData.dll

MD5 3ed661d23851778a85cedd462a75171f
SHA1 ffdaab3c44e8d6a4df7bc8b9e930e5e18c2dbf57
SHA256 954a58d0b31866ad5ad6760d1e7ae57663beb7f800df96f8af3b47316aac82c6
SHA512 6edc133018fcff9eacf94cf039e16b6e9a6da614af424942f95e03710ab4a2c674cabfcb47938249e40bf2ac1215b8a57a7f7c12205b4625d38b8edf4a831a71

memory/768-2940-0x0000000004A70000-0x0000000004A9E000-memory.dmp

memory/768-2942-0x0000000073780000-0x0000000073E6E000-memory.dmp

memory/2008-2943-0x00007FF688F50000-0x00007FF689C79000-memory.dmp

memory/5560-2944-0x00007FF688F50000-0x00007FF689C79000-memory.dmp

memory/2008-2946-0x00007FF688F50000-0x00007FF689C79000-memory.dmp

memory/5560-2947-0x00007FF688F50000-0x00007FF689C79000-memory.dmp

memory/2008-2963-0x00007FF688F50000-0x00007FF689C79000-memory.dmp

memory/1852-2964-0x00007FF688F50000-0x00007FF689C79000-memory.dmp

memory/6104-2965-0x0000029E89D70000-0x0000029E89D76000-memory.dmp

memory/6104-2966-0x0000029E8BA10000-0x0000029E8BA22000-memory.dmp

memory/6104-2967-0x0000029EA42B0000-0x0000029EA43EA000-memory.dmp

memory/6104-2968-0x0000029EA4510000-0x0000029EA462E000-memory.dmp

memory/6104-2969-0x00007FFEA0A60000-0x00007FFEA144C000-memory.dmp

memory/6104-2970-0x0000029E8BA50000-0x0000029E8BA66000-memory.dmp

memory/6104-2971-0x0000029EA4170000-0x0000029EA419E000-memory.dmp

memory/6104-2973-0x00007FFEA0A60000-0x00007FFEA144C000-memory.dmp

memory/1304-2974-0x00000163D1040000-0x00000163D1048000-memory.dmp

memory/1304-2976-0x00007FFEA0A60000-0x00007FFEA144C000-memory.dmp

memory/1852-2977-0x00007FF688F50000-0x00007FF689C79000-memory.dmp

memory/1304-2978-0x00007FFEA0A60000-0x00007FFEA144C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6ef634e4c20016c230f7b3dfc3705df3
SHA1 7003700fd9bac4af0c5a417f9bfed32e2a6eab9d
SHA256 1a643c0561ca770b9ab7c0cfd5f3a22a985936057caa6b20282c9203ca139cdc
SHA512 c17bc70cb14341b66e4db7f9550f32e465e501988e2b9b63affb913098e278b58d797fc40760e5963e72aa61309f98940fe4a3e8d02f3f0cc00d289bb42fd8f7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\2128E5C83AB05DFCE300963562A7479D2266A85F

MD5 793c60507f10d01bf240a8162a639ec5
SHA1 9c5c7191c1c97b949badb73c087cb7209c509abe
SHA256 0db9432159350dbad5038a6db06153c880b985da8441c40ee7590a678b6bb0e6
SHA512 44dc2a5053677809a4191707087656b670ae90040069461fd63019afe868c15d3b2e591e00c190aa7b8299d5a060c82649876dbad29b8f052f5ac1b67aaca80a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\7607F4D0FACEFBE612B764D65903E5830BF1A48B

MD5 69f1a1fcb2632903a757199d1b280c3b
SHA1 a746ca0543d54fa47ee7a4a84380210da7d16085
SHA256 687061a4021a314ebfd0e065d2715a38cd9f64b90f589b1eeafe9be88eb7166d
SHA512 05af9d4b360b8276499ec97364294040e8305d3bd49369f4b9b4b94a5f86cfbd6ede8218ba5ad7611d353eb39ebb8c4c314ce5688914716a9ac359741072aa2e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\C877D66E1FEE4A8F461A686ABF9C6C60C7D3DFA5

MD5 e8728eb46418af6b00a1ff26e5620e2a
SHA1 bc6a9e2968ab27c79c50b3dd78ba6b9da7b7b5b3
SHA256 660092a94a1c7b65cf5c577aec745361df465e31ecd07b947b74e397bdf3f36c
SHA512 578d78c962c727180e46c4a575cc96732b8db0349655551ef618ac26a68bfe6fe349c2a528777d1f3de2d0f870e409277e0e6c42851f57d5d7a5a8086124aef1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\15471

MD5 ce44115f899f48aac8eaa05a57bfe0eb
SHA1 fbc081fe176207064211f35b5e446bddd7dae8bc
SHA256 8ddba12e69cf7d54c82c9e507f21918268bd78f9f0485bf9a0b8fe4e9f44b6bf
SHA512 0defa95ebfac874ecf0d0376654526a266010bdb634ec60cd8ea5b293443faaff8e9c7fbcfe5e974b8916ed762bd70a1afb03db7bb83166149984d411d758742

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\585E00D3262C8017022B7FA78232B4B5569806B4

MD5 783b2784074efb19d34ea90a916ca86c
SHA1 0cfa59bfc721276f09c043f4311128519488d7c8
SHA256 29e7bd8499fc92ce22e0e6f19ac9d3a429df11928a52d65959642dae8fa9528f
SHA512 a75faa3c2924741595a7f8e25b99019151838fc99eca6aa037a0fe718ce55c44c046b1652261071bb69461dc623393a6e8849f50032950bcbf4f455d76eb3186

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f8e952d37f045fb292c1c1dd8e94cc64
SHA1 51614eac47ecbb54caadb3e73b957bbc16642844
SHA256 d294dbf2029473b0fce6f1d785fdec515c545bc056febd615f97b9ae6a9cb7c6
SHA512 eaf9d3ff98a3ac791899691d999c7c3ff0369cfb3263674e46f209a7755b3e64aa518dcba943f4c7a39ac8d44ef7fa61e336988b3d8689a1d58b5d8716adf20f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 eb28401af664fc5397cd6698e5ebcbe0
SHA1 3fbdfd0177e97e8931a047b43d5e4854f47028bb
SHA256 9eef138add01b52828de7efcd1f05dcd13ce4d4c5ba7b5a9c6a45122e7a37de8
SHA512 5f82990d0bf6a6ffc5b91c371d8bf1e048c105e419a81214e145b19ae00cd0b192369a9e58858d085be9998403958dbe87a7d5c672f9605e3090b02f38a7e016

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\D19F83F547D6E48BCA1F1AA5812687915A2DECC9

MD5 2cd072886a5db5f1b1842d9db451b47d
SHA1 4faa38cc9d4bbcfd038e54c09fe89d2b79f6c570
SHA256 bd1e1ddd153c92f53f1201a43da16c8c3dd8061356d5e34e21685361df8c96aa
SHA512 110edb7bcec369662015777290a58bd729ff4c68ed2995ecd0839e91315d5bdf5bb04ff637761dfd17f89f971b4d8ef4628aaa1b826c402dc87dc7ea2580d1da

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\8646

MD5 1f0375548209210ca87a596e8d4d39f5
SHA1 47b52b200942879024d8367a366d3947a5871e6c
SHA256 7c566acf528c494c49195f805a48b290b776af6b422c43e85c0f98b6409a581c
SHA512 66976c50a5888c9981531330dd86b9d1e906ac0444462130bddc38eb6438f46524bf95f902d2fe509c0c180e41145cf62e6749bd679486f71c5941446be90c01

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\7645BA9A5991241C71BED9E97BE632F5642F56E9

MD5 27b6109059e497121a095d46d9d74ed1
SHA1 d2915ff9af82c6fa24c065ac1473e336c25cf432
SHA256 f86ace128ff7dd141ec4be8332c84cb205eb441daef278854424ab7f1d5d4093
SHA512 dbe9156d84d0073dafe12f8b3b51d76800bb018e023e8c503a994e17ebca6cf9c96fd12e38b8279726afdf54809c53b6addf1515e37a7dc3579af591dca9cf72

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\D4081CAA1D56818A5F58430117C0DEC888E85243

MD5 2a574713eb38a1d2292339a8020e18d9
SHA1 b8ed525b74649e875ac637bc4ebf0ed8c469ab1a
SHA256 844e12f6a874fa76ffb39a4adabd44772095a51f661479dfc4c8e5c89c1d0d99
SHA512 cfbe8a3a0d58168cee4fb760766a17df44c7052318410db54148018ae64a2ab258cf6c74e334bc714a3bc4ec17035f53449c61e3b35af639fa94fdf6e80a7e85

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\13578

MD5 30e99dfd8d035af8cb2ed47a780722a4
SHA1 22718f4aefa20c742ab986a14674f9fe758370f4
SHA256 ce7aa20856607925c4b5469e0bf05044b11bca28546ecf5a3041016aca733778
SHA512 cf771b9754f6f21c71d5974df54bb6cd2ed413914013ed64ae7d9dde301bf7395f21f44367d3c7c56299c6a561aaf413ac9ef27a786e47d1b81911cb46690468

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2222

MD5 8a4f56fc229e309d3648d108686647f0
SHA1 230c54384a1e2b111d99b684ae13b9c005d8b76a
SHA256 be9acc44dce07c5af066febafa984dc07c034676e1132b0c93acd9b908c1ffe7
SHA512 d33fe9631b90b443831287e659ea443e54e64173ea783c28485e6146f33c120315c63cd8a6acbfea7886d199198f8f300f1a3a19b16d5133aee06f0e29c24028

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\27271

MD5 a907c14a789d10d3c8354445d7ee3791
SHA1 3caeede1df984f0edfce89681f31b92bce3d2f12
SHA256 07f307d4c24129b782c74e127e09b01670761a80e84a4e538001eb7f194b3fb6
SHA512 e64489f478a8d5b6766fe62a83d7155b4b6ed4dc63e1a10be26e86e1d4b15eb4caca62656bdb78cfc8bd65bf11373a3e3afa7e8f806570b5f7c2bea5b9ed9adf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\14893

MD5 f3f4eeaed9ca4bf2e315f68364986c52
SHA1 80f18d6548ab1dad892e0e49125f9dbdb32fd454
SHA256 7121233aac3ff676ca4f966a211537d0daa0bb0b30437dd53bcfa2088806890a
SHA512 ce89c22f0f4f9c64a5b1f081d583bba37067086f883585500156ecd47fbfe3fe5ec34b3beff1417ddaa7d64408d24ed73ef37fb3b425afa21cae514a3934e64a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\720

MD5 2f8c868c8f1d6b5eec97d7c85d596589
SHA1 ed0ef4d21a68008290f20c6db2731371226c43f7
SHA256 4f920f16998c12b78e7d8797b76dc0c66fcf8d468de6d63b8363225a119df345
SHA512 5151b0ba7a5d77b1e8d54bb343bff7644a3521fb2724c9b0ddf4bfedfc042187ee4b9cbca7170c3031b6c97a91d39302ab970c40125cc257669e6365168c1c98

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\23692

MD5 93e3a97e96963c3b4d3f483719282a29
SHA1 5633aa10964e694a47b048482215b1075fd2f500
SHA256 a031f362d7b4229058d75f94c8e6e6f6986a9ec948e80e5ba6edc2a6d200f4d5
SHA512 e96be6f11caf31e37ae58f92974f29d782503996e7bc26cdb69252da97277017ac9570f3efa3afa738fb9c2b0669d3ffd07252c787094cf9bee03755eaac2ae6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\13334

MD5 cb46e43545d551692a5d196e491238fd
SHA1 ceffa0fb5bf569a4f52e03b3c4cf7a336d3d2ea0
SHA256 6e08462f82f0ff9ba710841ba232d6fc0c28cdc9fcbdd68005e344165222692e
SHA512 2c79b7a44fcb00f32bdd3714030453b4e019e34dbf14e85dc52510219953a8d53fd2724065bc72fc93f54535680d863d81a4627eec641e3bcf81cd25409c3006

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\26508

MD5 317fe07bf1b251fea3324dc6ec678a36
SHA1 e54862ca0fa8554e153b5ca233ce5f84d297988a
SHA256 8a5a47aded4a8e0779aa429a763331178242e0fc16907838ea5c03c3edeca896
SHA512 63e216e42cfd53a4420b76d69e8bcfea2806f39693a47ec8ebe70c0a971784008959ef72fcaa2a7d6d521c1efca234e2e0421edbf414013920f97f03592f5397

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\26060

MD5 f5f704cf9e38446b3a601a56e9e930a7
SHA1 503ca2a48cda8f03ac6f32b4b383a2d652dfd4c1
SHA256 31acab1f0e896865fc7b493f62584a345778fabdef19df10964949f94df753af
SHA512 9e670c71fa03aeb91884ad375bee86bcc734ef6eb0d7ada73b2f98d664e426876363964b1d1535fe3cf263b74e93d50b2ece411dd6b999abd8b3b143b41d3320

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 966dde544a978cf58b86b893484fa857
SHA1 89bef3b6f2b54fa8388ea6257bf788953b6ff322
SHA256 09ec8e3a92c34c2f223c55f0211c64b320f05f12d75b3087fc2941f6b3a8161b
SHA512 453d7f8a06dfb3312a5c7743d979ef4ce951287009664c740e2190b32f981048ca25f19922b91dfde9bda780a16819ea2f6f73ad7472fffbc19ebaed1b3d35fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\53D0AFDE96279A270A658FD181CE631D7F0BECE0

MD5 802abde43b15963486c58a70279156c7
SHA1 1f398b53f21077ee2736f4338a3ce4761d7b9b24
SHA256 c900c104b14a10c5a21cc7f5c6b6a6700113179dc13d425809a557081dd96b80
SHA512 881447167822f1b584a783cb3e136483a7903b8fcd5f6441b37f2c70aa24cb34e35704cc319b4d5e4edec28dd775fe4f8b8de697962c8b962e49129813624a5f

C:\Users\Admin\Downloads\FileGrab.LHvciGoi.exe.part

MD5 27f87ebebb071afec1891e00fd0700a4
SHA1 fbfc0a10ecf83da88df02356568bcac2399b3b9d
SHA256 11b8cdd387370de1d162516b82376ecf28d321dc8f46ebcce389dccc2a5a4cc9
SHA512 5386cae4eef9b767082d1143962851727479295b75321e07927bf7ebd60c5e051aeb78d6fa306ed6ef1c1d0182a16f1132a23263aefe9ed5d9d446b70b43a25d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e362144d559abe2f431d8debf39e3bd1
SHA1 cb23667d491633a43dac47632dab03f79ea782ad
SHA256 cca29ab2c17936c778fe58e0bd4ac24f6171e9e8ad546553aaf2a2c299954d46
SHA512 20c482cb5fff8605139f1b6bac1956cbd94d2c13050640d747b10eb22ab4f706ab0e3f9934ef9484711161c6c43890e0f32206511e061f89d367670c095047d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\jumpListCache\EdeAh8EjTXR3gH_ndbih7g==.ico

MD5 24530283f34397a4de6889aea4f30c79
SHA1 d59cf231fd1273d0ff4c8cf71d3763e2900a2b1e
SHA256 a6e9fa991a2544ab1711f7aacec40f94771ff1ae56a5879fc93f29ab4419742e
SHA512 d05b50d98a3de5193b3b1c7febf45dd585b93c5c52f8d5095f53515dd2efe62f6fe14500bafd0fcaf13aa11dde1af853389108e524d05367aebde9120310adff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\22449

MD5 29d0fb34c8bafa3324f3de200e368a5e
SHA1 d07f295866bef9363a9498cf000a7ac138a5aa45
SHA256 438f907567421861983099f762c1c0bd014bc028a01c85f2a0292234a8ac7d27
SHA512 ae1482f180a3c8c859557b5d0a7e2a180ef71be5c47b59721f3be33628e6a447c3383c78361b0aaedb84e19903d8ce89aaf0199ae1a7bdc9788f12679eac9b1b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\9275

MD5 e47168dfc8473f74dbc4e4e3f12a0512
SHA1 480072402a50209a352d118a3cf4be71a5719eba
SHA256 26a4d305e70e247ce2d14f6f47bfd360b3fab0d2a32bac3d63372df0f0005c40
SHA512 f690839f4a4ef8809c9d1729437084d1ff18283059e3a2fb98aaea14ac2a7c5be1e82133227e2094f890d9b95060d5d7698e76f8f91018548f685410f71bf4aa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\14471

MD5 6e06eda2c754d8933ae344b781352546
SHA1 c716d970a66bce269fb6aa5b717f772bc46cc2aa
SHA256 e28569ad7a72e1fb367404d1f9e92cdfab58126ced5d700c0db006aff69e9e38
SHA512 8d2b8001e4e3674ca2c21cd71498eeef3d02e151aa24a81936603da0cd970f122b3b161b3388828104cffdb3a24fbf3b137d47a2905c026f63f130d2130f76ef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\410

MD5 9d327fa4f17784bdb3393e6afc675ed8
SHA1 0c481bb0ccf58ebe9132f883d51c6c5afd684ba2
SHA256 1920ec1dc8787f8da4656b54ea7c52c363cd72119bc494edbfea8584e6bcc026
SHA512 f9334a99c53300a6f3c9ad2bd496e37274a6005e9960b6bac0f70879cc06c6ca1801652d9bdcd8d4057eb3dd6ece031d8788ac6ee002abef409b992afa4598d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\29913

MD5 5517e3838c3def6469ae697bcd8a4b70
SHA1 5c94088904a5e0c6860a836c98c757b0c8d8c1f6
SHA256 ed5de995f9efd50f7589b10801ee412a1b4d2e338a1d4bd63b6ef60f0903db1a
SHA512 c77f938217f1e182afcb891eb8a80daea4515f53a37b9316ae2906b112c0a594b5cdade7e25562f3caad6dd82a4af69e3af84dd242b5cead2ba436cf7c2b8d76

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\18994

MD5 211557c58968aea3f35a9d2b05516c20
SHA1 a54c541a4e12807e4c5baf5d3aa5cf7f4637e5fa
SHA256 93140ab0cb800fadb69eccbe836aade00542df8e522dd37c345ea64b824bd20a
SHA512 e4ea6282ac93858acca95e856a9534d5ca6dc0b9f7b1ca7c2133665bcd41d33bdc7a40f61d815bb3e1de7095712625edc3b48d3d3ed6ba4267401d4d1155bd6d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\19903

MD5 18807376ad6daf651ed8b769232c7f46
SHA1 20b4efdd0d7c3cccc4e5de270edd3fa286657385
SHA256 569821cf9f3e51620097b5ffdfd0dc7595d2389eeee84ace5e007418b44f4c2e
SHA512 e690298b88e668180f83cb3f319a333277860fbdb70dac2defb767148f63d00c716a4f7892b1917357dc88051bc230e6f2d86e63ba1db135b3717e96bd2185b9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\7290

MD5 286904b8082baa3daa836b2692a4eefe
SHA1 3adff4d4bceaf3a8fdf29f812a3c36ce0b179736
SHA256 61c49f3f91b47c2c4fac89057801562f89494fead3b97daf45519df65bf16f7a
SHA512 f3059a23bb360d48ffd11d0969662fd17da92a6ac59597d9b577233af321adcb5a49592cfd16f58005cfd0ff907d26a4eb63df2a0493e744b13eb0e21c413887

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\19324

MD5 b9b9f7895f5c70044e5d6055c5bfb94c
SHA1 c43420fa9e9bde425129fa274f06999768818aa7
SHA256 314584f1ae3f3ef09b7d284c7f906826240125f179fd54e00d96924254ed7447
SHA512 7e99c1ea11fc1e54327dd242a38a4621678137f9c395de4f759466e457b1288c816e98d92e0689119fbef0cc4c04bcf25015cd1de10b6e88ecea567ee02bb921

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\entries\5E71D78BFAA26DA769900D52DFE7D0B03066FCB7

MD5 ade521b7e73a88d6a61e5c126f05c455
SHA1 71237c4e97f7692fd44a883f9ee70ba9d5e674e9
SHA256 01d443116cc73d56cba67f2397d4b01e58ee546204e7ade300c2f7a42a738850
SHA512 d0289a8653962d5ea34e81ff5087abbd61d66c90369031d02a15ec6dfd32352a2cee3501c831c812d0054ae0374d15c5461bd4a615686225fa0a1ccb32b67cbd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\19235

MD5 2e83018f9bfe00f08c5400632961f80e
SHA1 e89f3c28bc9515efe1ad87ad349e1dc5fd076fef
SHA256 1f3a5a193a47f5ed42f424a58ed16c9f66b2134cccca9ebc034cffdabbe8eeb4
SHA512 082483cc8c107441bc136ac6fe24e590d5eac90e10e58b4aa79861b6ca71b307e500b4c0901f8c07eeec2b9eee2a39dc9d3aa285131db61121c59d0f5ef50776

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\18899

MD5 8035f9dfa172a3615ef551424dcf2c6b
SHA1 203a67b4858f5b1f81e0c5037a2859295fcb28be
SHA256 2ace89861addd90cae0026a0ff8677e4f5e412e72bf9456792c5ee8d828e3ddc
SHA512 2544361901f51e0a28b901653957e21fc82fc9df0c81a94510fbf73c584f3ad90157811b5aef128c483e16b0303ca84e6fd0369e77bd9e772ef4c5945c6a58e5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\22400

MD5 836d075d67ad581aa9f5aac6c70d97ca
SHA1 c3e22d2937c889a6165cd665481273ff9934ee81
SHA256 fa893a568e6bb0b079d334ccd6eee600c14e061aa6d610aab2161ea14de3cfed
SHA512 395394caa535342c8f046cd36b3caecf0b8a6ea9f7e822a229b49db5b5c8ae23677b43396f25c8f12a66ce95e06d72140c322be74a7a9f509bf8346252fc6c25

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\3828

MD5 2e5cce64cf2f5a3f4f568e80f9cfd148
SHA1 de0894abc05f5f3b574995f24ea7175656e9387d
SHA256 3bce430a164403690e13f73bba260c7070b93714c66ec127d499b62e6bf4193d
SHA512 60f26eb222ba9436d4350c49512bc94bd92a1d6f7b738b086c640e508251fdcbd41cf56d4404c7b6a4e2585457b49f6a827fdddc57c8105e68fe8c27f9cb464e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\6757

MD5 26a6e039c3a73343657bbfa24bd9e018
SHA1 d84d6549d631235851af32e89b4c338ca750e277
SHA256 c4abc5c6d0c870a17dd329cdd981ec849f7d21519c9114b172cf9e22df10f827
SHA512 e413a8fa8877201129a81312b8eddf980308faee98f1a2e2031423f72e8dcc14c50b2cb96b18f57c5b8151938c67a9ed47d44a1c6d3ece73a2e9b2d8625cf779

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\20268

MD5 bb164ae6fdc51ca0840620b0470d51fe
SHA1 3f4fee4c38a9ca3a9d5d7319d8088232c8763135
SHA256 874ae38823e225a35fed310d1b7b92018152172cd7a7ca4d859800f57f6adf84
SHA512 e43895f772a83db89922a8b66256589405a85adb1b13146a67128176cb6d5f39f1b84c222c6443bc6ddd178214b7117a3bbcfcd97f0bb8ad2813f06b10f6b910

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\18709

MD5 3da2cf0f753dfd619047ebee8a72fe52
SHA1 c0075e3f646f8dcb39d197ea8781759f5950ae9e
SHA256 add9d66b36435babedda3e011ee9372908e09c1c9f7fe4754df8a7ef665a1f87
SHA512 c8eada6774908d317b4a8d77a3e7b7d391595f85806ef12af85c2452b86f976d2a4e557c6e69f9f329071ec972f7a0f569e2a936479c478853c727828a08a8ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2381

MD5 96881025093a8c3bee66a48565284c97
SHA1 e3046592d95aa96e770f347163c252919624547f
SHA256 4b6dca5b6e6d4d700d809444de16c90142b2ef54283a98acc7a4bcade2c7e9f1
SHA512 95ba7c6603edb6872c0225062d2da242e34ef37b83ee489d163ae909a7ff7516602c7ce0799c6617c431b955f33c7e48376c0401ee831767b52b9341b52698f3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2168

MD5 1fa0478d23a80c99956cae59e31e8122
SHA1 c8cd4a28e0424ea46d0fefaf28fbd22b4cda6236
SHA256 27aa87d4130ef2c4fb5f088fced3a289d1d0e5ba21cccbc080eff1047f54c0f0
SHA512 678b16d9b8ab6959d39cfa5bc864f9a2230139a941772f732efd28500bc4eb8a8644f09bdc2b8fd6b11ae121163aae91be65af564976f0bd0fd0e429fd7b8621

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\11404

MD5 c45ff61a5a6e45454ece1045c2a711f4
SHA1 0f3d5d00ba6629b8f49cc801d3196839d524617c
SHA256 cc77399bc2086b4924dcbb7c9adb731adf3815d46a0fba3443566699c7f0265d
SHA512 09430382172428bb404cec554486a607819c318aa10f74f96ace34c4a4037cca1d5c85ec3d29af8d62184bbf780b3c8ece7b55bf8ec973ddb9dce388164dfa86

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 af0612b15e2a819861e8b2d10154e959
SHA1 2a84a21b21babcbc70ec4c67dfddc11498c2880f
SHA256 b5c74941fe9d72dacecc69589fd0c245cc307acb8172e94a53485f8cd8849a1d
SHA512 3426e4d9f61c44af17a7891261e7aafa5800c4c8b672f7e311b74da62014c73ac737b625c79a05e626a9f1973afa437a87bf22d0a1c377ad3e36fd7e2ce0620f

memory/4420-3832-0x00000000738C0000-0x0000000073E70000-memory.dmp

memory/4420-3835-0x00000000738C0000-0x0000000073E70000-memory.dmp

memory/4420-3836-0x0000000002580000-0x0000000002590000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2952

MD5 83809a473a19cd12dbe0ba9d472091dd
SHA1 d2b0e352f796c1a221baf5a4fe8cc3a5f0fd03e8
SHA256 b8059b523b327f637497ef886cadef93fa546c5dc1bacc42a6b2877bfe8e9741
SHA512 03f70a4220d0274691f073cbf1dcc2ce2f02889c93a7c73650a74daaae0fe7babb096898cf2e3cddb826850729a4b9fff388679699137835c460312c2df91a08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\2503

MD5 f698e0eaab3976f84d2781e8523a9651
SHA1 f54610dce7fc5546211ab2797bc9bdd66c19cb4a
SHA256 4fed19eb63e338c3c4239afcc462591c6381794176fea4b9c5f4fcc48c66f4a0
SHA512 dbbb4ba02a185ee23a078f4acdf308718717eab442264976f6066fcc6fe2a765e977ec1b4f26a3ec8c530e71b0a49bc9b564cb5b93ccd0f3c0166dc389a42f11

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\cache2\doomed\18607

MD5 3804f48aa17d8d1e85e2ef5d7611ff7d
SHA1 1ea20e6ad87a867110eb0a8810812ddbf65a6104
SHA256 500d22720478791367b4462765ab045bdaa385c453af6ea13143a7d8674bb30a
SHA512 4165200ae75ef3097ccbc9a6cdc3892f9a02f224d70722f0729f8b951ff8bcc491bb978b42553a3a41244904cf90fb29517985be0e7df3ea826a3fe0f0765061

memory/4420-3874-0x0000000002580000-0x0000000002590000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\storage\default\https+++sourceforge.net\ls\usage

MD5 99a2a2332c4b837128cbcd0fd1724e77
SHA1 0da4726486e799c3c40ec88c551f5da2be7c8279
SHA256 4140055dac3aed8accc2b28d5e623076e0d25c912d92a64d4964b28da4101313
SHA512 f49572010e83967dcd0917b54cdff3dbc48602745a68b7692d390cb8479fcbf296ae7e53591ae03ee939b35c5f66e2c01e2c0ac9c10db71bdb7c4e57e8977381

memory/4420-3890-0x00000000738C0000-0x0000000073E70000-memory.dmp

memory/4420-3891-0x00000000738C0000-0x0000000073E70000-memory.dmp

memory/4420-3892-0x0000000002580000-0x0000000002590000-memory.dmp

memory/4420-3893-0x0000000002580000-0x0000000002590000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d0df378072da01fb9654f23666d99179
SHA1 d0a03b93b7568e9fba03a28acd4300f734a2893f
SHA256 239b165d944f5c804ac57ddad12c65b881420f6b644aa2cacc13ccfddc080bf4
SHA512 a2c6c3bb50b8200490cfe1be206be7f2998372c1b6fc8b09d6d58a1f71bcedd1fc7a669e99ef41e8e40b510c521dd4aeb01786aa1fbb6b7489b527cb7df80212

memory/4420-3913-0x00000000738C0000-0x0000000073E70000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\sessionstore.jsonlz4

MD5 5b22bdba224355cd446c81e6cd84af98
SHA1 913aa266e94e0a35fdb11755cbfa2abb65001765
SHA256 0fc20cccff64cac5a90885f25419cb204485769fd3dd2efe2c458196ec269a1b
SHA512 7c1b0155f7e7ef90a169ef5d1135b4e78cc23acc42d1b917fe519ab6b62ba0a2b8f1af8b512ae8715b3b67f0cf95116264d7e8e74780d64507df043bdbeb1353

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t2z6vy7e.default-release\prefs-1.js

MD5 9ee25519570bdad2b51efbe1d889c9dc
SHA1 8b6dd2d5c6bab9004a1225f5baf7719e171f5202
SHA256 a2b3aae80a5b285bef41c83170f32f5ea721d776609c316dfa6890abe3465628
SHA512 07126480c1091a14dec3e2926d5691cb819ef1f92009dd097fc0e61b6ad0b645310c03a59976e5d1025a05509e20f214d4f08e090dce621a0be142d24bd45627

memory/1852-4030-0x00007FF688F50000-0x00007FF689C79000-memory.dmp

Analysis: behavioral10

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

311s

Max time network

1609s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:36

Platform

win10-20240221-en

Max time kernel

521s

Max time network

1587s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1044 wrote to memory of 1844 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1044 wrote to memory of 1844 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1044 wrote to memory of 1844 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 640

Network

Country Destination Domain Proto
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:36

Platform

win10-20240221-en

Max time kernel

651s

Max time network

1591s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2924 wrote to memory of 1908 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2924 wrote to memory of 1908 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2924 wrote to memory of 1908 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 616

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

312s

Max time network

1606s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4800 wrote to memory of 4584 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4800 wrote to memory of 4584 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4800 wrote to memory of 4584 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 182.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

308s

Max time network

1595s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

999s

Max time network

1595s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 181.178.17.96.in-addr.arpa udp
US 20.231.121.79:80 tcp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

313s

Max time network

1596s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 924 wrote to memory of 2608 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 924 wrote to memory of 2608 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 924 wrote to memory of 2608 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 620

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 182.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 181.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

312s

Max time network

1601s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3360 wrote to memory of 1664 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3360 wrote to memory of 1664 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3360 wrote to memory of 1664 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 636

Network

Country Destination Domain Proto
US 8.8.8.8:53 153.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

1213s

Max time network

1588s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4140 wrote to memory of 4428 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4140 wrote to memory of 4428 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4140 wrote to memory of 4428 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-03-04 18:05

Reported

2024-03-04 18:37

Platform

win10-20240221-en

Max time kernel

308s

Max time network

1607s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp
US 8.8.8.8:53 203.178.17.96.in-addr.arpa udp

Files

N/A