Malware Analysis Report

2025-01-19 00:31

Sample ID 240505-z1dg3aea6y
Target Delta V3.61.zip
SHA256 507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388
Tags
microsoft phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

Threat Level: Shows suspicious behavior

The file Delta V3.61.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

microsoft phishing

Checks computer location settings

Detected potential entity reuse from brand microsoft.

Drops file in Windows directory

Unsigned PE

Program crash

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Checks processor information in registry

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-05 21:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-05 21:10

Reported

2024-05-05 21:13

Platform

win10-20240404-en

Max time kernel

95s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 13f099d7309fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4bb0afd4309fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{779A51FE-6AB5-4A2B-8CF2-7ECDD102522F} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b5c2c2d4309fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 63fddcd4309fda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3416 wrote to memory of 5084 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 2096 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 3460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5084 wrote to memory of 2036 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe

"C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.0.142099759\1423442651" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c87c2f0c-b71e-4ac8-b0f0-bc57dd492174} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 1776 1cf7e4d7e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.1.682231135\1480707746" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {245c5cf9-a861-4ce1-b76e-1b006f27a5b4} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2132 1cf7dc30b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.2.814307154\472017727" -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 2744 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e3f7cce-c848-4e0c-933c-64cabf388469} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2868 1cf0259c758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.3.1807067987\870357290" -childID 2 -isForBrowser -prefsHandle 3316 -prefMapHandle 3312 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b6dc505-98ae-483f-ba8b-9cfc189fffa6} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3336 1cf00f27b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.4.1409437770\1595459255" -childID 3 -isForBrowser -prefsHandle 4324 -prefMapHandle 4320 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cef37078-2a10-4bd3-863a-5de2feb7f946} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4256 1cf0456ba58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.5.294704657\804439644" -childID 4 -isForBrowser -prefsHandle 4796 -prefMapHandle 4268 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dba6591-67f4-4032-b81c-30c51cb732f2} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4804 1cf049c3458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.6.549382740\1361866971" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 4952 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea859d08-7b4f-4c91-90fa-bf538a49d6ae} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4940 1cf049c4358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.7.349576314\1617734723" -childID 6 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a51f4e-78e8-422e-b02f-37ed958b35f2} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5116 1cf049c4958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.8.1640631127\1641146351" -childID 7 -isForBrowser -prefsHandle 5836 -prefMapHandle 5832 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00438e49-711a-4bb2-abc8-336276942cef} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5820 1cf06539258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.9.2086516679\607050455" -childID 8 -isForBrowser -prefsHandle 4940 -prefMapHandle 9668 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaf9d8e4-0ab1-42c6-b1d1-236999006b22} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9640 1cf076d6358 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0xf8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.10.1038501373\402664165" -childID 9 -isForBrowser -prefsHandle 9396 -prefMapHandle 9492 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f802599b-1fff-4e68-9fe6-6520ea9f287a} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9440 1cf047f1758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.11.1213085607\1418521765" -childID 10 -isForBrowser -prefsHandle 9488 -prefMapHandle 9248 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3681ed0b-508f-4f7f-81c9-cc143b7ee86c} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9264 1cf06b3ec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.12.2017631619\936718831" -childID 11 -isForBrowser -prefsHandle 9064 -prefMapHandle 9060 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d49900e-2438-41f5-8713-d9453e8f904d} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9068 1cf06def758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.13.1757163963\1201997898" -childID 12 -isForBrowser -prefsHandle 8988 -prefMapHandle 9080 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f54d6d86-1659-4454-9205-5ac362060143} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9432 1cf06b3ec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.14.509355392\716056842" -childID 13 -isForBrowser -prefsHandle 8840 -prefMapHandle 8812 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04ad29a7-d17b-4d61-bdb0-760bb74735c9} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9156 1cf06d43e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.15.2077328623\1138555563" -childID 14 -isForBrowser -prefsHandle 8988 -prefMapHandle 5088 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0233109a-57a3-4b86-9be0-f27066b5e74a} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5424 1cf06d43558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.16.1186719659\508581241" -childID 15 -isForBrowser -prefsHandle 9408 -prefMapHandle 9588 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54b8ba9-e19e-4b76-8d3b-a353a26a0fd7} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9484 1cf06d44d58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 gitlab.com udp
US 172.65.251.78:443 gitlab.com tcp
US 8.8.8.8:53 discord.gg udp
US 8.8.8.8:53 78.251.65.172.in-addr.arpa udp
US 162.159.136.234:443 discord.gg tcp
US 162.159.136.234:443 discord.gg tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 2.16.106.140:443 assets.msn.com tcp
US 2.16.106.140:443 assets.msn.com tcp
US 2.16.106.140:443 assets.msn.com tcp
US 2.16.106.140:443 assets.msn.com tcp
US 8.8.8.8:53 140.106.16.2.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.239.14.124:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
N/A 127.0.0.1:49886 tcp
US 8.8.8.8:53 124.14.239.44.in-addr.arpa udp
N/A 127.0.0.1:49892 tcp
US 8.8.8.8:53 roblox.com udp
US 128.116.99.4:80 roblox.com tcp
US 128.116.99.4:80 roblox.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox.com udp
US 128.116.99.4:443 roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
US 8.8.8.8:53 4.99.116.128.in-addr.arpa udp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 us-central-default-px.roblox.com udp
US 8.8.8.8:53 us-central-default-px.roblox.com udp
GB 128.116.119.4:443 us-central-default-px.roblox.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 2.18.190.70:443 static.rbxcdn.com tcp
US 8.8.8.8:53 a1992.w27.akamai.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 2.18.190.79:443 css.rbxcdn.com tcp
US 8.8.8.8:53 a1962.dscw27.akamai.net udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 a1992.w27.akamai.net udp
US 8.8.8.8:53 a1962.dscw27.akamai.net udp
HR 65.9.25.2:443 js.rbxcdn.com tcp
HR 65.9.25.2:443 js.rbxcdn.com tcp
HR 65.9.25.2:443 js.rbxcdn.com tcp
HR 65.9.25.2:443 js.rbxcdn.com tcp
HR 65.9.25.2:443 js.rbxcdn.com tcp
HR 65.9.25.2:443 js.rbxcdn.com tcp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
US 8.8.8.8:53 dw04ej0wrfjel.cloudfront.net udp
US 8.8.8.8:53 dapx4swc8lj69.cloudfront.net udp
US 128.116.99.4:443 roblox.com udp
HR 65.9.25.71:443 dapx4swc8lj69.cloudfront.net tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 70.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 2.25.9.65.in-addr.arpa udp
US 8.8.8.8:53 71.25.9.65.in-addr.arpa udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 128.116.119.4:443 apis.roblox.com tcp
US 2.18.190.83:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 a1818.b.akamai.net udp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 a1818.b.akamai.net udp
GB 128.116.119.4:443 apis.roblox.com udp
GB 128.116.119.4:443 apis.roblox.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 83.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 us-central-origin-px.roblox.com udp
US 8.8.8.8:53 us-central-origin-px.roblox.com udp
GB 128.116.119.3:443 us-central-origin-px.roblox.com udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 xbox.com udp
NL 20.76.201.171:443 xbox.com tcp
US 8.8.8.8:53 xbox.com udp
US 8.8.8.8:53 xbox.com udp
US 8.8.8.8:53 www.xbox.com udp
BE 23.55.96.62:80 www.xbox.com tcp
US 8.8.8.8:53 e1822.dsca.akamaiedge.net udp
US 8.8.8.8:53 e1822.dsca.akamaiedge.net udp
BE 23.55.96.62:443 e1822.dsca.akamaiedge.net tcp
US 8.8.8.8:53 62.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 171.201.76.20.in-addr.arpa udp
BE 23.55.96.62:443 e1822.dsca.akamaiedge.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
BE 2.21.17.194:443 e13678.dscb.akamaiedge.net tcp
US 8.8.8.8:53 assets-www.xbox.com udp
US 8.8.8.8:53 assets.adobedtm.com udp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
US 8.8.8.8:53 store-images.microsoft.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
BE 2.21.17.194:443 e13678.dscb.akamaiedge.net tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 23.53.113.19:443 assets.adobedtm.com tcp
US 8.8.8.8:53 e7808.dscg.akamaiedge.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 e7808.dscg.akamaiedge.net udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 e12564.dspb.akamaiedge.net udp
US 8.8.8.8:53 e12564.dscg.akamaiedge.net udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 e12564.dspb.akamaiedge.net udp
US 8.8.8.8:53 e12564.dscg.akamaiedge.net udp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 23.53.113.192:443 e12564.dscg.akamaiedge.net tcp
BE 23.55.96.62:443 assets-www.xbox.com udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 19.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 166.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 192.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 49.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 8.8.8.8:53 www.tm.ak.prd.aadg.trafficmanager.net udp
BE 23.55.96.62:443 assets-www.xbox.com udp
US 8.8.8.8:53 www.tm.ak.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
BE 23.55.96.62:443 assets-www.xbox.com tcp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.akadns.net udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.akadns.net udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 emerald.xboxservices.com udp
US 13.107.246.64:443 emerald.xboxservices.com tcp
US 13.107.246.64:443 emerald.xboxservices.com tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.168.117.175:443 browser.events.data.microsoft.com tcp
US 52.168.117.175:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdeus19.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus19.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 cs1227.wpc.alphacdn.net udp
US 192.229.221.185:443 cs1227.wpc.alphacdn.net tcp
US 192.229.221.185:443 cs1227.wpc.alphacdn.net tcp
US 8.8.8.8:53 cs1227.wpc.alphacdn.net udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus02.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus02.westus.cloudapp.azure.com udp
IE 20.190.159.73:443 www.tm.ak.prd.aadg.trafficmanager.net tcp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.akadns.net udp
US 192.229.221.185:443 cs1227.wpc.alphacdn.net tcp
US 20.189.173.3:443 onedscolprdwus02.westus.cloudapp.azure.com tcp
US 8.8.8.8:53 onedscolprdwus02.westus.cloudapp.azure.com udp

Files

memory/212-0-0x0000000073DCE000-0x0000000073DCF000-memory.dmp

memory/212-1-0x00000000002B0000-0x00000000013B6000-memory.dmp

memory/212-2-0x0000000073DC0000-0x00000000744AE000-memory.dmp

memory/212-3-0x0000000005CE0000-0x0000000005CE8000-memory.dmp

memory/212-4-0x0000000005E40000-0x0000000005E78000-memory.dmp

memory/212-5-0x0000000005F30000-0x0000000005FE0000-memory.dmp

memory/212-6-0x0000000006360000-0x00000000063D6000-memory.dmp

memory/212-9-0x00000000064E0000-0x0000000006502000-memory.dmp

memory/212-10-0x0000000006510000-0x000000000652E000-memory.dmp

memory/212-11-0x00000000069C0000-0x0000000006D10000-memory.dmp

memory/212-12-0x0000000006E30000-0x0000000006ECC000-memory.dmp

memory/212-13-0x0000000073DC0000-0x00000000744AE000-memory.dmp

memory/212-14-0x0000000073DC0000-0x00000000744AE000-memory.dmp

memory/212-15-0x000000000B970000-0x000000000B978000-memory.dmp

memory/212-19-0x000000000ED10000-0x000000000F20E000-memory.dmp

memory/212-20-0x000000000CD00000-0x000000000CD92000-memory.dmp

memory/5100-22-0x000001D7E0B20000-0x000001D7E0B30000-memory.dmp

memory/5100-38-0x000001D7E0C20000-0x000001D7E0C30000-memory.dmp

memory/5100-57-0x000001D7DDF40000-0x000001D7DDF42000-memory.dmp

memory/4256-65-0x000001FF88600000-0x000001FF88700000-memory.dmp

memory/4256-67-0x000001FF88600000-0x000001FF88700000-memory.dmp

memory/436-86-0x000002B581C00000-0x000002B581D00000-memory.dmp

memory/212-89-0x0000000073DCE000-0x0000000073DCF000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFCA47FD0DAD7E21B5.TMP

MD5 698d52f074e9666451f29a1452c18246
SHA1 a459a88000a455ac6f104594914d9acb9cac6bd7
SHA256 b678b75a2a93753d2343db077d66cade959fe192b6d75fad34ddd536c4f0dca1
SHA512 ee2412b7bbe006523530b5bd8bf2cee79fd365cde83b269bffe29ecec31741b89ce6eced9beefe7c271445bd69e8d55d7b44a762b9d2a7da504ef8e5edaa4c00

memory/5100-95-0x000001D7DDFD0000-0x000001D7DDFD2000-memory.dmp

memory/5100-98-0x000001D7DDF70000-0x000001D7DDF71000-memory.dmp

memory/5100-102-0x000001D7DDF30000-0x000001D7DDF31000-memory.dmp

memory/212-106-0x0000000073DC0000-0x00000000744AE000-memory.dmp

memory/212-107-0x0000000073DC0000-0x00000000744AE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 bcd8470ec0dc30e9f45094993d896776
SHA1 aeb23881152173526b8e92c4fc36be454a35e696
SHA256 50717ee848ebcb6fd05870b832798abcd8b1c27f5336f7112193c5c299320b4f
SHA512 9a070a216a6477d3eb4c76859c9f4f08345a54ca0ce2fd8ae5ecf07dfdab4596053b057da716d6f4c0d5cb95ac463be190a5651fa29fafe00ea5198ed33e39aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\49fcfdcc-56a0-4621-bfd3-9fa3b25247a1

MD5 2a62d7a7c3e6a07064b514b540bd8491
SHA1 bf25451f7b74ec67105baacb85852bc9ac9dcc57
SHA256 c8ae6a42c2b7c4e1bfb8923fe29a046b26ec7682badbb93bfa81016e1c91aa23
SHA512 9d2b7df84724e359cf233bf4933c4e4ad57bebb53a27eb78733126fe420a9842454b2caf2299ccb76531318859465bcb5a0be31226ded01648945a5dd515f39c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\f9da9adc-4f8b-49f9-ad80-bd0c68ef4eb3

MD5 efdddf085866d7c3f6949949dde03201
SHA1 ffc6a3c124912623d68c06f9b2e269b54c485f82
SHA256 022ca06a1e7be58f155014e29d943ec3fc69f932b4cb7baa49d9aa56e6abfa1e
SHA512 3449c66e8f60f8588aee17ab051e43d4d296e7fb51276c7497d47fd4b2276a251aa57ed23d0e80069c594684d2da2ede8b46f13da5794c8939bb4c7e3a5ea2f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cd8e3413f6cd437674fd43a27ec62ba2
SHA1 44c6fdf1971a385326b106413a41a3cc5f0e4ed6
SHA256 2361b737f1667d850c493c4659b7fcc01ca63037465ce17013e45fde87a30ccd
SHA512 9b9baab803c446b041814102589481d8b834c349cde98b55fc52a5dcf4e777acf702c48099eede91f95dc13ded89933866fdd9cf91b2222e046cb1c5b03289f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 5d16583050e72274649d5616b20575a6
SHA1 1f795ae43ee31e8a8a7dc0feb2f86ece333b6a50
SHA256 cedf2468eb34aea772989534bf1c5de8111878708d4d53f246155a7b699f2a1c
SHA512 1eea8339ac1702d78c856823960c474acc826563fc9f89ee7230dd616ae43eb3fe842ab99f59dca68e12d08838bafc3cf90dd54e2a1a779735a41efbc554070b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.xbox.com\idb\3155603766SrterledanmaCHlgioeLn.sqlite

MD5 6d623d0ef3db15a0d9b857df6ef1d849
SHA1 e03985d6c8b69c3a904fc25ec9047fd58f729b2b
SHA256 92d89ce5a95e04af1a4be83374f20fbb5cea9b4942c7ee16182bf53345ccc42b
SHA512 9faa28d1e1c8fb7a486e6e3036c1ce21ba435c915880bc4736aa18018661f398f62c99743eeea2bc9d51c7d36cf2d9950d453151992a4993cefb5fe681addde8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d225f0b4432876d79b880502fdc95ce5
SHA1 0b75b61aea654df0c2153d90ec72522b13734162
SHA256 22d9a5fae58bfbe4d0b06a04c002c96d3bef5562f7eebfdf2a4a99171adbb637
SHA512 c122f423af2282c1336f40361557dbfd4b847c4af4914bdf6c6c10f8d0af5fa92de5c8066edbb40cc23927fb999ce2de4c489474f4cb593ecf0cc2b274c0089f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

MD5 e466cd787ad0221ba824dd289e7def97
SHA1 29fb0236f838b100d72c6c34044c17c3c5c20cd0
SHA256 6d79470c67592312561a3759414ea1f9c6ec934895fdbbea812a952ae983cae3
SHA512 6bea789eb24bc3c8900aeb9047c4b9adb3fcfb892d03a4ce3ce972934f5ab7dd3d933ea0bae527052cca42696c874766a6025501977fe4ca77efbf2cea7aca61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-05 21:10

Reported

2024-05-05 21:14

Platform

win10-20240404-en

Max time kernel

133s

Max time network

135s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\ICSharpCode.AvalonEdit.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\ICSharpCode.AvalonEdit.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-05 21:10

Reported

2024-05-05 21:14

Platform

win10-20240404-en

Max time kernel

133s

Max time network

135s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Newtonsoft.Json.dll",#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Newtonsoft.Json.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-05 21:10

Reported

2024-05-05 21:14

Platform

win10-20240404-en

Max time kernel

134s

Max time network

136s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\590.dll",#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5100 wrote to memory of 5112 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5100 wrote to memory of 5112 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5100 wrote to memory of 5112 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\590.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\590.dll",#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 724

Network

Country Destination Domain Proto
US 8.8.8.8:53 66.43.201.23.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp

Files

memory/5112-0-0x0000000000E10000-0x0000000000E11000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-05 21:10

Reported

2024-05-05 21:14

Platform

win10-20240404-en

Max time kernel

134s

Max time network

136s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\592.dll",#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4184 wrote to memory of 4628 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4184 wrote to memory of 4628 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4184 wrote to memory of 4628 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\592.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\592.dll",#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 724

Network

Country Destination Domain Proto
US 8.8.8.8:53 64.43.201.23.in-addr.arpa udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/4628-0-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-05 21:10

Reported

2024-05-05 21:14

Platform

win10-20240404-en

Max time kernel

134s

Max time network

144s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\Fluxteam_net_API.dll",#1

Signatures

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5076 wrote to memory of 4968 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5076 wrote to memory of 4968 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 5076 wrote to memory of 4968 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\Fluxteam_net_API.dll",#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\Fluxteam_net_API.dll",#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp

Files

memory/4968-1-0x00000000738F0000-0x0000000074278000-memory.dmp

memory/4968-0-0x00000000031C0000-0x00000000031C1000-memory.dmp

memory/4968-2-0x00000000738F6000-0x0000000073C4A000-memory.dmp

memory/4968-3-0x00000000738F0000-0x0000000074278000-memory.dmp