Malware Analysis Report

2025-05-05 21:18

Sample ID 240510-v3t6daha8w
Target setup.exe
SHA256 e06f03fad870c10cec46640576bd362d3862092ceeea1fb5e455f62786289913
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e06f03fad870c10cec46640576bd362d3862092ceeea1fb5e455f62786289913

Threat Level: Shows suspicious behavior

The file setup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Checks processor information in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 17:31

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 17:31

Reported

2024-05-10 17:34

Platform

win10-20240404-en

Max time kernel

132s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3672 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Users\Admin\AppData\Local\Temp\setup.exe
PID 3672 wrote to memory of 2888 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Users\Admin\AppData\Local\Temp\setup.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3400 wrote to memory of 4748 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 2708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 2708 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 428 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4748 wrote to memory of 4192 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.0.454989103\1393119484" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2bd9708-9ced-4d79-a7db-1494348e8d0a} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 1764 296684fb258 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.1.1116138424\730541538" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {708da3ac-c413-48f5-a205-1ac491c83fe9} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 2120 29656172b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.2.1388963364\1520166174" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a40e88-fac1-4f69-88be-85056cbf7106} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 2872 2966c79e358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.3.497647811\25037643" -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3f57d75-1721-46ba-9e8c-992a10b436a9} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3188 2966af71658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.4.1765249041\1403494622" -childID 3 -isForBrowser -prefsHandle 3552 -prefMapHandle 3652 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dbe85e4-238f-4dbe-8340-5d34afaccdd5} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3116 2966e5fca58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.5.560792279\685545364" -childID 4 -isForBrowser -prefsHandle 4664 -prefMapHandle 4956 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00cae066-4de7-4a6f-b695-ef62bb502602} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 4972 2966b541358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.6.162686555\2037293161" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 3720 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2d013b9-1b8e-4aa1-a82d-18180b7987a9} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3828 2966f6f7b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.7.1503275084\2125900505" -childID 6 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b0b935c-cd35-45ab-a657-b5f874d8221c} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5220 2966febb658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.8.1329653911\1764593978" -childID 7 -isForBrowser -prefsHandle 5624 -prefMapHandle 5620 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5f3b5d2-17f0-4723-a93d-f4d1e833a801} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5560 296707efe58 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 44.237.171.47:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 127.0.0.1:49926 tcp
US 8.8.8.8:53 47.171.237.44.in-addr.arpa udp
N/A 127.0.0.1:49933 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 166.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI36722\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI36722\python310.dll

MD5 deaf0c0cc3369363b800d2e8e756a402
SHA1 3085778735dd8badad4e39df688139f4eed5f954
SHA256 156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d
SHA512 5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

C:\Users\Admin\AppData\Local\Temp\_MEI36722\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI36722\base_library.zip

MD5 524a85217dc9edc8c9efc73159ca955d
SHA1 a4238cbde50443262d00a843ffe814435fb0f4e2
SHA256 808549964adb09afafb410cdc030df4813c5c2a7276a94e7f116103af5de7621
SHA512 f5a929b35a63f073bdc7600155ba2f0f262e6f60cf67efb38fa44e8b3be085cf1d5741d66d25a1ecaaf3f94abfe9bbe97d135f8a47c11f2b811d2aac6876f46c

C:\Users\Admin\AppData\Local\Temp\_MEI36722\_socket.pyd

MD5 0f5e64e33f4d328ef11357635707d154
SHA1 8b6dcb4b9952b362f739a3f16ae96c44bea94a0e
SHA256 8af6d70d44bb9398733f88bcfb6d2085dd1a193cd00e52120b96a651f6e35ebe
SHA512 4be9febb583364da75b6fb3a43a8b50ee29ca8fc1dda35b96c0fcc493342372f69b4f27f2604888bca099c8d00f38a16f4c9463c16eff098227d812c29563643

C:\Users\Admin\AppData\Local\Temp\_MEI36722\python3.DLL

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI36722\select.pyd

MD5 c119811a40667dca93dfe6faa418f47a
SHA1 113e792b7dcec4366fc273e80b1fc404c309074c
SHA256 8f27cd8c5071cb740a2191b3c599e99595b121f461988166f07d9f841e7116b7
SHA512 107257dbd8cf2607e4a1c7bef928a6f61ebdfc21be1c4bdc3a649567e067e9bb7ea40c0ac8844d2cedd08682447b963148b52f85adb1837f243df57af94c04b3

C:\Users\Admin\AppData\Local\Temp\_MEI36722\_ssl.pyd

MD5 9ddb64354ef0b91c6999a4b244a0a011
SHA1 86a9dc5ea931638699eb6d8d03355ad7992d2fee
SHA256 e33b7a4aa5cdd5462ee66830636fdd38048575a43d06eb7e2f688358525ddeab
SHA512 4c86478861fa4220680a94699e7d55fbdc90d2785caee10619cecb058f833292ee7c3d6ac2ed1ef34b38fbff628b79d672194a337701727a54bb6bbc5bf9aeca

C:\Users\Admin\AppData\Local\Temp\_MEI36722\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI36722\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI36722\zstandard\backend_c.cp310-win_amd64.pyd

MD5 4652c4087b148d08adefedf55719308b
SHA1 30e06026fea94e5777c529b479470809025ffbe2
SHA256 003f439c27a532d6f3443706ccefac6be4152bebc1aa8bdf1c4adfc095d33795
SHA512 d4972c51ffbce63d2888ddfead2f616166b6f21a0c186ccf97a41c447c1fac6e848f464e4acde05bea5b24c73c5a03b834731f8807a54ee46ca8619b1d0c465d

C:\Users\Admin\AppData\Local\Temp\_MEI36722\_hashlib.pyd

MD5 d856a545a960bf2dca1e2d9be32e5369
SHA1 67a15ecf763cdc2c2aa458a521db8a48d816d91e
SHA256 cd33f823e608d3bda759ad441f583a20fc0198119b5a62a8964f172559acb7d3
SHA512 34a074025c8b28f54c01a7fd44700fdedb391f55be39d578a003edb90732dec793c2b0d16da3da5cdbd8adbaa7b3b83fc8887872e284800e7a8389345a30a6a4

C:\Users\Admin\AppData\Local\Temp\_MEI36722\_queue.pyd

MD5 52d0a6009d3de40f4fa6ec61db98c45c
SHA1 5083a2aff5bcce07c80409646347c63d2a87bd25
SHA256 007bcf19d9b036a7e73f5ef31f39bfb1910f72c9c10e4a1b0658352cfe7a8b75
SHA512 cd552a38efaa8720a342b60318f62320ce20c03871d2e50d3fa3a9a730b84dacdbb8eb4d0ab7a1c8a97215b537826c8dc532c9a55213bcd0c1d13d7d8a9ad824

C:\Users\Admin\AppData\Local\Temp\_MEI36722\_decimal.pyd

MD5 6339fa92584252c3b24e4cce9d73ef50
SHA1 dccda9b641125b16e56c5b1530f3d04e302325cd
SHA256 4ae6f6fb3992bb878416211221b3d62515e994d78f72eab51e0126ca26d0ee96
SHA512 428b62591d4eba3a4e12f7088c990c48e30b6423019bebf8ede3636f6708e1f4151f46d442516d2f96453694ebeef78618c0c8a72e234f679c6e4d52bebc1b84

C:\Users\Admin\AppData\Local\Temp\_MEI36722\simplejson\_speedups.cp310-win_amd64.pyd

MD5 a4c988361c7f69e080de5eb1a6c3f5cd
SHA1 86d77b7a17c79a1db9c6790b23b0702b245ed94c
SHA256 02d867d8f8120658255c6e5ec426010c149fe353795f79326fe5de3e849fc6c8
SHA512 dc73a144dc007ed9b207e9ca02e3a8663e705f71e3873d5d883e7e3fecba3d6268b4fa59a1f88db023d4b98aaef6fc5677e7269fff0c2c0e4eab8f98e57b062a

C:\Users\Admin\AppData\Local\Temp\_MEI36722\_bz2.pyd

MD5 bbe89cf70b64f38c67b7bf23c0ea8a48
SHA1 44577016e9c7b463a79b966b67c3ecc868957470
SHA256 775fbc6e9a4c7e9710205157350f3d6141b5a9e8f44cb07b3eac38f2789c8723
SHA512 3ee72ba60541116bbca1a62db64074276d40ad8ed7d0ca199a9c51d65c3f0762a8ef6d0e1e9ebf04bf4efe1347f120e4bc3d502dd288339b4df646a59aad0ec1

C:\Users\Admin\AppData\Local\Temp\_MEI36722\_lzma.pyd

MD5 0a94c9f3d7728cf96326db3ab3646d40
SHA1 8081df1dca4a8520604e134672c4be79eb202d14
SHA256 0a70e8546fa6038029f2a3764e721ceebea415818e5f0df6b90d6a40788c3b31
SHA512 6f047f3bdaead121018623f52a35f7e8b38c58d3a9cb672e8056a5274d02395188975de08cabae948e2cc2c1ca01c74ca7bc1b82e2c23d652e952f3745491087

C:\Users\Admin\AppData\Local\Temp\_MEI36722\charset_normalizer\md.cp310-win_amd64.pyd

MD5 0e2a2addd0d5b21193dbaae162604181
SHA1 526b25822b2571307fe8d4208c83227c0c64cb10
SHA256 ab0a8fd8f085766a2a7001380e6ee219d5ae68d0194498eeb8d3866f922fbcae
SHA512 6e0f0fa11fff0853e4063f5e1a526936cd682303f94b13da0bd4fb6b2da5efdbb3acb378951508ee3a2dea7f7e2c1d6f968e00ae63d1b6063cc2ad932a3856e9

C:\Users\Admin\AppData\Local\Temp\_MEI36722\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

MD5 c6c87fc7bd7555026bb1738857066cff
SHA1 3c89dcbc228a7b689860545495f7a081721c5a12
SHA256 1a6961fd249dbb3a9ccc903fe5ec4631616594edefb19db423fb488b3dba619a
SHA512 63d5b76830d17f90c7d846c8481fac33d86cf1e606d4e33cbe5af868b41d35e7c8c95b93906258d1954809d13a46036fabad093a8693bd29121c020f743faeaa

C:\Users\Admin\AppData\Local\Temp\_MEI36722\unicodedata.pyd

MD5 4c8af8a30813e9380f5f54309325d6b8
SHA1 169a80d8923fb28f89bc26ebf89ffe37f8545c88
SHA256 4b6e3ba734c15ec789b5d7469a5097bd082bdfd8e55e636ded0d097cf6511e05
SHA512 ea127779901b10953a2bf9233e20a4fab2fba6f97d7baf40c1b314b7cd03549e0f4d2fb9bad0fbc23736e21eb391a418d79a51d64402245c1cd8899e4d765c5a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\4e57bb45-0985-469b-9f9c-87a5f7e09e70

MD5 8842cee7d385621f06a092406c172849
SHA1 a4f426a2628207d81e0241d01ee861ac2a29cd94
SHA256 62199780ff78024bfe1980c55dcb2a6e7bdab395c26ddcb838b851c1acd7ea96
SHA512 3efd819e48084f33a5e78f123dcd38699f47962d2c08600568184dfc2518c3706a49a3b8f2f02c819378d91e9a5d85b45f215e7dab67ed1269e506d0b54a5f43

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\010f5302-fbdc-4e86-a62e-6e308c089374

MD5 a312122894ae38d4deaaed4d292dd093
SHA1 7f20dde66c5e3e917dc0a9592de35d80c373b8f7
SHA256 0c921d11920ebaebbf4ec5ee1d6081200b54c7c171acec99be6d8d3182a131a5
SHA512 24ad3e1c920626e42c7cc195e5a94ae640bb580227e8222ecec4543b651d3b0410022ccab39c90f5dab8694a34f6f61705d1536218db62c58b7a9dbba3b50659

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 0a2ec60d5ed30a1e0dbf47a7a4b7b44f
SHA1 fb5a5ddf6cfe45468b28b037c759a87e4fe35b53
SHA256 811b27d042cfabde8259342fe2a42d4f32f0175f3f1bc552e0062eab53cbf1ab
SHA512 870f01cc6b5e20a245f0e8a8737bd35dd76eaa3f2c952b04ce184ed97a3e401c946ed58150c0826cc15c54cf5228a1e85226151d6cc92c3cb934ac8e279829fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 20335e37db32081a8ba71df59adc063b
SHA1 7e1c60060f4df83a9243ac45f8505df6f3ee8040
SHA256 803c47cd9fcae15dbd3509531fcf32f7188c94692ec68e224d76b67c00982a1b
SHA512 ead9b4371b6ee4414a645d3f7657dede7884d44e5d2911c1d8dac191177a7814880eb2452487d82e620ca82a4e5b5ebd804746f69ad6295d984f036e6cf0bba6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5a2b7928a53b9a763849b8336dad90ab
SHA1 d10b0a5ac56b4fdd13d489cb313026b4658e7e25
SHA256 d2ffbbf6ec0261b86bed7ae96543d5c5bf0cb6eecfc2263698533a0ab0e44f0f
SHA512 fb23bb694b7d09f56830e379063f66788f3070716bb80fb03b98ac7e85e529240b16f053ce2943c389348e9e05b83771339f8b7ee8ffc038d0a6c3ab8ea0870a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 858d78b90f61a122f652b8913f2401be
SHA1 cdf05de2e814df3493727a75153b7858e75d702a
SHA256 ec550ee126bcd64ff1c9d2f189743b0ce4255d2b8407ad18d0b35be2af38a9d4
SHA512 620ba1a72a9c64ab9fc391403de9b9d28353dae58493d81832aeed88318bfb7450020b28a2f673f178572ed1ff4557fb3a545adbc4bfb2b48ef259572be390a8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E00BECD303B77CED95A357A7A1E4C8D69B473C88

MD5 f2377c5b4c485a1dd8ac8fd9dd299a23
SHA1 b6fa02d8e45a9170e854e203f59a128d7917f449
SHA256 8181a46a5e12b2de9d99b9161ca25a6def24e35678d5fa39b931d44e41d7b3d9
SHA512 162143b75951459461270b854de1da133ad989db99fbb41fb2d79e40f181ec07a44ec6b6a8024ad7efd4548d01e4cb2806d96a1a0f5bdb28ac5fe7ce93984a16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5c3b8877a54f21bf818364a18caa9f2d
SHA1 8f43f1ea538926d74ec434c8b5922e2ec6318b5d
SHA256 eaf4311a250ee38f1c43505b652b3e5ce5844bf920e840da2d7e157e9b175515
SHA512 88ad7b6f7763f3ae4155a2deb2fde6dbd897f7536fd32a34e739d188d74b1bc02995d1f988af6f39c0b9aad75e334cc48d6cd2bad6893ce8d51b871cead7c8d5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 d701847e410b63e7fc87b8c392b71e15
SHA1 17a493f91ebe75be1d12f76bdaae6b789342f3da
SHA256 5586fc7f3f2c48795d0c5559be0bba572d13f37d9caa26801accbeac4b701f9f
SHA512 a59fa9f0d1553ae1428a95616c16b56e1125476c31b6c222e7f9a253d93de45d74ad3f3976684b36fb10ff8fb8c11c8d6fd9c091253e5911e03c2956759f7b9a

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 2d3cc3debf54fcb85655af0083cf7aaf
SHA1 1a84b5c2ff39d8c803399b96fdfb56573bfdd657
SHA256 921cdb9053864dc4ef7eeb72f130756da63371d329768729a6e6be475234849c
SHA512 a38e3f54ba4b5b92c93cda1191978ceb581e2bfb2b977f488ba66dbf39c4718cabf38958f7fd877628c2946527073d4da4cfc6a32d799a19c152428b990bc96f

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2